Subscribe to Email Updates

    Settings Security | 4 min read

    Network Interface Service Management

    Description

    The network interface(s) and IP configuration(s) are managed automatically by in the Operating Systems. 

    Our solution deployment will use the configured interface configuration, but will also allow  different form of security hardening in term of firewall and network interfaces segregation.

    • The deployment also allows to configure services binding to dedicated network interfaces.
    • The Internal Firewall can filter and protect network flows between different network security layers.

    Network Interface - Standard Configuration 

    The solution will use by the default network interface and associated IP configuration. These settings will be used to bind each different services of Nodeum.

    Network Interface - Service mapping

    Furthermore each services can be bind to specific network interface, for doing that, the Nodeum Ansible Installation playbook needs to be reapplied once the inventory files have been modified accordingly to the mapping you need.

    In the hosts information file you can find in the extracted Nodeum installation package, you will find the following file(s) : /inventory/hosts_vars/srv1. This file contains the different configuration and settings that will be applied to host.

    There is section to define the service binding. By default, as it has been explained in the previous chapter, the default configuration is available at the beginning of the configuration file. By default the iface_name parameter is using the main network interface, but this information can be overwritten. 

    # If there is no default network interface defined or you want to override it
    # iface_name: eth0

    Afterward, in the same file, you can find different parameters to bind a list of services to a specific interface name.

    # Specific name of interface for each services. Default to iface_name (or default network interface) if undefined
    # smb_iface_name: eth0
    # nfs_iface_name: eth0
    # rails_iface_name: eth0
    # zookeeper_iface_name: eth0
    # solr_iface_name: eth0
    # catalog_indexer_iface_name: eth0

    Here is the description of each parameter :

    Parameter Service Name
    smb_iface_name SAMBA
    nfs_iface_name NFS
    rails_iface_name RAILS
    solr_iface_name SOLR
    catalog_iface_name CATALOG INDEXER

     

    Host-Based Firewall

    Nodeum integrated its own “firewall” configuration to protect themselves from a host-based layer.

    In the Console Administration

    Settings - Hardware - Network

    This section, the 3 following parameters can be configured :

    • Hostname
    • Primary DNS
    • Secondary DNS

    Important Notes :

    1. Hostname should have a maximum of 15 characters if AD authentication is set.

    2. If DNS are not well configured and if the system cannot resolve properly the DNS - IP resolution, the system will not work as expected.


    This page displays the list of Network Interfaces available, some additional information about the status of each connection are also available.

    One of the most important information is the status of each interface :

    Status of Interface
    Definition
    connected The interface is connected
    disconnected The interface is disconnected.
    unmanaged The status is unknown , the reason is that the interface is not managed by network manager

    If the status of the adapter is "unmanaged", this means that the adapter is not managed by the system.

    Related Categories

    Settings Security

    You may also like:

    Workflow Settings Best Practice

    Primary Storage

    Definition Primary storage is the type of storage and technologies used to store and retain digital information that is ...

    Settings encryption

    Enable SSL Certificate Container accessible on S3 Protocol

    By default, the Containers are accessible on S3 with HTTP protocol. You can add a SSL Certificate to allow data encrypti...

    Settings encryption

    Add a SSL Certificate on Web Console Administration

    By default, the Web Console Administration is accessible on HTTP. You can add a SSL Certificate to the Web Console Admin...

    Let Us Know What You Thought about this Post.

    Put your Comment Below.

    Learn and grow with award-winning support and a thriving community behind you.

    Get the free version