Hub network
Review these network considerations to help you set up the network in your datacenter to use XClarity One Hub.
To configure network settings, click Network on the context menu from the Administration view.
Network interface (eth0)
- The network interface is used for discovery and management. XClarity One Hub must be able to communicate with all devices that you intend to manage.
- When connecting to an XClarity One portal in the cloud, the network interface must be connected to the Internet, preferably through a firewall.
- When connecting to XClarity One on premises, an Internet connection is not required.
IPv4 address settings
XClarity One Hub uses IPv4 network settings. You can configure the IP assignment method, IPv4 address, network mask, and default gateway.
For the IP assignment method, you can choose to use a statically-assigned IP address or obtain an IP address from a Dynamic Host Configuration Protocol (DHCP) server. When using a static IP address, you must provide an IP address, network mask, and default gateway. The default gateway must be a valid IP address and must be on the same subnet as the network interface.
If DHCP is used to obtain an IP address, the default gateway also uses DHCP.
- Network address translation (NAT), which remaps one IP address space into another, is not supported.
- Changing the IP address of the XClarity One Hub virtual-appliance after the hub is up and running will cause connectivity issues with the XClarity One portal and all managed devices. If you need to change the IP address, disconnect hub from the portal, and unmanage all managed devices before changing the IP address. After the IP address change is complete, reconnect hub to the portal and re-manage the devices.
- If the network interface is configured to use the DHCP, ensure that IP address changes are minimized by basing the DHCP address on a MAC address or configuring DHCP so that the lease does not expire to avoid communication issues. If the IP address changes when the DHCP lease expires, you must disconnect (delete) the hub from the portal, and then connect it again.
DNS settings
XClarity One Hub uses IPv4 network settings. You can configure the IP assignment method, up to two static DNS IPv4 addresses, and custom host name and domain.
For the IP assignment method, you can choose to use a statically-assigned IP address or obtain an IP address from a DHCP server. When using a static IP address, you must provide an IP address for at least one and up to two DNS servers.
Specify the DNS host name and domain name. You can choose to retrieve the domain name from a DHCP server or specify a custom domain name.
Web proxy settings
You can optionally configure Lenovo XClarity One Hub use an HTTPS web proxy for outbound communication between the hub and the portal, Lenovo support websites, and other external services when direct access to the Internet is not available.
Ensure that you use HTTP2
Ensure that the proxy server is set up as a non-terminating proxy.
Ensure that the proxy server is set up as a forwarding proxy.
Ensure that load balancers are configured to keep sessions with one proxy server and not switch between them.
Firewalls
No inbound firewall rules are needed.
Ensure that the following outbound connections are open on the firewall for XClarity One and hubs. Each DNS represents a geographically distributed system with a dynamic IP address.
| DNS name | Ports | Protocols | Description |
|---|---|---|---|
| xclarityone.lenovo.com | 443 | HTTPS | Connect to the portal in the cloud for both the WebSocket (continuous) and the REST API (on demand) connections. |
| hub.idp.xclarityone.lenovo.com | 443 | HTTPS | Authenticate with the portal in the cloud |
| hub.xclarityone.lenovo.com | 443 | HTTPS | Make requests to the portal in the cloud |
| idp.xclarityone.lenovo.com | 443 | HTTPS | Connect to the identity provider in the portal |
| download.lenovo.com | 443 | HTTPS | Download update packages |
| support.lenovo.com | 443 | HTTPS | Retrieve firmware catalog information from Lenovo |
Open ports
Ensure that the required ports are open on the network.
Ensure that all required ports involved with communications between the XClarity One portal, hubs and service are open.
Direction Ports Description A (Inbound) to the Hub VM HTTPS – TCP on port 443 This port is used by managed devices to communicate with the hub to push events and metrics and by users who are accessing the hub web interface. HTTPS – TCP on port 8443 This port is used to access the dedicated XClarity One Hub Service Support Center web server to collect and download portal service data if the hub becomes unresponsive and cannot be recovered. If blocked, you will need to unblock the port to access the web server and collect the service data if the portal becomes unresponsive. Samba service – TCP on port 445 This port is used to initiate the connection between the managed device and the hub for transferring Windows OS images. If blocked, you cannot deploy the Windows operating system to your devices. SSDP – UDP on ports 32768 - 65535 These ports are used to receive SSDP discovery responses from devices in the same IP subnet as the hub. If blocked, you must manually discover devices through port 443. B (Outbound) Hub to the XClarity One HTTPS – TCP on port 443 This port is used to communicate with the XClarity One web server and to push information in the XClarity One VM for management purposes. C (Outbound) Hub to the Lenovo cloud services NTP – UDP on port 123 This port is used to interrogate the NTP server to synchronize the VM time. HTTPS – TCP on port 443 This port is used to communicate with the Lenovo cloud services and to download payloads from the Internet (such as warranty, portal/firmware metadata and updates, and service tickets). This port must be open only when the hub is connected to the Internet. D (Outbound) Hub to the on-premises basic services DNS – UDP on port 53 This port is used to interrogate the DNS server to resolve FQDN. This port must be open only when the hub is configured to use a DNS server. DHCP – UDP on port 68 This port is used to communicate with the DHCP server to retrieve IPv4 addresses. This port must be open when DHCP is used to obtain IP addresses. NTP – UDP on port 123 This port is used to interrogate the NTP server to synchronize the VM time. Web proxy HTTP(S) – TCP on any port This port is used to communicate with the XClarity One portal, Lenovo cloud services, and other basic services when direct access to the Internet is not available. This port must be open only when the hub is configured to use an HTTPS web proxy.
Ensure that all required ports involved with communications between the hub and managed devices are open.
Zone Direction Ports Description A (Inbound) Hub to Lenovo management controllers SFTP – TCP on port 115 This port is used by the hub to push firmware packages to the management controller. If blocked, you cannot update firmware on your managed devices. HTTPS – TCP on port 443 This port is used to exchange data between the managed devices or OSs and the hub, including payloads and status. SSDP discovery – UDP on port 1900 These ports are used to automatically discover devices in the same IP subnet as the hub using a multicast channel, where the devices are informing the hub about their presence. If blocked, you must manually discover devices through port 443. Firmware updates – TCP on port 6990 This port is used to apply firmware updates to devices. If blocked, you cannot update firmware on your managed devices. B (Outbound) Lenovo management controllers to the hub HTTPS – TCP on port 443 This port is used by managed devices to communicate with the hub web server and to push information to the hub VM for management purposes. OS deployment – TCP on port 445 This port is used to transfer Windows OS images to managed devices. If blocked, you cannot deploy an OS to your managed devices.
