How to connect a monitoring application to a management node without access role

When an application is attempting to monitor the cluster it connects with port 3218.  EMC management tools use 3682 which is only openable on nodes with the management role.

So your application will not be able to connect to the management only node.

Hi all

Paul, what is the solution from EMC to enable monitoring on a management LAN?

I would expect that this is the purpose of providing the management role: separate management (and this would include monitoring for my personal point of view) from application access (data access would not include monitoring). Am I really the first one who wants to use a management connection for monitoring?

Holger

So EMC uses a different, propriatary API for it's management tools (Centera Viewer for example) in order to connect using port 3682?  If not, then why can't the original posters application connect via 3682 to do the monitoring?  (his connect string in 2 of his examples shows trying to use that 3682 port.)

I will relay your thoughts to Product Management but I do not believe this will be considered as valid for the reasons I have already given i.e. by allowing a Centera SDK connection to a Management Node then you would no longer be segregating the traffic.

While you may believe that Monitoring is Management, it is currently not be possible to allow or enforce "Monitor-only" access (via the standard Centera SDK) on a Management Node.

Holger - client applications cannot connect to a Management Node. The reason for this is simple - in order to do so (even for purely monitoring purposes) you would be using the Centera SDK, and in so doing you  effectively have no longer segregated the LAN as your application could perform standard tasks assoicated with a "normal" Access Node!

CenteraViewer uses EMC internal SDKs to perform these monitoring and management tasks, which is quite distinct from the normal SDK that customers use. It does not include the API calls for working with clips so the LAN remains segregated.

So you must perform your monitoring via the Centera SDK on a regular Access Node.

Hi Paul, Hi Graham

Thank you for your responses. For the customer this concerns this is very unfortunate. The Management Station only has 3682 to the Management Nodes enabled. Applications have 3218 to the access nodes enabled on the firewalls and the two networks are separated.

I agree with you that API Access is something else than Management (CV) access. MoPI is something else too. Why not introduce a third port that the Centera responds to on both Access and Management nodes or add a new role monitoring that would enable this port.

Plese list the requirement as an enhancement request:

- Provide MoPI Access to Nodes with Management Role (w/o Access Role)

Best regards, Holger