Network requirements
This section provides the network requirements, including the port, firewall, and proxy requirements.
Port availability
Several ports must be available, depending on how the firewalls are implemented in environment. If the required ports are blocked or used by another process, some Lenovo XClarity Integrator functions might not work.
To determine which ports must be opened based in environment, review the following sections. The tables in these sections include information about how each port is used in XClarity Integrator, the vCenter, the managed device that is affected, the protocol (TCP or UDP), and the direction of traffic flow.
Inbound traffic identifies flows from the managed device or external systems to XClarity Integrator, so ports need to open on the XClarity Integrator appliance. Outbound traffic flows from XClarity Integrator to the managed device or external systems.
Access to the XClarity Integrator servers
If the XClarity Integrator server and all managed devices are behind a firewall, and users are intended to access those devices from a browser that is outside of the firewall, users should ensure that the XClarity Integrator ports are open.
The XClarity Integrator server listens on and responds through the ports that are listed in the following table.
| Communication | XClarity Integrator appliance | vCenter | XClarity Administrator 1 | Lenovo services 2 |
|---|---|---|---|---|
| Outbound (ports open on external systems) | DNS – TCP/UDP on port 53 | HTTPS – TCP on port 443 | HTTPS – TCP on port 443 | HTTPS – TCP on port 443 |
| Inbound (ports open on XClarity Integrator appliance) | HTTPS – TCP on port 443 | HTTPS – TCP on port 443 | N/A | N/A |
To register XClarity Administrator to XClarity Integrator, refer to https://sysmgt.lenovofiles.com/help/topic/com.lenovo.lxca.doc/plan_openports.html.
To access to the specific Lenovo service web sites, refer to Firewall.
Access between XClarity Integrator and managed devices
If managed devices (such as compute nodes or rack servers) are behind a firewall and if users are intended to manage those devices from a XClarity Integrator server that is outside of that firewall, users should ensure that all ports involved with communications between XClarity Integrator and the baseboard management controller in each managed device are open.
| Communication | ThinkSystem and ThinkAgile | System x |
|---|---|---|
| Outbound (ports open on external systems) |
|
|
| Inbound (ports open on XClarity Integrator appliance) |
|
|
XClarity Integrator uses this port for server configuration and firmware update.
By default, this port is disabled on some new servers. In this case, it is not required to open this port and XClarity Integrator uses REST Over HTTPS for management. It is only required to open this port for the servers managed by XClarity Integrator using CIM.
By default, management is performed over secure ports. The non-secure ports are optional.
This port is used for connecting to the BMU OS to transfer files and run the update commands.
Firewall
Downloading management server updates and firmware updates requires Internet access. Configure the firewall (if any) in network to enable LXCI management server to perform these operations. If the management server fails to access to the Internet, configure LXCI to use a proxy server.
Ensure that the following FQDN and ports are available on the firewall and allowed in the proxy.
| DNS name | Ports | Protocols |
|---|---|---|
| datacentersupport.lenovo.com | 443 | https |
| download.lenovo.com | 443 | https |
| filedownload.lenovo.com | 443 | https |
| support.lenovo.com | 443 | https |
| supportapi.lenovo.com | 443 | https |
Proxy
To set the proxy in vCenter and to use vLCM function to update the firmware, users should allow the connection from vCenter to Lenovo XClarity Integrator (protocol HTTPS, port 443) in the proxy configuration of users’ company.
The proxy server should meet the following requirements:
The proxy server is set up to use basic authentication.
The proxy server is set up as a non-terminating proxy.
The proxy server is set up as a forwarding proxy.
The load balancers are configured to keep sessions with only one proxy server.