This section provides reference configuration diagrams and connectivity information that will assist you in designing and connecting your N1 System Manager equipment.
Other configurations are possible, such as using separate switches for each network. You can implement your network using any combination of VLANs and switches. Each network, whether management, provisioning or data, should be assigned to separate VLANs.
In each of the following reference configurations, corporate access is shown as a connection to the management server. Alternatively, corporate access to the N1 System Manager can be provided through a switch instead of the management server.
This section provides reference configuration diagrams and connectivity information that will assist you in designing and connecting your N1 System Manager equipment.
When designing a network, keep the following information in mind:
Configuring separate management, provisioning, and data networks is the best practice
Separate networks provide the highest security and the lowest number of points of failure
The data center DHCP service can be used to assign IP addresses to managed servers
The management server DHCP service does not provide DHCP services for the data network. If you plan to dynamically configure IP services on the data network, you must provide an external DHCP server for the data network. You must not have another DHCP server on the same provisioning network.
You might need to install additional NICs in the management server and some manageable servers to support this configuration
The following list summarizes the connectivity requirements for the separate management, provisioning, and data networks configuration.
Management Server
The management server should provide connectivity to the management network, provisioning network, and corporate network as follows:
ETH0 connects the management server to the corporate network to provide external access to the management server. The management server ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
ETH1 connects the management server to the provisioning network and should be on the same network as the ETH0 connections of the manageable servers. . No devices other than the management server and the manageable servers should reside on the provisioning network. ETH1 should be a 1-Gbit NIC interface.
ETH2 connects the management server to the management network and should be on the same network as the management port connections of the manageable servers. The management server ETH2 IP address, netmask, and gateway should be configured to enable connectivity to the manageable server's management port IP addresses. ETH2 should be a 100-megabit NIC interface.
The management server DHCP service allocates IP addresses to the manageable servers for loading operating systems.
Manageable Servers
Each manageable server should provide connectivity to the management network, provisioning network, and data network as follows:
The management port connects the manageable server to the management network and should be on the same network as the ETH2 connection of the management server. The management port should be a 100-megabit connection.
ETH0 connects the manageable server to the provisioning network and must be on the same network as the ETH1 connection of the management server. ETH0 should be a 1-Gbyte connection.
ETH1 connects the manageable server to the data network through the switch to provide external corporate network access to the manageable server. ETH1 should be a 1-Gbyte connection.
The RIS server is required only if you plan to provision Microsoft Windows. The RIS server should be connected to the provisioning network using a 1–Gbyte connection.
For this configuration:
An additional NIC does not need to be installed on the management server
The combined management and provisioning network reduces system and network security
The data center DHCP service can be used to assign IP addresses to provisioned servers
The management server DHCP service does not provide DHCP services for the data network. If you plan to dynamically configure IP services on the data network, you must provide an external DHCP server for the data network. You must not have another DHCP server on the management and provisioning network.
The statically-assigned management IP addresses and the dynamically assigned IP addresses used during OS provisioning are part of the same network. The N1 System Manager does not manage IP addresses. You must ensure that the IP addresses used during provisioning do not conflict with the management network IP addresses.
The following list summarizes the connectivity requirements for the combined management and provisioning network and the separate data network configuration.
Management Server
The management server should provide connectivity to the management and provisioning network as follows:
ETH0 connects the management server to the corporate network to provide external access to the management server. The management server ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
ETH1 connects the management server to the management and provisioning network and should be on the same network as the MGMT and ETH0 connections of the manageable servers. No devices other than the management server and the manageable servers should reside on the management and provisioning network. The management server ETH1 IP address, netmask, and gateway should be configured to enable connectivity to the manageable server's management port IP addresses. ETH1 should be a 1-Gbit NIC interface.
The management server DHCP service allocates IP addresses to the manageable servers for loading operating systems.
RIS Server
The RIS server connects to the provisioning network. The connection must be from the first (lowest order) Ethernet port on the RIS server, and should be a 1–Gbit interface.
Manageable Servers
Each manageable server should provide connectivity to the management and provisioning network and the separate data network as follows:
The management port connects the manageable server to the management and provisioning network and should be on the same network as the ETH1 connection of the management server. The management port should be a 100-megabit connection.
ETH0 connects the manageable server to the management and provisioning network and must be on the same network as the ETH1 connection of the management server. ETH0 should be a 1-Gbyte connection.
ETH1 connects the manageable server to the data network through the switch to provide external corporate network access to the manageable server. ETH1 should be a 1-Gbyte connection.
The RIS server is required only if you plan to provision Microsoft Windows. The RIS server should be connected to the management and provisioning network using a 1–Gbyte connection.
For this configuration:
The combined provisioning and data network reduces system and network security
The data network must use the N1 System Manager DHCP service
The N1 System Manager DHCP service must be the only DHCP service on the data network.
The following list summarizes the connectivity requirements for the combined data and provisioning network and the separate management network configuration.
Management Server
The management server should provide connectivity to the provisioning and data network and to the separate management network as follows:
ETH0 connects the management server to the corporate network to provide external access to the management server. The management server ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
ETH1 connects the management server to the provisioning and data network and should be on the same network as the ETH0 connections of the manageable servers. No devices other than the management server and the manageable servers should reside on the data and provisioning network. ETH1 should be a 1–Gbit NIC interface.
ETH2 connects the management server to the management network and should be on the same network as the management port connections of the manageable servers. The management server ETH2 IP address, netmask, and gateway should be configured to enable connectivity to the manageable server's management port IP addresses. ETH2 should be a 100-megabit NIC interface.
The management server DHCP service allocates IP addresses to the manageable servers for loading operating systems.
RIS Server
The RIS server connects to the provisioning network. The connection must be from the first (lowest order) Ethernet port on the RIS server, and should be a 1–Gbit interface.
Manageable Servers
Each manageable server should provide connectivity to the management network and to the combined data and provisioning network as follows:
The management port connects the manageable server to the management network and should be on the same network as the ETH2 connection of the management server. The management port should be a 100-megabit connection.
ETH0 connects the manageable server to the data and provisioning network to enable deployment of an operating system to the manageable server, and to provide external corporate network access to the manageable server. The manageable server ETH0 connection must be on the same network as the ETH1 connection of the management server. ETH0 should be a 1-Gbyte connection.
The RIS server is required only if you plan to provision Microsoft Windows. The RIS server should be connected to the data and provisioning network using a 1–Gbyte connection.
For this configuration:
An additional NIC does not need to be installed on the management server
The combined management, provisioning, and data networks greatly reduces system and network security
The data network must use the N1 System Manager DHCP service
The N1 System Manager DHCP service must be the only DHCP service on the data network.
The following list summarizes the connectivity requirements for the combined management, provisioning, and data networks configuration.
Management Server
The management server should provide connectivity to the combined management, provisioning, and data network and to the corporate network as follows.
ETH0 connects the management server to the corporate network to provide external access to the management server. The management server ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
ETH1 connects the management server to the combined management, provisioning, and data network and should be on the same network as the MGMT and ETH0 connections of the manageable servers. No devices other than the management server and the manageable servers should reside on the combined network. ETH1 should be a 1-Gbit NIC interface.
The management server DHCP service allocates IP addresses to the manageable servers for loading operating systems.
RIS Server
The RIS server connects to the provisioning network. The connection must be from the first (lowest order) Ethernet port on the RIS server, and should be a 1–Gbit interface.
Manageable Servers
Each manageable server should provide connectivity to the management network, provisioning network and data network as follows:
The management port connects the manageable server to the management, provisioning, and data network and should be on the same network as the ETH1 connection of the management server. The management port should be a 100-megabit connection.
ETH0 connects the manageable server to the management, provisioning, and data network, and must be on the same network as the ETH1 connection of the management server. ETH0 also connects the manageable server to the data network through the switch to provide external corporate network access to the manageable server. ETH0 should be a 1-Gbyte connection.
The RIS server is required only if you plan to provision Microsoft Windows. The RIS server should be connected to the management, provisioning, and data network using a 1–Gbyte connection.
For this configuration:
An additional NIC does not need to be installed on the management server.
N1 System Manager provides two default security roles with specific privileges assigned for the restricted mode of operation. For more information, see Managing Roles in Sun N1 System Manager 1.3 Discovery and Administration Guide and Restricted Mode Capabilities in Sun N1 System Manager 1.3 Discovery and Administration Guide.
Management Server
ETH1 connects the management server to the management network and should be on the same network as the MGMT connections of the manageable servers. The management server ETH1 IP address, netmask, and gateway should be configured to enable connectivity to the manageable servers management port IP addresses. No devices other than the management server and the manageable servers should reside on the provisioning network. ETH1 should be a 1-Gbit NIC interface.
Manageable Servers
Each manageable server should provide connectivity to the management network as follows:
The management port connects the manageable server to the management network and should be on the same network as the ETH1 connection of the management server. The management port should be a 100 megabit NIC connection.
For this configuration:
An additional NIC does not need to be installed on the management server.
N1 System Manager provides two default security roles with specific privileges assigned for the restricted mode of operation. For more information, see Managing Roles in Sun N1 System Manager 1.3 Discovery and Administration Guide and Restricted Mode Capabilities in Sun N1 System Manager 1.3 Discovery and Administration Guide.
The following list summarizes the connectivity requirements for the management network only configuration.
Management Server
ETH0 connects the management server to the corporate network to provide external access to the management server. The management server ETH0 IP address, netmask, and gateway should be configured to meet your corporate environment connectivity requirements.
ETH1 connects the management server to the provisioning network and should be on the same network as the ETH0 connections of the manageable servers. No devices other than the management server and the manageable servers should reside on the provisioning network. ETH1 should be a 1-Gbit NIC interface.
The management server DHCP service allocates IP addresses to the manageable servers for loading operating systems.
RIS Server
The RIS server connects to the provisioning network. The connection must be from the first (lowest order) Ethernet port on the RIS server, and should be a 1–Gbit interface.
Manageable Servers
Each manageable server should provide connectivity to the provisioning network as follows:
ETH0 connects the manageable server to the provisioning network, and must be on the same network as the ETH1 connection of the management server.
ETH0 should be a 1-Gbyte connection.
The RIS server is required only if you plan to provision Microsoft Windows. The RIS server should be connected to the management, provisioning, and data network using a 1–Gbyte connection.