Solved

Pulse: PE or PC?

  • 14 August 2019
  • 5 replies
  • 205 views

Badge +1
Our CVMs are locked down tight, I have no intention of allowing any internet access to PE, all support actions must be done through a webex session where our admin grants control to the support tech.

but I have PC set up for NAT so it can communicate outside our private network. my question is, will pulse work strictly through PC or does PE need to be set up for it? Everything i see documented is about PE talking to insights.nutanix.com.
icon

Best answer by bbbburns 15 August 2019, 20:09

Yes, your understanding is correct. You'd remove the proxy configuration from the PE. Then PE would automatically use the PC for sending pulse data.

PC would in turn send that data out over whatever mechanism is available.

PC will try to directly reach the destination (or use your configured proxy). If those mechanisms don't succeed, then it will send data using the configured SMTP server. You can find more info in the Prism Central guide here: https://portal.nutanix.com/#/page/docs/details?targetId=Prism-Central-Guide-Prism-v511:mul-support-pulse-recommend-pc-c.html
View original

5 replies

Userlevel 3
Badge +14
Starting in AOS 5.6.1 with NCC 3.5.2, Prism Central should by default act as a Proxy for any connected PE clusters that have Pulse enabled. There is no configuration required beyond enabling Pulse in PC and enabling Pulse in PE.

Make sure that there is NO manual proxy configuration in the PE.

Here is the official documentation:
https://portal.nutanix.com/#/page/docs/details?targetId=Prism-Central-Guide-Prism-v511:mul-pulse-proxy-server-c.html

The logic on the PE looks like the following:

Userlevel 7
Badge +35
Did the above help @theGman ?
Badge +1
OK, This is very helpful, it appears as though I have a boat load of options:

  1. Although I have the CVM cluster locked down behind a firewall, I can always open it for communication to our proxy server, which is then allowed outbound only
  2. Instead of HTTP proxy from the cluster, I can use PC for Pulse, and can use it in the following ways:
  1. PC can use pulse via NAT to reach Nutanix
  2. PC can use HTTP proxy to reach Nutanix
  3. PC can use SMTP
Please confirm I have this correct. I am wondering how SMTP would work since I don't see any specific configuration option in Pulse to use SMTP, but then again there isn't an option to select HTTP proxy either. But FYI I did define a HTTP proxy and I can see in the UI that Pulse is connected successfully. I am going to change this to PC though, I prefer to use PC for all outbound communications rather than the cluster itself, but have questions as to whether it is really more secure and what operations would be restricted.

I think the idea here is, in order to leverage PC for Pulse, is to remove the proxy from PE, and then configure it in PC, or, simply open up outbound communications from PC to Nutanix.
Userlevel 3
Badge +14
Yes, your understanding is correct. You'd remove the proxy configuration from the PE. Then PE would automatically use the PC for sending pulse data.

PC would in turn send that data out over whatever mechanism is available.

PC will try to directly reach the destination (or use your configured proxy). If those mechanisms don't succeed, then it will send data using the configured SMTP server. You can find more info in the Prism Central guide here: https://portal.nutanix.com/#/page/docs/details?targetId=Prism-Central-Guide-Prism-v511:mul-support-pulse-recommend-pc-c.html
Badge +1
Thanks Jason - much appreciated. I have worked with VMware FC storage for over 25 years, brand new to nutanix and WOW I feel like I have to learn all over again.. fun fun.. sadly the one thing I find that remains true after all these years is that documentation rarely presents us all the architectural answers to our questions and is still focused on basic configuration in most cases, so I appreciate the assistance with the understanding of the greater architecture. I will have more questions over the next few weeks so I hope I don't annoy you guys too much 🙂

Reply