Syncplicity Support

Search our knowledgebase to get the help you need, today

Follow

Prerequisites for DLP/AV Connector installation

The storage endpoint should already be configured with at least two Syncplicity Storage Connectors. If you have not configured your storage for this, see Hybrid Cloud Storage and Deploying Syncplicity On-Premises Storage Connector to setup your storage endpoint for Syncplicity.

The following topics describe the prerequisites for installing the on-premises DLP/AV Connector.

Hardware requirements

The DLP/AV Connector requires:

  • A minimum of two virtual machines hosted on VMware vSphere Hypervisor (ESXi) 6.0, 6.5, 6.7 or later.
  • Each virtual machine must have 8 gigabytes of random access memory, 8 virtual cores and a hard disk drive (HDD) of at least 50 GB.

See the next topic about network configuration for the network hardware requirements, which include two or more Storage Connectors and a storage backend that supports standard NFS v3 or v4, or s3 interfaces.

Network configuration

The DLP/AV Connector is supplied as an OVA file and installed on a virtual machine. The DLP/AV Connector requires the following:

  • Each DLP/AV Connector requires a dedicated virtual machine hosted on VMware vSphere Hypervisor.
  • At least two DLP/AV Connectors, but you can deploy more for scalability and high availability.
  • At least two Storage Connectors
  • Ensure TLS1.2 is used, by disabling TLS1.0 and TLS1.1, and SSLv3 is disabled. SSLv3 is disabled by default from the JDK.

As shown in the diagram, a typical example is with the storage layer in the private area of the corporate network. The Storage Connector and DLP/AV Connector virtual machines are in the semi-private area. Note that the SSL offloading load balancer in the DMZ is for Storage Connectors only.

Inbound port requirements

Atmos storage requirements

To enable the DLP/AV Connector to connect to an EMC Atmos storage backend, the following inbound ports must be open.

Connection

Port

Protocol

From the DLP/AV Connector to the Atmos load balancer

443 if SSL is used
80 if SSL is not used

HTTP or HTTPS

From the DLP/AV Connector in the DMZ to the Network Time Protocol (NTP) server

123

UDP

Elastic Cloud Storage (ECS) requirements

To enable the DLP/AV Connector to connect to an ECS storage backend, the following inbound ports must be open.

Connection

Port

Protocol

From the DLP/AV Connector to the ECS load balancer

9021 if SSL is used
9020 if SSL is not used

HTTP or HTTPS

From the DLP/AV Connector in the DMZ to the NTP server

123

UDP

NFS v3 or v4-based storage

To enable connections from the DLP/AV Connector virtual machines to the NFS storage backend, the following inbound ports must be open. This includes EMC Isilon storage.

Port

Protocol

Type of Traffic

53

TCP

DNS for SmartConnect (Isilon only)

111

TCP

SUN Remote Procedure Call

111

UDP

SUN Remote Procedure Call

300

TCP

NFS mount daemon

300

UDP

NFS mount daemon

302

TCP

NFS stat daemon

302

UDP

NFS stat daemon

304

TCP

NFS lock daemon

304

UDP

NFS lock daemon

2049

TCP

NFS server daemon

2049

UDP

NFS server daemon

Service accessibility check

To enable checking for DLP/AV Connector service accessibility from external hosts, the following should be allowed.

Connection

Port

Protocol

From external hosts to the DLP/AV Connector virtual machines

  • 9000 - for DLP/AV Connector 2.0
  • 9002 - for DLP Connector 1.2.x

HTTP

Outbound port requirements

In general, traffic outbound to external hosts on port 443 should be allowed. If for some reason this is not so, at least the following should be allowed.

Connection

Port

Protocol

From the DLP/AV Connector virtual machines to:
xml.syncplicity.com
xml.eu.syncplicity.com
api.syncplicity.com
api.eu.syncplicity.com
amq.syncplicity.com
amq.eu.syncplicity.com
health.syncplicity.com
health.eu.syncplicity.com

443

HTTPS

From the DLP/AV Connector virtual machines to the NTP servers 123 UDP

From the DLP/AV Connector virtual machines to centos.org, fedoraproject.org

Note: Only required during the upgrade procedure or installation of separate packages to allow for RPM dependency checking.

80

HTTP

Configure Isilon storage

If you are not using Isilon storage, skip this section. 

Isilon storage requires the following additional configuration steps. 

  1. Create an NFS Export via the WebUI. The following screen shows the basic export settings that lock the export to only the connected Storage and DLP/AV Connectors. Add the IP addresses of the DLP/AV Connectors in the following fields: Clients, Always Read-Write Clients and Root Clients. The values 10.111.158.3 and 10.111.158.4 are example IP addresses of the Storage Connectors. Your IP addresses are different. All other export settings should be left as the defaults and not change.

    basic_export_settings.png

  2. If the DLP/AV Connector is in the DMZ (Internet side of the firewall) and Isilon storage is inside the firewall, you must verify specific ports are opened on the firewall to allow access via NFS from the DLP/AV Connectors to the Isilon storage. This does not apply if the Isilon storage is not behind a firewall.

  3. Refer to  Task 5: Prepare for NFS mounted storage  in order to mount a dedicated Syncplicity share for the Isilon storage .

This completes the basic configuration of the EMC Isilon storage for the on-premises DLP/AV Connector.

Powered by Zendesk