Hi,
I have built a three node HSX Cluster.
I am now going to isolate this cluster where nothing is allowed to talk to it.
I will be using CV Network Topologies & Gateways to perform my backups.
My question is, as all the nodes are isolated they wont be able to reach a NTP server. Will this setup eventually cause me an issue ?
Thanks
Best answer by Bronco
Hi Jos,
I have them isolated away with nothing allowed to touch them.
They are only allow to talk to the CV network gateway servers on port 8403.
If I was to allow port 123 from the HSX Nodes to the NTP server only would that be enough ?
Yes, allowing port 123/UDP from your HSX nodes to a reachable NTP server would be sufficient for time synchronization. This is the standard port used by NTP, and it is all that is required for the nodes to maintain accurate and consistent time.
HyperScale X clusters require all nodes to have closely synchronized system clocks for proper operation of the software-defined storage layer, cluster communication, and backup/restore consistency. If the nodes cannot reach an NTP server and their clocks drift apart, you may encounter issues such as:
[1] Backup failures due to time synchronization errors
[2] Nodes appearing offline or out of sync
[3] Problems with certificate validation and cluster operations
[4] Log correlation and troubleshooting difficulties
Even in highly isolated environments, it is strongly recommended to allow outbound UDP/123 from the HSX nodes to a trusted NTP server (internal or external, as your security policy allows). If you cannot allow access to an external NTP server, consider deploying an internal NTP server within the isolated environment and allow the HSX nodes to sync with it.
+21I have not encountered such a scenario, but looking at the functionalities I would say yes.
The software defined storage layer on each hyperscale x node functions within a cluster and thus needs to be aligned properly. Can't the hyperscale nodes sync with your network components within the site? Then at least all isolated components are in sync.
Hi Jos,
I have them isolated away with nothing allowed to touch them.
They are only allow to talk to the CV network gateway servers on port 8403.
If I was to allow port 123 from the HSX Nodes to the NTP server only would that be enough ?
+3Hi Jos,
I have them isolated away with nothing allowed to touch them.
They are only allow to talk to the CV network gateway servers on port 8403.
If I was to allow port 123 from the HSX Nodes to the NTP server only would that be enough ?
Yes, allowing port 123/UDP from your HSX nodes to a reachable NTP server would be sufficient for time synchronization. This is the standard port used by NTP, and it is all that is required for the nodes to maintain accurate and consistent time.
HyperScale X clusters require all nodes to have closely synchronized system clocks for proper operation of the software-defined storage layer, cluster communication, and backup/restore consistency. If the nodes cannot reach an NTP server and their clocks drift apart, you may encounter issues such as:
[1] Backup failures due to time synchronization errors
[2] Nodes appearing offline or out of sync
[3] Problems with certificate validation and cluster operations
[4] Log correlation and troubleshooting difficulties
Even in highly isolated environments, it is strongly recommended to allow outbound UDP/123 from the HSX nodes to a trusted NTP server (internal or external, as your security policy allows). If you cannot allow access to an external NTP server, consider deploying an internal NTP server within the isolated environment and allow the HSX nodes to sync with it.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
