Networking
Firewall
Firewall and security-group design for Datamotive deployments — DNS requirements, IP configuration rules, and connectivity classes.
- Product
- Datamotive Platform
- Version
- v2.0.3
- Last updated
- Updated
- Reading time
- 1 min read
Datamotive recommends creating one security group (or firewall rule set) per node type, using the port definitions in the Ports reference. This page covers the surrounding network requirements: connectivity classes, DNS, and IP configuration.
Connectivity classes
Four kinds of connectivity must be allowed for the solution to operate:
| Connectivity | Purpose |
|---|---|
| Inter-node (within and across sites) | Metadata and protected VM data transfer between Datamotive nodes. All transfers are secured. Can run over private subnets or secured VPN tunnels. |
| Outbound to platform managers | Orchestration calls to vCenter Server, AWS, Azure, and GCP APIs (create VM, create subnet, fetch security groups, and so on). For cloud platforms the managers are reached over the internet; no organization data is transmitted on this path. |
| Connectivity to recovered entities | Required only when custom pre/post recovery scripts must reach the recovered instances to reconfigure them. |
| Hostname resolution | Each node’s local hostname must resolve correctly through DNS or /etc/hosts. Verify with ping from inside the node. |
DNS requirements
For the network where Datamotive nodes are deployed, ensure a DNS server is reachable that resolves:
- VMware — hostnames of the vCenter Server and the ESXi hosts running the production workloads.
- AWS, Azure, GCP — hostnames of the cloud API endpoints and the instance metadata service.
After deploying the nodes, confirm the DNS configuration inside each node.
IP configuration
Node images acquire a DHCP address on first boot. Configure a static IP on every node so addresses cannot change during DR operations:
- Cloud deployments (AWS, Azure, GCP) — use a private IP. If a public IP is required, assign a reserved or Elastic IP, and use the public IP only during node configuration in the console.
- On-premises (VMware) — configure a static IP with netplan inside the node OS.
network:
version: 2
ethernets:
ens160:
dhcp4: false
addresses: [192.168.50.202/22]
gateway4: 192.168.50.1
nameservers:
addresses: [8.8.8.8]Apply with sudo netplan apply, then reboot the node.
Security group layout
| Security group | Node type | Reference |
|---|---|---|
| SG 1 | Management Server | Ports — Management Server |
| SG 2 | Replication Node | Ports — Replication Node |
| SG 3 | DeDupe Node | Ports — DeDupe Node |
| SG 4 | Windows Prep Node | Ports — Windows Prep Node |
Related docs
Was this page helpful?