(Optional) Set up networking for System services

Content Intelligence Deploying the Example OVF
Version
2.2.x
Audience
anonymous
Part Number
MK-HCI003-15
ft:lastEdition
2023-10-23
Important: To reconfigure networking for the System services, you must complete this step before you Run the setup script on each server or virtual machine.

You cannot change networking for System services after running the run script or after starting Hitachi Content Intelligence.service using systemd.

You can change the ports used by each service in your product. You configure networking for System services in this step, before running the product startup scripts. You configure networking for Hitachi Content Intelligence services later during Access the deployment wizard.
  1. On each virtual machine that is to be an Hitachi Content Intelligence instance, open the /opt/hci/config/network.config file in a text editor.
    The file contains two types of lines for each service:
    • Network type assignments:

      com.hds.ensemble.plugins.service.<service-name>_interface=[internal|external]

    • Port number assignments:

      com.hds.ensemble.plugins.service.<service-name>.port.<portname>=<port-number>

  2. Optionally, specify new port values for the services you want to configure.
    Note:
    • Ensure that the network.config file is identical on all Hitachi Content Intelligence instances.
    • If you reconfigure service ports, make sure that each port value you assign is unique across all services, both System services and Hitachi Content Intelligence services.
  3. Run configFirewall.
    Warning:

    The HCI product uses both internal and external ports to operate its services and the system-internal ports do not have authentication or Transport Layer Security (TLS). At a minimum, use your firewall to make these ports accesible only to other instances in the system. If any users have root access to your system, your network and its systems are vulnerable to unauthorized use.

    To secure your data and HCI system, you need to manually use iptables or firewalld to restrict ports to only local commnuications that the HCI installer otherwise leaves open. See System-internal ports and Example HCI firewall setup.

    Additionally, you can use Internet Protocol Security (IPSec) or an equivalent to secure internode communications. Consult with your system administrator to configure your network with this added security.