Yep,
* IPSpaces for every Source-Cluster (or every customer) * InterCluster LIFs "in" those IPSpaces o These are the LIFs, that will be used for Cluster Peering * SVM Management LIFs for control, if necessary (not the Cluster Mgmt LIFs you (Heino) mentioned) * I can't think of a reason, why you would need to give access to the Cluster Mgmt LIF to your customers o Firewall rules probably unnecessary
my 2c
Sebastian
On 09.03.2021 13:19, Markus Nödl wrote:
Keep in mind that cluster peering involves the intercluster lifs as well as the snapmirror/vault traffic is passing through those lifs. AFAIK you will have to have ipspaces for your intercluster lifs (at least on the destination) to peer all those source machines
*Markus Nödl*
Senior Storage Architect
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-50-556-3410
Mobil: +43 664 88241622
E-Mail: MNoedl@anexia-it.com mailto:MNoedl@anexia-it.com
Web: http://www.anexia.com/ http://www.anexia.com/
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
*From: *Toasters toasters-bounces@teaparty.net on behalf of Heino Walther hw@beardmann.dk *Date: *Tuesday, 9. March 2021 at 13:03 *To: *"toasters@teaparty.net" toasters@teaparty.net *Subject: *Remote backup hosting with ONTAP...
Hi there
I need some suggestions to a setup where we will be hosing remote backup of other ONTAP clusters on one ONTAP FAS cluster.
The clusters that needs to be backed up should be backed up are on separate VLANS and should be kept separate.
So the plan is to create a SVM per system in its own VLAN.
Trouble is that in order to setup a SVM-Peer you first need to setup a cluster peer…
So I guess there are several ways to do this…
- Create several cluster mgmt. LIFs (one for each VLAN)
- Could this cause issues?
- Create a firewall rule for the existing cluster mgmt. LIF so is can be reached from all the VLANs.
I will also be using ipspaces for this because of security, and because there are two systems using the same IP range…
Suggestions are welcome.. I somewhat lean towards option 1.
/Heino
Heino Walther https://www.linkedin.com/in/heinowalther/
Beardmann ApS http://beardmann.dk/
Jellingvej 9 - 7100 Vejle https://goo.gl/maps/xQVPFMHXpXu
D: 7199 9060 M: 2075 7501
--
Toasters mailing list Toasters@teaparty.net https://www.teaparty.net/mailman/listinfo/toasters