Configuring the hub network
Review these network considerations to help you set up the network in your datacenter to use XClarity One Hub.
To configure network settings, click Network on the context menu from the Administration view.
Network interface (eth0)
- The network interface is used for discovery and management. XClarity One Hub must be able to communicate with all devices that you intend to manage.
- When connecting to an XClarity One portal in the cloud, the network interface must be connected to the Internet, preferably through a firewall.
- When connecting to an XClarity One portal as a local VM, an Internet connection is not required.
IPv4 address settings
XClarity One Hub uses IPv4 network settings. You can configure the IP assignment method, IPv4 address, network mask, and default gateway.
For the IP assignment method, you can choose to use a statically-assigned IP address or obtain an IP address from a Dynamic Host Configuration Protocol (DHCP) server. When using a static IP address, you must provide an IP address, network mask, and default gateway. The default gateway must be a valid IP address and must be on the same subnet as the network interface.
If DHCP is used to obtain an IP address, the default gateway also uses DHCP.
- Network address translation (NAT), which remaps one IP address space into another, is not supported.
- Changing the IP address of the XClarity One Hub virtual-appliance after the hub is up and running will cause connectivity issues with the XClarity One portal and all managed devices. If you need to change the IP address, disconnect hub from the portal, and unmanage all managed devices before changing the IP address. After the IP address change is complete, reconnect hub to the portal and re-manage the devices.
- If the network interface is configured to use the DHCP, ensure that IP address changes are minimized by basing the DHCP address on a MAC address or configuring DHCP so that the lease does not expire to avoid communication issues. If the IP address changes when the DHCP lease expires, you must disconnect (delete) the hub from the portal, and then connect it again.
DNS settings
XClarity One Hub uses IPv4 network settings. You can configure the IP assignment method, up to two static DNS IPv4 addresses, and custom host name and domain.
For the IP assignment method, you can choose to use a statically-assigned IP address or obtain an IP address from a DHCP server. When using a static IP address, you must provide an IP address for at least one and up to two DNS servers.
Specify the DNS host name and domain name. You can choose to retrieve the domain name from a DHCP server or specify a custom domain name.
Web proxy settings
You can optionally configure Lenovo XClarity One Hub use an HTTPS web proxy for outbound communication between the hub and the portal, Lenovo support websites, and other external services when direct access to the Internet is not available.
Ensure that you use HTTP2
Ensure that the proxy server is set up as a non-terminating proxy.
Ensure that the proxy server is set up as a forwarding proxy.
Ensure that load balancers are configured to keep sessions with one proxy server and not switch between them.
Firewalls
No inbound firewall rules needed.
Ensure that the following outbound connections are open on the firewall for Lenovo XClarity One and hubs. Each DNS represents a geographically distributed system with a dynamic IP address.
| DNS name | Ports | Protocols | Description |
|---|---|---|---|
| xclarityone.lenovo.com | 443 | HTTPS | Connect to the portal in the cloud for both the WebSocket (continuous) and the REST API (on demand) connections. |
| hub.idp.xclarityone.lenovo.com | 443 | HTTPS | Authenticate with the portal in the cloud |
| hub.xclarityone.lenovo.com | 443 | HTTPS | Make requests to the portal in the cloud |
| idp.xclarityone.lenovo.com | 443 | HTTPS | Connect to the identity provider in the portal |
| download.lenovo.com | 443 | HTTPS | Download update packages |
| support.lenovo.com | 443 | HTTPS | Retrieve firmware catalog information from Lenovo |
Open ports
Ensure that the required ports are open on the network.
If devices are behind a firewall and if you intend to manage those devices from a hub that is outside of that firewall, you must ensure that all ports involved with communications between the management hub and the baseboard management controller in each device are open.
Service or component Outbound (ports open to external services) Inbound (ports open on the hub virtual appliance) XClarity One Hub
- DNS - UDP on port 53
- NTP - UDP on port 123
- HTTPS - TCP on port 443
- SSDP - UDP on port 1900
- DHCP - UDP on port 68
- HTTPS - TCP on port 443
- HTTPS - TCP on port 8443
- SSDP - UDP on ports 32768-65535
ThinkSystem and ThinkAgile servers
- SFTP - TCP on port 115
- HTTPS – TCP on port 443
- OS deployment – TCP on port 445
- SSDP discovery – UDP on port 1900
- Firmware updates - TCP on port 6990
- HTTPS – TCP on port 443
To support operating-system deployment, ensure that the following ports are open.
Operating System Inbound (ports open on the hub) Outbound XCC (ports open on XCC) Outbound OS (ports open on target OS) Microsoft Windows Server
- TCP on port 443
- Samba service – TCP on port 445
- HTTPS – TCP on port 443
- Remote Presence – TCP/UDP on port 3900
Red Hat Enterprise Linux
- TCP on port 443
- HTTPS – TCP on port 443
- Remote Presence – TCP/UDP on port 3900
Ubuntu Server
- TCP on port 443
- HTTPS – TCP on port 443
- Remote Presence – TCP/UDP on port 3900
VMware vSphere (ESXi)
- TCP on port 443
- HTTPS – TCP on port 443
- Remote Presence – TCP/UDP on port 3900