Firewall considerations for remote mounting of file systems

IBM Spectrum Scale™ clusters can access file systems on other IBM Spectrum Scale clusters using remote mounts.

Remote mounts can be used in the following ways.

All nodes in the IBM Spectrum Scale cluster requiring access to another cluster's file system must have a physical connection to the disks containing file system data. This is typically done through a storage area network (SAN).
All nodes in the IBM Spectrum Scale cluster requiring access to another cluster's file system must have a virtual connection through an NSD server.

In both cases, all nodes in the cluster requiring access to another cluster's file system must be able to open a TCP/IP connection to every node in the other cluster. For information on the basic GPFS™ cluster operation port requirements, see Firewall recommendations for internal communication among nodes.

Note: Each cluster participating in a remote mount might reside on the same internal network or on a separate network from the host cluster. From a firewall standpoint, this means that the host cluster might need ports to be opened to a number of external networks, depending on how many separate clusters are accessing the host.