Firewall considerations for remote mounting of file systems
IBM Spectrum Scale™ clusters can access file systems on other IBM Spectrum Scale clusters using remote mounts.
Remote mounts can be used in the following ways.
- All nodes in the IBM Spectrum Scale cluster requiring access to another cluster's file system must have a physical connection to the disks containing file system data. This is typically done through a storage area network (SAN).
- All nodes in the IBM Spectrum Scale cluster requiring access to another cluster's file system must have a virtual connection through an NSD server.
In both cases, all nodes in the cluster requiring access to another cluster's file system must be able to open a TCP/IP connection to every node in the other cluster. For information on the basic GPFS™ cluster operation port requirements, see Firewall recommendations for internal communication among nodes.
Note: Each cluster participating in a remote mount might reside on the same internal network or on a
separate network from the host cluster. From a firewall standpoint, this means that the host cluster
might need ports to be opened to a number of external networks, depending on how many separate
clusters are accessing the host.