traffic. Other subnets will not have any of the management ports listening on them, making them
available only for client access, replication, and NDMP traffic. This prevents users on client (data) access
subnets from accessing any FluidFS cluster management functions.
In FluidFS, the ports listed in the following table do not participate in CIFS/NFS communication, but are
exposed on the client network by default. Enabling secured management allows you to expose the
management ports on a management subnet only.
Service Ports
Web Services 80
Secure Web Services 443
FTP 44421
FTP (Passive) 44430–44439
SSH 22
FluidFS Manager communication 35451
Secured management can be enabled only after the system is deployed. To make a subnet secure:
• It must exist prior to enabling the secured management feature
• It can reside on the client network (subnet‐level isolation of management traffic) or the LOM (Lights
Out Management) Ethernet port (physical isolation of management traffic). The LOM Ethernet port is
on the lower right side of the back panel of a NAS controller.
• Log in from this subnet.
Secured management configuration, together with other networking features, is accessed through the
Security Access pane in the System\Internal view.
Adding a Secured Management Subnet
The subnet on which you enable secured management must exist prior to enabling the secured
management feature.
To add a secured management subnet:
1. Click the System tab on the left.
2. Click the Internal tab on top.
3. In the Security Access pane, click .
4. Click New Subnet for FluidFS Management.
The New Subnet for FluidFS Management dialog box is displayed.
5. Click to the right of the VIP1 field.
6. In the IP Address field, type a management IP address and click OK.
7. For each NAS controller:
a) Click to the right of the NAS controller field.
b) In the IP Address field, type an IP address for the NAS controller and click OK.
8. To automatically fill the IP addresses for the NAS Controllers and VIP, click Auto Fill.
37