Hi,
After running port scans we found that our Azure Cloud Volume ONTAP HA pairs are accessible via passwordless telnet over the cluster interfaces which normally would be on a private network connected to a cluster switch, or node-to-node in switchless config.
These CVO HA pairs were built with Cloud Manager and it **should** have set up those interfaces to a private network instead of using the subnet provided to it for all the other accessible interfaces.
No question here, just for everyone's info and discussion.
If one telnet's to the IP of a cluster interconnect, port 8023, it drops you into the nodeshell with no authentication. I can't find an option to disable telnet and not sure if I should. Would anything break? I don't know. I figure the quickest solution is to set a deny for port 8023 on the NSG for the resource group, or worst case, try to figure out how to re-ip the cluster interconnects to a 169.. private network.