Network protocol and ports (incoming ports allowed by the firewall)
The firewall provides basic protection. If protection against sophisticated attacks is required, using a dedicated firewall product is recommended.
Communication across a NAT firewall is not supported.
The following protocols and ports are used by StruxureWare Data Center Operation:
HTTP / HTTPS
80 / 443
Latency less than 200 ms, bandwidth minimum 1 Mbps. Bandwidth usage between client and server heavily depends on size of solution, number of users and the type of operations done to the solution.
Manually created user and password (default apc/apc)
Authentication server integration support
There is no option to reset client user password
Password policy is not implemented in DCO but can be enforced using Authentication servers. Password can be ASCII format and numbers
Only using HTTPS
|Communication between server and clients. HTTP can be disabled or redirected to HTTPS for improved security.|
|SNMP||UDP||161||Basic system information and status of the Operation service will be exposed. More information can be found here |
The SNMP server can be disabled using the Server Configuration interface
|SNMP community string is default "public"||For added security from v7.3.6, disable SNMPv1 and configure SNMPv3. More...|
|PostgreSQL||TCP||5432||Depending on system integration the bandwidth requirements should be specified accordingly.||As specified in external system ETL configuration|
Default MD5 authentication
Otherwise depending on database integration created
|ETL communication between database and server|
|Webmin||TCP||10000||Very limited bandwidth requirements in normal operation. Downloading/uploading backups will increase the bandwidth requirements significantly.|
Manually created user and password during installation
User password reset instructions
|Yes||Server configuration interface at https://<server ip>:10000|
|Ping||ICMP||Will reply to ping requests|
External systems related protocols (outgoing, default (can be edited))
|HTTP||TCP (SSL/TLS)||80 (443)|
Depending on system integration being used.
For StruxureWare Data Center Expert it is estimated that every alarm will be around 2000 characters in size. Sensor data has approximately the same size but is transferred more often (depending on the integration configuration). The alarm and sensor data are bidirectional communicated with the majority of data going to DCO. A catch-up job is run on a hourly basis (configurable) this job will poll number of active alarms * 2000 chars.
|As specified in external system configuration||Depending on system integration||VMware, SCOM, Cisco UCS|
|SMTP||TCP||25||Email traffic from the DCO is limited and "user generated" via e.g. work order execution, some system configuration etc.||As specified in external system configuration||Not supported||communication with e-mail server|
|DNS||TCP/UDP||53||Very limited traffic and bandwidth requirement||As specified in external system configuration||Not supported||DNS server communication|
|NFS||TCP/UDP||111||Depending on system integration||As specified in external system configuration||Not supported by protocol||NFS mounted external drive|
|NTP||UDP||123||Very limited traffic and bandwidth requirement||As specified in external system configuration||Depending on system integration||NTP server communication|
|SMB||TCP/UDP||139||Depending on system integration||As specified in external system configuration||Depending on system integration||SMB communication to NAS/SAN|
|CIFS||TCP||445||Depending on system integration||As specified in external system configuration||Depending on system integration||CIFS communication to NAS/SAN|
|NFS||TCP/UDP||2049||Depending on system integration||As specified in external system configuration||Not supported by protocol||NFS communication to NAS/SAN|
Disaster recovery node and cluster related protocols
Very limited bandwidth requirements
|Handled by DCO server||Yes||Internal cluster communication|
|HTTPS||TCP||443||Very limited bandwidth requirements||Handled by DCO server||Yes||Internal cluster communication|
Based on some data usage testing we found that the minimum requirement for running a DR node on a 200 rack solution is 10 Mbit/s. This of course varies by usage, but unless the user performs multiple changes to the entire solution in short succession, the DR node will stay in sync within a few minutes on a 10 Mbit/s connection even with larger changes (e.g. adding 50 racks). For most common tasks, the DR will be sync'd within seconds. DCO also has a large buffer (8 GB), so the DR node will be able to catch up even if there are many changes at once, it will simply be a few saves behind the main node (however, still in a consistent state). Nodes (except disaster recovery) must be on same site in order to ensure network latency, failure rate, etc. is low enough for cluster data traffic to get synchronized as needed and thereby avoiding a "split brain" situation which is not supported.
Handled by DCO server
|Internal cluster communication|