...
- Before installing a cell environment, make sure to complete the sizing process with IBM Support Team to get recommendations for the hardware and architecture suitable for your requirements.
- DPOD cell manager and federated cell members must be of the same version (minimum version is 1.0.8.6).
- DPOD cell manager is usually virtual and can be installed in both Appliance Mode or Non-Appliance Mode with Medium Load architecture type, as detailed in the Hardware and Software Requirements.
- DPOD federated cell members (FCMs) can be one of the following:
- Physical servers installed in Non-appliance Mode (based on RHEL) with High_20dv architecture type, as detailed in the Hardware and Software Requirements.
Physical servers are used when the cell is required to process high transactions per second (TPS) load. - Virtual servers installed in Non-appliance Mode with Medium architecture type or higher, as detailed in the Hardware and Software Requirements.
Virtual servers are used when the cell is required to process moderate transactions per second (TPS) load, or when the cell is part of a non-production environment where the production cell uses physical servers (to keep environments architecture similar).
- Physical servers installed in Non-appliance Mode (based on RHEL) with High_20dv architecture type, as detailed in the Hardware and Software Requirements.
- All DPOD cell members must be identical - only physical or only virtual (cannot mix physical and virtual cell members in the same cell), and with the same resources (CPUs, RAM, disk type and storage capacity).
- Physical federated cell members with 4 CPU sockets and NVMe disks require special disks and mount points configuration to ensure performance. See Configuring Cell Members with 4 CPU Sockets and NVMe Disks.
- Each cell component (manager / FCM) should have two network interfaces:
- External network interface - for DPOD users to access the Web Console (on the cell manager) and for communication between DPOD and Monitored Gateways (on both the cell manager and the members).
- Internal network interface - for internal DPOD components inter-communication (should be a 10Gb Ethernet interface).
- This design allows separation between the two types of communications which may be used to enhance the security (e.g.: deny end-users from being able to access the inter-cell communication).
- We recommend having 2 different VLANs with different subnet masks subnets as this makes it easier to configure the servers without using static routing and to configure the network firewall rules.
- Network ports should be opened in the network firewall as detailed below:
| Anchor | ||||
|---|---|---|---|---|
|
From | To | Ports (Defaults) | Protocol | Usage |
|---|---|---|---|---|
DPOD Cell Manager (external IP address) | Each Monitored Device | 5550 (TCP) | HTTP/S | Monitored device administration management interface. |
DPOD Cell |
Manager (external IP address) | DNS Server | TCP and UDP 53 | DNS | DNS services. Static IP address may be used. |
DPOD Cell |
Manager (external IP address) | NTP Server | 123 (UDP) | NTP | Time synchronization |
DPOD Cell |
Manager (external IP address) | Organizational mail server | 25 (TCP) | SMTP | Send reports by email |
DPOD Cell |
Manager (external IP address) | LDAP | TCP 389 / 636 (SSL). TCP 3268 / 3269 (SSL) | LDAP | Authentication & authorization. Can be over SSL. |
| DPOD Cell |
| Manager (internal IP address) | Each DPOD Federated Cell Member | 443 (TCP) | HTTP/S | Communication (data + management) |
| DPOD Cell |
| Manager (internal IP address) | Each DPOD Federated Cell Member | 22 (TCP) | TCP | SSH root access is needed for the cell installation and for admin operations from time to time. |
| DPOD Cell |
| Manager (internal IP address) | Each DPOD Federated Cell Member | 9300-9305 (TCP) | ElasticSearch | ElasticSearch Communication (data + management) |
| DPOD Cell |
| Manager (External IP address) | Each DPOD Federated Cell Member | 60000-60003 (TCP) | TCP | Syslog keep-alive data |
| DPOD Cell Manager (External IP address) | Each DPOD Federated Cell Member | 60020-60023 (TCP) | TCP | HTTP/S WS-M keep-alive data |
NTP Server | DPOD Cell Manager (External IP address) | 123 (UDP) | NTP | Time synchronization |
Users IPs | DPOD Cell Manager (External IP address) | 443 (TCP) | HTTP/S | DPOD's Web Console |
Admins IPs | DPOD Cell Manager (External IP address) | 22 (TCP) | TCP | SSH |
| Each DPOD Federated Cell Member (internal IP address) | DPOD Cell Manager | 443 (TCP) | HTTP/S | Communication (data + management) |
| Each DPOD Federated Cell Member (internal IP address) | DPOD Cell Manager | 9200, 9300-9400 | ElasticSearch | ElasticSearch Communication (data + management) |
Each DPOD Federated Cell Member (External IP address) | DNS Server | TCP and UDP 53 | DNS | DNS services |
Each DPOD Federated Cell Member (External IP address) | NTP Server | 123 (UDP) | NTP | Time synchronization |
Each Monitored Device | Each DPOD Federated Cell Member (External IP address) | 60000-60003 (TCP) | TCP | SYSLOG Data |
Each Monitored Device | Each DPOD Federated Cell Member (External IP address) | 60020-60023 (TCP) | HTTP/S | WS-M Payloads |
NTP Server | Each DPOD Federated Cell Member (External IP address) | 123 (UDP) | NTP | Time synchronization |
Admins IPs | Each DPOD Federated Cell Member (External IP address) | 22 (TCP) | TCP | SSH |
Cell Manager Installation
...