To configure on-premise storage, you need to install the Syncplicity On-Premises Storage Connector.
The storage sonnector is supplied as an OVA file and installed on a virtual machine. The storage sonnector requires the following:
- Each storage connector requires its own virtual machine hosted on VMware vSphere Hypervisor (i.e., ESXi).
- You need at least two storage connectors but you can deploy more for scalability and high availability purposes.
- You must deploy an externally-addressable SSL-offloading load balancer in front of all virtual machines, configured with a certificate authority (CA) signed (not self-signed) SSL certificate.
- Make sure that TLS1.2 is used and that SSLv3 is disabled. (SSLv3 is disabled by default from the JDK.)
- Make sure that each Syncplicity client or app that is to connect to the storage connector meets the minimum version as follows.
|
Syncplicity client or app |
Minimum version |
|
Windows desktop |
4.5.1 |
|
Mac desktop |
4.5.1 |
|
iOS |
4.3.0 |
|
Android |
4.1.0 |
As shown in the diagram, a typical example is that the storage layer is in the private area of the corporate network, the storage connectors virtual machines are in the semi-private area, and the SSL-offloading load balancer is in the DMZ.
The storage connector requires specific inbound and outbound ports to be open, as specified in the following tables.
Inbound port requirements
In order for the Syncplicity clients to connect to the storage connector application from the Internet, the following inbound ports must be open.
|
Connection |
Port |
Protocol |
|
From the Internet to the SSL-offloading load balancer in the DMZ. |
443 |
HTTPS |
|
From the SSL-offloading load balancer to the storage connector virtual machines |
9000 |
HTTP |
Atmos Storage Requirements
If you want to enable the storage connector application to connect to an Atmos storage backend, then the following inbound ports must be open.
|
Connection |
Port |
Protocol |
|
From the storage connector to the Atmos Load Balancer |
443 if SSL is used with Atmos |
HTTP or HTTPS |
|
From the storage connector in the DMZ to the Network Time Protocol (NTP) server |
123 |
UDP |
EMC ECS Storage Requirements
If you want to enable the storage connector application to connect to an ECS storage backend, the following inbound ports must be open.
|
Connection |
Port |
Protocol |
|
From the storage connector to the ECS load balancer |
9021 if SSL is used to ECS |
HTTP or HTTPS |
|
From the storage connector in the DMZ to the Network Time Protocol (NTP) server |
123 |
UDP |
NFS v3 or v4 -Based Storage
To enable the storage connector application to connect to an NFS storage backend, the following inbound ports must be open. This includes Isilon storage.
|
Connection |
Port |
Protocol |
Type of traffic |
|
From the storage connector virtual machines to the NFS Storage System |
53 |
TCP |
DNS for SmartConnect (Isilon) |
|
111 |
TCP |
SUN Remote Procedure Call |
|
|
111 |
UDP |
SUN Remote Procedure Call |
|
|
300 |
TCP |
NFS mount daemon |
|
|
300 |
UDP |
NFS mount daemon |
|
|
302 |
TCP |
NFS stat daemon |
|
|
302 |
UDP |
NFS stat daemon |
|
|
304 |
TCP |
NFS lock daemon |
|
|
304 |
UDP |
NFS lock daemon |
|
|
2049 |
TCP |
NFS server daemon |
|
|
2049 |
UDP |
NFS server daemon |
Outbound Port Requirements
In general, traffic outbound to external hosts on port 443 should be allowed. If for some reason this is not so, at least the following should be allowed.
|
Connection |
Port |
Protocol |
|
From the storage connector virtual machines to xml.syncplicity.com, xml.eu.syncplicity.com and health.syncplicity.com |
443 |
HTTPS |
|
From the storage connector virtual machines to centos.org and fedoraproject.org Note: Only required during an upgrade procedure or installation of separate packages to allow for RPM dependency checking. |
80 |
HTTP |