Summary
As of 21.07 there was a feature added in the Security section of the CCVM for managing IP access to the cloud CCVM/Ecommerce portal. This turns on and manages access control for the Command Center and Provisioning Portal applications, granting access only to specified IP addresses.
Process
The process of enabling this feature can be done from the CCVM, from the settings cog in the top right hand corner and selecting Settings> Security> Cloud Control IP Whitelist.
By default this feature is disabled,An alert advises that access to all interfaces will be blocked for all IPs not specifically listed in the Whitelist.
Saving the IP Whitelisting feature as active is only possible when there is at least one configured whitelisted IP address.
Once enabled you can then add the required fields:
IP/CIDR: The IP address or CIDR to be whitelisted and permitted access.
Application Access: Select from the dropdown, whether access should be granted to the Provisioning Portal, the Command Center, or both:
Comment: Enter free text details, a note or comment about this entry.
Repeat this procedure for all IP addresses or CIDRs that should be whitelisted, You can also update entries in the whitelist table with the IP/CIDRs 'Edit action' and you can also remove access by clicking the IP/CIDR’s Discard Action, and then Save.
Exceptions & restrictions
-
The IP Whitelist is limited to a maximum of 256 rows of IP addresses and CIDRs (the allowed entries limit was increased in version 23.09-SP1)
-
By default, specific fixed Zadara operations IP addresses are whitelisted in all zStorage clouds. These IP addresses are managed internally and are not visible in the Command Center UI or via the API.
-
Although IPv6 addresses can be used, they are not officially supported. In cases where an IPv6 address is used, logs display an IPv4 conversion of the address.
-
The IP Whitelisting feature relies on source IP visibility. For administrators accessing the Cloud management applications over public networks, whitelisting a private IP address space will not achieve the required behavior. Simarly, IP Whitelisting is not supported for source IP addresses that are masked. If a source IP is hidden, IP Whitelisting might not work as expected.