In order to properly protect a cluster the CVMs should sit behind a firewall, which in my architecture this will be the case before we go live with anything.
In order for admins to access the CVMs through a firewall TCP 22 is needed for SSH, and 80 and 9440 are needed for accessing the web console.
Is this is? or are there more ports that would need to be opened up for the various types of admin interactions?
- how about running cli tools against the cluster?
- how about downloading support files?
and I'm sure I'm missing more here.
I do see there is an attempt to close this gap here: https://vmwaremine.com/2014/09/19/nutanix-network-port-diagram/#sthash.dercC2j9.dpbs
However, when you look at the diagram on this resource I see a large list of ports without a single explanation, and in some cases I see additional ports shown that aren't documented by Nutanix. here they are: TCP (22,2009,2010,2030