AnsweredAssumed Answered

v11 Hosts that need to access LIVE

Question asked by Marinos Roussos on Apr 9, 2019
Latest reply on Apr 11, 2019 by Maxim Siyazov

Like • Show 1 Like1
Comment • 8

Deployment Guide: Network Architecture and Ports

After looking at the ports on the table I noticed that the only appliance needing to access LIVE is ESA.

Further looking at the diagram, it does NOT show that ESA can directly access LIVE.

Which of the two is correct and why does the NW server not need to access LIVE? This doesn't make any sense

Then for NTP ports, none of the core appliances need an open connection to NW server but only to itself.

Archiver

UDP 123

NTP

Broker

UDP 123

NTP

Concentrator

UDP 123

NTP

So Broker to Broker, Concentrator to Concentrator etc. No Concentrator to NW server. So how would this work exactly?

No one else has this question

Outcomes

8 Replies

Dave Glover Apr 9, 2019 8:54 AM
Mark Correct
Correct Answer
The NW head unit (node 0) does need to access Live
Like • Show 0 Likes0
Actions
- Marinos Roussos @ Dave Glover on Apr 9, 2019 9:04 AM
  Mark Correct
  Correct Answer
  Thanks Dave, that makes perfect sense.
  What about the NTP that only need to connect to own host and never to NW server?
  How would I trust that everything else is correct when even customers can tell that something is wrong?
  
  For every client-server connection you need a client and a server:) So which is the NTP server? every appliance??!
  
  Can someone correct this randomized document that has been out for more than a year?
  
  RSA have a history were they were struggling to populate the equivalent architecture document for 10.4. I would have thought that RSA would be a bit more mature 3-4 years later when they talk about Gartner and the likes.
  
  We can't just raise change requests based on random information that haven't been proofread (no surprise here sorry). Please correct this joke document, it's damaging your brand.
  Like • Show 1 Like1
  Actions
Maxim Siyazov Apr 11, 2019 7:12 AM
Mark Correct
Correct Answer
I had a support case regarding this issue last year which was closed with a promise to correct the port requirements in the documentation and in the application configuration. As a result, only now, after over a half a year, I can see the requested amendments in the newly released documentation of 11.3.
NTP port requirement seems to be fixed along with a nonsensical requirement for UDP 50514 on every host, which has been in the documentation and iptables since the SA Audit was introduced many years ago. I hope in v11.3 this rule will be removed from iptables.
It is a shame RSA does not update the documentation of already released versions.
Like • Show 1 Like1
Actions
Maxim Siyazov Apr 11, 2019 7:30 AM
Mark Correct
Correct Answer
Regarding your original question, there was another case early last year where I have suggested that the requirements for the Internet access for each host with a definite list of URLs should be added to deployment documentation. Unfortunately, I still cannot see this information published.
Like • Show 1 Like1
Actions
- Marinos Roussos @ Maxim Siyazov on Apr 11, 2019 8:36 AM
  Mark Correct
  Correct Answer
  They might suggest to raise an RFE:)
  Like • Show 0 Likes0
  Actions
  - Maxim Siyazov @ Marinos Roussos on Apr 11, 2019 9:05 AM
    Mark Correct
    Correct Answer
    True but actually it’s my bad this time. I just missed it. Live resources were added to the ports sheets.
    Like • Show 0 Likes0
    Actions
    - Marinos Roussos @ Maxim Siyazov on Apr 11, 2019 9:13 AM
      Mark Correct
      Correct Answer
      Yeah, they were added to the wrong server(ESA) and then they have this green box on top saying that all core should be able to communicate with NW host on 123 and in the table they only list that core communicate with themselves only.
      
      I don't blame them, they are still learning. It's difficult to put 1+1 sometimes.
      Like • Show 1 Like1
      Actions
      - Maxim Siyazov @ Marinos Roussos on Apr 11, 2019 9:33 AM
        Mark Correct
        Correct Answer
        I cannot find online documentation of 11.3 but in the PDF doc ports sheets look better. The diagram is still not perfect.
        Deployment Guide for RSA NetWitness® Platform 11.3
        Like • Show 0 Likes0
        Actions

v11 Hosts that need to access LIVE

Outcomes

Related Content

Recommended Content