3.1.2 Creating the Virtual Network

Use the following values to create the subnets used for the public LAN (used also for the administrative LAN) and the cluster interconnect in the cluster system.

Item name	Value
Enable/Disable DHCP Auto Allocation	true (Default)
Pool for assigning IP address	A range of IP address assigned to each node (the takeover IP address is excluded from the range)

Create the virtual router so as to communicate to each endpoint from the virtual server in FJcloud-O and then connect to the subnet for the public LAN (used also for the administrative LAN).

3.1.2.2 Creating the Common Security Group

Create the security group used in common with the following values.

Communication direction	Communication destination	Protocol information	Starting port number	Ending port number
egress	169.254.169.254/32 (*1)	tcp	80	80
egress	IP address of DNS server	udp	53	53
egress	IP address of DNS server	tcp	53	53
egress	IP address of NTP server	udp	123	123

(*1) The IP address used by the virtual server to obtain information on the cloud side. (It has nothing to do with the cluster operation.)

3.1.2.3 Creating the Security Group for the Public LAN (Used also for the Administrative LAN)

Create the security group for the public LAN (used also for the administrative LAN) with the following values

Communication direction	Communication destination	Protocol information	Starting port number	Ending port number
egress (*1)	Not specified	tcp	443	443
ingress	Own security group	udp	9382	9382
egress	Own security group	udp	9382	9382
ingress	Own security group	udp	9796	9796
egress	Own security group	udp	9796	9796
ingress	Own security group	tcp	9797	9797
egress	Own security group	tcp	9797	9797
egress	IP address of the virtual gateway	icmp	Not specified	Not specified
ingress (*2)	Own security group	tcp	3260	3260
egress (*2)	Own security group	tcp	3260	3260
ingress	Own security group	icmp	Not specified	Not specified
egress	Own security group	icmp	Not specified	Not specified

(*1) This setting is not necessary in a single-node cluster.

(*2) This setting is not necessary when not using the mirroring among the servers of GDS.

3.1.2.4 Creating the Security Group for the Cluster Interconnect

Create the security group for the cluster interconnect with the following values.

These settings are not necessary in a single-node cluster.

Communication direction	Communication destination	Protocol information	Starting port number	Ending port number
egress	Own security group	123 (*1)	Not specified	Not specified
ingress	Own security group	123 (*1)	Not specified	Not specified

(*1) Use a protocol other than TCP/UDP/ICMP. Enter the above value for other protocols.

3.1.2.5 Creating the Security Groups for Web-Based Admin View

Create the security group for Web-Based Admin View (on the cluster node side) with the following values.

Communication direction	Communication destination	Protocol information	Starting port number	Ending port number
ingress	Own security group	tcp	8081	8081
ingress	Own security group	tcp	9798	9798
ingress	Own security group	tcp	9799	9799

Create the security group for Web-Based Admin View (on the management client side) with the following values.

Communication direction	Communication destination	Protocol information	Starting port number	Ending port number
egress	Own security group	tcp	8081	8081
egress	Own security group	tcp	9798	9798
egress	Own security group	tcp	9799	9799

3.1.2.6 Creating the Security Group for the Virtual Server Access

Create the security group for installing and maintaining the cluster node.

Create the security group for ssh connection to the cluster node with the following values.

Communication direction	Communication destination	Protocol information	Starting port number	Ending port number
ingress	Specified timely	tcp	22	22

Note

When using the yum command, create the security group with the following values.

Communication direction	Communication destination	Protocol information	Starting port number	Ending port number
egress	IP address of the repository server	tcp	80	80
egress	IP address of the repository server	tcp	443	443

Create the security group for installing and maintaining the management client.

Create the security group for the remote desktop connection to the management client with the following values.

Communication direction	Communication destination	Protocol information	Starting port number	Ending port number
ingress	Specified timely	tcp	3389	3389

3.1.2.7 Creating the Firewall Rule

When using the firewall service, add the following to the firewall rule.

Protocol	Source IP address	Destination IP address	Destination port number	Action
tcp (*1)	Subnet for the public LAN (used also for the administrative LAN)	Not specified	443	Allow
udp	Subnet for the public LAN (used also for the administrative LAN)	IP address of DNS server	53	Allow
tcp	Subnet for the public LAN (used also for the administrative LAN)	IP address of DNS server	53	Allow
udp	Subnet for the public LAN (used also for the administrative LAN)	IP address of NTP server	123	Allow

(*1) This setting is not necessary in a single-node cluster.

Note

Add the settings to allow the connection via ssh or the remote desktop connection from the external network as necessary.

When using the yum command, add the following settings. Add or delete these settings as necessary to enhance the security.

Communication direction	Communication destination	Protocol information	Starting port number	Action
egress	Subnet for the public LAN (used also for the administrative LAN)	IP address to the repository server	80	Allow
egress	Subnet for the public LAN (used also for the administrative LAN)	IP address to the repository server	443	Allow