Network protocol and ports (incoming ports allowed by the firewall)

The firewall provides basic protection. If protection against sophisticated attacks is required, using a dedicated firewall product is recommended.

Communication across a NAT firewall is not supported.

The following protocols and ports are used by StruxureWare Data Center Operation:

Protocol

Transfer protocol

Port(s)

NetworkCredentials/AccessEncryptionComments

HTTP / HTTPS

TCP

80 / 443

Latency less than 200 ms, bandwidth minimum 1 Mbps. Bandwidth usage between client and server heavily depends on size of solution, number of users and the type of operations done to the solution.

Manually created user and password (default apc/apc)

Authentication server integration support

There is no option to reset client user password

Password policy is not implemented in DCO but can be enforced using Authentication servers. Password can be ASCII format and numbers

Only using HTTPS

TLSv1.2

Communication between server and clients. HTTP can be disabled or redirected to HTTPS for improved security.
SNMPUDP161Basic system information and status of the Operation service will be exposed. More information can be found here
The SNMP server can be disabled using the Server Configuration interface
SNMP community string is default "public"For added security from v7.3.6, disable SNMPv1 and configure SNMPv3. More... 
PostgreSQLTCP5432Depending on system integration the bandwidth requirements should be specified accordingly.As specified in external system ETL configuration

Default MD5 authentication

Otherwise depending on database integration created

ETL communication between database and server
WebminTCP10000Very limited bandwidth requirements in normal operation. Downloading/uploading backups will increase the bandwidth requirements significantly.

Manually created user and password during installation

User password reset instructions

YesServer configuration interface at https://<server ip>:10000
PingICMP Will reply to ping requests   

External systems related protocols (outgoing, default (can be edited))

HTTPTCP (SSL/TLS)80 (443)

Depending on system integration being used.

For StruxureWare Data Center Expert it is estimated that every alarm will be around 2000 characters in size. Sensor data has approximately the same size but is transferred more often (depending on the integration configuration). The alarm and sensor data are bidirectional communicated with the majority of data going to DCO. A catch-up job is run on a hourly basis (configurable) this job will poll number of active alarms * 2000 chars.

As specified in external system configurationDepending on system integrationVMware, SCOM, Cisco UCS
SMTPTCP25Email traffic from the DCO is limited and "user generated" via e.g. work order execution, some system configuration etc.As specified in external system configurationNot supportedcommunication with e-mail server
DNSTCP/UDP53Very limited traffic and bandwidth requirementAs specified in external system configurationNot supportedDNS server communication
NFSTCP/UDP111Depending on system integrationAs specified in external system configurationNot supported by protocolNFS mounted external drive
NTPUDP123Very limited traffic and bandwidth requirementAs specified in external system configurationDepending on system integrationNTP server communication
SMBTCP/UDP139Depending on system integrationAs specified in external system configurationDepending on system integrationSMB communication to NAS/SAN
CIFSTCP445Depending on system integrationAs specified in external system configurationDepending on system integrationCIFS communication to NAS/SAN
NFSTCP/UDP2049Depending on system integrationAs specified in external system configurationNot supported by protocolNFS communication to NAS/SAN

Disaster recovery node and cluster related protocols

SSHTCP22

Very limited bandwidth requirements

Handled by DCO serverYesInternal cluster communication
HTTPSTCP443Very limited bandwidth requirementsHandled by DCO serverYesInternal cluster communication
PostgreSQLTCP5432

Based on some data usage testing we found that the minimum requirement for running a DR node on a 200 rack solution is 10 Mbit/s. This of course varies by usage, but unless the user performs multiple changes to the entire solution in short succession, the DR node will stay in sync within a few minutes on a 10 Mbit/s connection even with larger changes (e.g. adding 50 racks). For most common tasks, the DR will be sync'd within seconds. DCO also has a large buffer (8 GB), so the DR node will be able to catch up even if there are many changes at once, it will simply be a few saves behind the main node (however, still in a consistent state). Nodes (except disaster recovery) must be on same site in order to ensure network latency, failure rate, etc. is low enough for cluster data traffic to get synchronized as needed and thereby avoiding a "split brain" situation which is not supported.

Handled by DCO server

Yes

Internal cluster communication

See also

StruxureWare Data Center Operation security

StruxureWare Data Center Operation - System Requirements      

  StruxureWare Data Center Operation Software Vulnerability Scans

 

Skip to end of metadata
Go to start of metadata
RELATED COMMUNITY QUESTIONS
WAS THIS ARTICLE HELPFUL?