Portal network
Review these network considerations to help you set up the network in your datacenter to use XClarity One as a virtual machine.
Network interface (eth0)
- The network interface is used for discovery and management. XClarity One must be able to communicate with all hubs and devices that you intend to manage.
- Some functions require an Internet connection, preferably through a firewall. If the network interface is not connected to the Internet, these functions will not work.
Send automatic problem notification through Call Home
Retrieve service ticket status and history
Retrieve device warranty
Update the firmware catalog and download firmware packages directly from the web (Note that firmware packages can be manually imported.)
Perform firmware CVE analysis
IPv4 address settings
XClarity One uses IPv4 network settings. You can configure the IP assignment method, IPv4 address, network mask, and default gateway.
For the IP assignment method, you can choose to use a statically-assigned IP address or obtain an IP address from a Dynamic Host Configuration Protocol (DHCP) server. When using a static IP address, you must provide an IP address, network mask, and default gateway. The default gateway must be a valid IP address and must be on the same subnet as the network interface.
If DHCP is used to obtain an IP address, the default gateway also uses DHCP.
- IPv6 addresses are not supported.
- Network address translation (NAT), which remaps one IP address space into another, is not supported.
- If you change the IP address of the XClarity One virtual-appliance after the portal is up and running:
The virtual appliance is restarted and takes approximately 20 or more minutes to come back online.
The portal will lose connectivity the hubs. Before changing the XClarity One IP address, disconnect hubs from the portal. After the IP address change is complete, reconnect hubs to the portal.
- If the network interface is configured to use the DHCP, ensure that IP address changes are minimized by basing the DHCP address on a MAC address or configuring DHCP so that the lease does not expire to avoid communication issues. If the IP address changes when the DHCP lease expires, you must disconnect (delete) the hub from the portal, and then connect it again.
DNS settings
XClarity One uses IPv4 network settings. You can configure the IP assignment method, up to two static DNS IPv4 addresses, and custom host name and domain.
For the IP assignment method, you can choose to use a statically-assigned IP address or obtain an IP address from a DHCP server. When using a static IP address, you must provide an IP address for at least one and up to two DNS servers.
Specify the DNS host name and domain name. You can choose to retrieve the domain name from a DHCP server or specify a custom domain name.
- If you change the DNS settings after the portal is up and running, the virtual appliance is restarted and takes 20 or more minutes to come back online.
- If you choose to use a DHCP server to assign IPv4 address, ensure that the DHCP server is configured such that the DHCP address lease is permanent to avoid communication issues. If the IP address changes when the DHCP lease expires, the host name and domain that you provided are overwritten when the DHCP lease is renewed.
Web proxy settings
You can optionally configure XClarity One use an HTTP or HTTPS web proxy for outbound communication between the portal and external services when direct access to the Internet is not available.
XClarity One automatically detects the type of connection that the proxy server is using on the specified port, either HTTP or HTTPS.
For HTTPS proxy servers, XClarity One automatically detects the server certificate for the proxy server. You must review the certificate details and, if correct, accept the certificate to complete the web proxy configuration. If rejected, the web proxy configuration is reset.
After the web proxy is enabled, you can test the connection to the proxy server by clicking Test connection. Enter any hostname or IP address to test the connection between portal and that host. By default, supportapi.lenovo.com is used to test the configuration, which is the hostname used for Call Home.
Authentication is not required; however, if the proxy server is configured to authenticate requests, ensure that it is set up to use basic authentication.
Ensure that the proxy server is correctly configured with valid full-chain certificates if TLS is enabled.
Ensure that the proxy server is set up as a non-terminating proxy.
Ensure that the proxy server is set up as a forwarding proxy.
Ensure that load balancers are configured to keep sessions with one proxy server and not switch between them.
Firewalls
Ensure that the following DNS names and ports are open on the firewall for XClarity One and hubs. Each DNS represents a geographically distributed system with a dynamic IP address.
| DNS name | Ports | Protocols | Description |
|---|---|---|---|
| soaus.lenovo.com | 443 | https | Create a service ticket with Lenovo Support (Call Home) |
| support.lenovo.com | 443 | https | Retrieve firmware catalog information and download firmware packages from Lenovo |
| esupportwebapi.lenovo.com | 443 | https | Send service data to Lenovo Support (Call Home) |
| supportapi.lenovo.com | 443 | https | Retrieve warranty information |
Open ports
Ensure that all required ports involved with communications between the XClarity One portal, hubs and service are open.
| Direction | Ports | Description | |
|---|---|---|---|
| A | (Inbound) Hub to XClarity One | HTTPS – TCP on port 443 | This port is used by the web interface and connected hubs to communicate with the XClarity One web server and by connected hubs to push information in the XClarity One VM for management purposes. |
| B | (Inbound) Admin workstation to XClarity One | HTTPS – TCP on port 8443 | This port is used to access the dedicated XClarity One Service Support Center web server to collect and download portal service data if XClarity One becomes unresponsive and cannot be recovered. If blocked, you will need to unblock the port to access the web server and collect the service data if the portal becomes unresponsive. |
| C | (Outbound) XClarity One to Lenovo cloud services | HTTPS – TCP on port 443 | This port is used by the XClarity One VM to communicate with cloud services for features such as warranty retrieval, firmware packages retrieval and download, Call Home, uploading service data for opened tickets. |
| NTP – UDP on port 123 | This port is used to interrogate the NTP server to synchronize the VM time. | ||
| D | (Outbound) XClarity One to on-premises basic services | DNS – UDP on port 53 | This port is used to interrogate the DNS server to resolve FQDN. This port must be open only when XClarity One is configured to use a DNS server. |
| NTP – UDP on port 123 | This port is used to interrogate the NTP server to synchronize the VM time. This port must be open only when XClarity One is configured to use an NTP server. If blocked, you must use static IP addresses. | ||
| Web proxy HTTP(S) – TCP on any port | This port is used to communicate with the hub, Lenovo cloud services, and other basic services when direct access to the Internet is not available. This port must be open only when XClarity One is configured to use an HTTPS web proxy. |