[-]
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
 [+]
  
  
  
  
  
  
 [+]
  
  
  
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
[+]
Updated on 8/4/2019
Administration Guides
Eyeglass Ports Requirements and Scalability Limits
Direct link to topic in this publication:
Home

Eyeglass Ports Requirements and Scalability Limits

Eyeglass Ports Requirements

PortDirectionFunction
Phone Home Monitoring TLS 443Eyeglass appliance --> Internet 
DR Monitoring service remote monitoring OR phone home remote log upload for support and health checks
8080Eyeglass appliance Isilon clusterREST API
SSH port 22Eyeglass appliance Isilon clusterSSH access for some CLI commands
NFSEyeglass appliance Isilon ClusterRunBook Robot to Mount the cluster for DR Automation testing (reads and writes)
Syslog for ECA clusters 5514ECA clusters   Eyeglass ApplianceSyslog (non standard port) used to send ECA cluster VM logs to Eyeglass for support logs.   (enabled in eyeglass can be disabled, if no ECA deployed)
443  browser   applianceSecures client to browser access
37356Service broker UIM Probe eyeglassService broker for UIM probe alarms and communications with eyeglass heartbeats
source port 80 destination random TCP port on the browserbrowser  applianceIf connection on ip address port 80 is made a http 301,302 redirect is returned on port 80 to switch the browser to https and url https:/x.x.x.x/eyeglass
source random , destination is port 80            browser   applianceredirected to 443 TLS access
2011 websocketappliance    browser  Websocket for real-time appliance to browser updates (redirected to 2012)
2012 TLS websocketappliance   browserWebsocket for real-time appliance to browser updates (redirected to 2012)
2013 TLS websocket appliance   browserWebsocket for Easy Auditor wiretap feature (only required if this product is installed)
SSH 22    workstation   appliance   secure shell access
Proxy login SMB 445appliance  → Isilon 
Used to authenticate to AD through Isilon using standard Microsoft SMB authentication request for Role based login proxy interface. 

Eyeglass Support and Phonehome Whitelist URL's 

 PC Browser Upload and support site usage URL whitelist for full access to (support.superna.net)

  1. https://*.zopim.com (your pc browser --> Internet, Internet --> your pc browser)
  2. https://licenses.supernaeyeglass.com (your pc browser --> Internet, Internet --> your pc browser)
  3. https://support.superna.net (your pc browser --> Internet, Internet --> your pc browser)
  4. https://supernahelp.zendesk.com (your pc browser --> Internet, Internet --> your pc browser)
  5. https://cloudapps.supernaeyeglass.com (your pc browser --> Internet)


2. Download software and download license keys from support.superna.net

  1. https://storage.googleapis.com (your pc browser <-- Internet)
  2. https://licenses.supernaeyeglass.com (your pc browser --> Internet, Internet --> your pc browser)


3. Appliance Direct Log upload to Support site URL whitelist:

  1. https://cloudapps.supernaeyeglass.com (Appliance --> Internet)


4. Phone Home Remote Monitoring (faster more efficient support, enables proactive response without your involvement)

How to test firewall port access to required URL's

  1. SSH to eyeglass appliance as admin user
  2. type admin password ( default: 3y3gl4ss)
  3. Execute below command to test get command:
    wget https://eyeglass-live.supernaeyeglass.com/ 
  4. Execute below command to test post command:
    curl -X POST -k https://eyeglass-live.supernaeyeglass.com/
  5. Send us the output of Step #3 and #4.
  6. Done.
  7. The Monitoring service requires the following URL's allowed
    1. https://eyeglass-live.supernaeyeglass.com/ (appliance to internet)
    2. https://cloudapps.supernaeyeglass.com/ (appliance to internet)


Eyeglass Proxy Login Message Flow between Eyeglass VM and Isilon

  1. eyeglass browser  https --> eyeglass vm
  2. eyeglass vm --> SMB2 standard Microsoft authentication request sent to Isilon ip address used to add cluster to Eyeglass 
  3. Isilon sends authentication request to AD to validate password
  4. Eyeglass --> sends rest api to Isilon requesting AD group membership for User X from login request
  5. Isilon returns Authentication request to Eyeglass vm
  6. Isilon returns list of AD groups the user is a member of in AD.
  7. Eyeglass compares AD groups to Role based Access configuration to determine permissions in Eyeglass and displays Icons based on this security evaluation process.
  8. User desktop loads based on role configured.



Eyeglass Scalability Limits

Scaling Limit AreaTested Scaling Limits 1.5 >Notes
Number of Managed Clusters 1 appliance22Requires 16G RAM
Number of shares replicated (total across all clusters)15,000Requires 16G RAM
Number of Exports replicated (total across all clusters)10, 000Requires 16G RAM
Number of NFS aliases    replicated (total across all clusters)10, 000Requires 16G RAM
Number of Quotas replicated (total across all clusters)20, 000Requires 16G RAM
SyncIQ Policies All clusters100Requires 16G RAM
Failover job limitations100 policies selected in a single failoverRequires 16G RAM
Failover job total object count (shares + exports + quotas)> 10,000 Requires 32G RAM
Total objects inventory all clusters50 000Requires 16G RAM, some clusters require API requests throttled with large object count, contact support if you have this many (shares,exports and quotas combined) to get recommended setting applied

 

Copyright Superna LLC