How To configure Opsource ACL rules for accessing Zadara Cloud Block Storage

Note: Zadara VPSA is currently available in the Opsource US-East region only

 

Zadara Cloud Block Storage environment is configured to accept connections from all OpSource Cloud customers in US East. 

In some Opsource networks, outgoing firewall ACL rules of customer’s network are missing and hence don’t allow these connections.

Check if Outbound ACL rule #500 exist in your nework. If it doesn't, follow the below procedure to open the connection between your Opsource Cloud servers and your Zadara VPSAs:


Using the OpSource Cloud Management Console:

  1. Select a Cloud Network where you have your Servers that should receive access to your Zadara VPSA
  2. Click on Manage Network icon (the blue cogwheel icon in the top-right corner) to open the Manage Network dialog box.
  3. In the ACL Rules section go to Outbound ACL rules
  4. Click “Add ACL Rule” on the top-right corner and add the following TCP rule to permit access to the VPSA iSCSI port: (if they do not already exist there)

Name:                      VPSA-access (or any other name you choose)

Position:                  Pick next available position (usually starting at 100)

Direction:                Outbound

Protocol/Type        TCP, Permit

Source IP:                Select ‘Any’ to apply the ACL rule to all Cloud Servers in this network, or ‘Specific’ if you wish that just a specific server will have access to the VPSA

Destination IP:        Select ‘Any’ to apply the ACL rule to all VPSAs, or ‘Specific’ to specify a VPSA IP address (10.180.xx.xxx). You can retrieve the VPSA IP address from the VPSA Management GUI or from the Zadara Management Console (https://manage.zadarastorage.com/console/)

Port:                         equal to 3260 (for iSCSI)                 

--> Press Submit

     5. Repeat step 4 for additional two ACL rules:

  • Port: equal to equal to 80 (for HTTP)
  • Port: equal to 443 (for HTTPS).

    6. It is recommended (but not mandatory) to add a rule for ICMP protocol (in order to enable “ping” from cloud VM to VPSA). Follow the same steps as above, just select 'icmp' as the Protocol\Type.


 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.