Please read About Syncplicity StorageVaults before reading this article.
NOTE: If installing the Storage Connector in an AWS environment, see Prerequisites for AWS Deployment.
To configure on-premise StorageVault(s), you need to install at least 2 Syncplicity On-Premise Storage Connector(s). The On-premise Storage Connector is a server software that runs as a virtual machine and connects the Syncplicity orchestration layer in the cloud to your storage endpoint using NFSv3. For example, you can configure an on-premise Storage Connector to store data on EMC Isilon scale-out NAS, EMC VNX/VNXe file based or unified storage arrays, or any other NAS system that supports NFSv3. Additionally, Object Storage interfaces can be used for storage endpoints such as EMC Enterprise Cloud Storage (ECS), EMC Atmos or Amazon S3.
You need at least two on-premise Storage Connectors but you can deploy more for Scalability and High Availability purposes. An SSL offloading load-balancer must also be deployed in front of these Storage Connector virtual servers.
Before installing on-premise Storage Connector, make you meet the following prerequisites outlined on this page:
- Hardware Requirements
- Network Configuration
- Storage Vendor specific steps (Optional)
Hardware requirements
The Storage Connector must meet the following requirements:
- A minimum of two (2) virtual machines hosted on VMware vSphere Hypervisor (i.e., ESXi) 5.0, 5.1, 5.5, 6.0 or 6.5
- Each virtual machine must be configured with 8GB of RAM, 8 virtual cores (Intel Xeon E5 Family processors, 2.20 GHz), and a minimum of a 50GB HDD
Refer to the Network configuration section below for the network requirements, which includes an externally-addressable SSL-offloading load balancer in front of all virtual machines, an EMC Atmos (v2.1+) storage system or a storage backend that supports a standard NFS v3 interface, and various inbound and outbound open ports.
Network configuration
To configure on-premise storage, you need to install the Syncplicity On-Premise Storage Connector.
The Storage Connector is supplied as an OVA file and installed on a virtual machine. The Storage Connector requires the following:
- Each Storage Connector requires its own virtual machine hosted on VMware vSphere Hypervisor (i.e., ESXi).
- You need at least two Storage Connectors but you can deploy more for scalability and high availability purposes.
- You must deploy an externally-addressable SSL-offloading load balancer in front of all virtual machines, configured with a Certificate Authority (CA) signed (NOT self-signed) SSL certificate.
- Make sure that TLS1.2 is used and that SSLv3 is disabled. (SSLv3 is disabled by default from the JDK.)
- Make sure that each Syncplicity client or app that is to connect to the Storage Connector meets the minimum version as follows.
Syncplicity Client or app |
Minimum version |
Windows desktop |
4.5.1 |
Mac desktop |
4.5.1 |
iOS |
4.3.0 |
Android |
4.1.0 |
As shown in the diagram, a typical example is that the storage layer is in the private area of the corporate network, the Storage Connectors virtual machines are in the semi-private area, and the SSL-offloading load balancer is in the DMZ.
The Storage Connector requires specific inbound and outbound ports to be open, as specified in the following tables.
Inbound port requirements
In order for the Syncplicity clients to connect to the Storage Connector application from the Internet, the following inbound ports must be open.
Connection |
Port # |
Protocol |
From the Internet to the SSL-offloading load balancer in the DMZ. |
443 |
HTTPS |
From the SSL-offloading load balancer to the Storage Connector virtual machines |
9000 |
HTTP |
Atmos Storage Requirements
If you want to enable the Storage Connector application to connect to an Atmos storage backend, then the following inbound ports must be open.
Connection |
Port # |
Protocol |
From the Storage Connector to the Atmos Load Balancer |
443 if SSL is used with Atmos |
HTTP or HTTPS |
From the Storage Connector in the DMZ to the Network Time Protocol (NTP) server |
123 |
UDP |
EMC ECS Storage or any generic S3 object based storage requirements
If you want to enable the Storage Connector application to connect to an ECS storage backend, or any other S3 object based storage then the following inbound ports must be open.
Connection |
Port # |
Protocol |
From the Storage Connector to the S3 object based storage Load Balancer |
9021 if SSL is used to S3 |
HTTP or HTTPS |
From the Storage Connector in the DMZ to the Network Time Protocol (NTP) server |
123 |
UDP |
NFS v3 -Based Storage
To enable the Storage Connector application to connect to an NFS storage backend, the following inbound ports must be open. This includes Isilon storage.
Connection |
Port # |
Protocol |
Type of Traffic |
From the Storage Connector virtual machines to the NFS Storage System |
53 |
TCP |
DNS for SmartConnect (Isilon) |
111 |
TCP |
SUN Remote Procedure Call |
|
111 |
UDP |
SUN Remote Procedure Call |
|
300 |
TCP |
NFS mount daemon |
|
300 |
UDP |
NFS mount daemon |
|
302 |
TCP |
NFS stat daemon |
|
302 |
UDP |
NFS stat daemon |
|
304 |
TCP |
NFS lock daemon |
|
304 |
UDP |
NFS lock daemon |
|
2049 |
TCP |
NFS server daemon |
|
2049 |
UDP |
NFS server daemon |
Outbound Port Requirements
In general, traffic outbound to external hosts on port 443 should be allowed. If for some reason this is not so, at least the following should be allowed.
Connection |
Port # |
Protocol |
From the Storage Connector virtual machines to xml.syncplicity.com, xml.eu.syncplicity.com and health.syncplicity.com |
443 |
HTTPS |
From the Syncplicity Storage Connector virtual machines to centos.org Note: Only required during the upgrade procedure to allow for RPM dependency checking. |
80 |
HTTP |
Configuring Isilon Storage (Optional)
If using Isilon storage as the backend, you need to perform the following configuration procedure:
- Create a directory on EMC Isilon cluster where you want to store the Syncplicity data. This should be done via an ssh session to the Isilon Cluster.
Example: /ifs/syncp-data
- Configure the permissions on the directory via an ssh session to the Isilon Cluster.
chown 498:499 /ifs/syncp-data
chmod 770 /ifs/syncp-data
The commands lock down security access, specifically for the “syncp” and “syncp-storage” users.
- Create NFS Export via the WebUI.
The following screen shows the basic export settings that lock the export down to the Storage Connectors. Add the IP addresses of the Storage Connectors in the appropriate fields. The 10.111.158.3 and 10.111.158.4 are example IP addresses of the Storage Connectors. Your IP addresses will be different.
All other export settings should be left as the defaults and not change.
- If the Storage Connector is in the DMZ (Internet side of the firewall) and Isilon storage is inside of the firewall, you need to verify that specific ports are opened on the firewall to allow access via NFS from the Storage Connectors to the EMC/Isilon Storage. This does not apply if the Isilon Storage is not behind a firewall.
- Refer to Installing the Storage Connector, task 5a to check the NFS mount to the Isilon Storage.
This completes the basic configuration of the EMC Isilon Storage for the Syncplicity on-Premise Storage Connector.