Networking

Content Platform for Cloud Scale Administration Guide

Version
2.6.x
File Size
1945 KB
Audience
anonymous
Part Number
MK-HCPCS008-10

This topic describes the network usage by, and requirements for, both system instances and services.

Note:
  • You can configure the network settings for each service when you install the system. You cannot change these settings after the system is up and running.
  • If the networking environment changes such that the system can no longer function with its current networking configuration, you must reinstall the system.

Cluster host name

The HCP for cloud scale cluster host name is configured during installation. The cluster host name is required because it's needed for access to both the HCP for cloud scale user interface and the S3 API.

Instance IP address requirements

All instance IP addresses must be static, including both internal and external network IP addresses if applicable to the system. If you replace an instance, you can reuse its IP address. By doing so you don't have to change DNS entries and you conserve the address.

Network types

Each of the HCP for cloud scale services can bind to one type of network, either internal or external, for receiving incoming traffic. If the network infrastructure supports having two networks, you might want to isolate the traffic for most system services to a secured internal network that has limited access. You can then leave the following services on the external network for user access:

  • Admin-App
  • Grafana
  • Message Queue
  • Metadata-Cache
  • Metadata-Coordination
  • Metadata-Gateway
  • Policy-Engine
  • Metrics
  • S3-Gateway
  • Tracing-Agent
  • Tracing-Collector
  • Tracing-Query
  • MAPI-Gateway

You can use either a single network type for all services or a mix of both types. To use both types, every instance in the system must be addressable by two IP addresses, one on the internal network and one on the external network. If you use only one network type, each instance needs only one IP address.

Allowing access to external resources

Regardless of whether you're using a single network type or a mix of types, you must configure the network environment to ensure that all instances have outgoing access to the external resources you want to use, such as:

  • The storage components where the object data is stored
  • Identity providers for user authentication
  • Email servers that you want to use for sending email notifications

Ports

Each service binds to a number of ports for receiving incoming traffic. Port mapping is visible from the Network tab for each service.

Before installing HCP for cloud scale, you can configure services to use different ports, or use the default values shown in the following tables.

The following services must be deployed with their default port values:

  • Message Queue
  • Metadata Cache
  • Tracing Agent
  • Tracing Collector
  • Tracing Query

External ports

The following table contains information about the service ports that users use to interact with the system.

On every instance in the system, each of these ports:

  • Must be accessible from any network that needs administrative or data access to the system
  • Must be accessible from every other instance in the system
Default Port Value Used by Service Purpose
80 (S3 HTTP port, if enabled) S3 Gateway Object persistence and access
443 (S3 HTTPS port) S3 Gateway

S3 Console application

Object persistence and access

Proxied by Network Proxy

3000 Grafana Dashboards
8000 Admin App System Management application GUI
8443 (S3 HTTPS port) S3 Gateway Object persistence and access

Not proxied by Network Proxy, used by external load balancer

9099

MAPI Gateway

Object Storage Management application GUI