This week we opened a very interesting email from a potential customer who wanted to check out netTerrain’s deployment guide (they’re seriously considering deploying netTerrain DCIM for their Data Center Infrastructure Management needs).

After providing this prospect with the installation guide, he came back requesting more documentation that would specifically address firewall rules. I thought this was a very interesting request….

…does netTerrain even have a deployment guide?

The short answer is no. Our installation guide is our deployment guide.

What I mean is this: after netTerrain is installed, and you are planning to document your cabling, your network, your racks, and visualize your entire data center or fiber plant…you somehow have to get all that into the tool. You can import it from a database, from a spreadsheet, do some network discovery, and so on, but the point is: the installation is not complete as you still must figure out how to populate your projects.

Populating your objects is not what we consider deployment per se, but falls under the ‘data migration’ chapter. Perhaps one could argue that, when it comes to deploying netTerrain, there isn’t much else to do after installing the software.

What are all the things that you need to consider in your environment when it comes to deploying our software?

For starters, you need to have an SQL server, IIS, and some additional configurations and settings. All of this is explained in our installation guide — but what about the original question, from a prospect, regarding security and firewall rules?

In our installation guide, we do address how to set up an active directory and a more recent addition is how to use multi-factor authentication. The truth is, however, we don’t talk much about firewall rules in the guide.

Why?

There simply isn’t much to configure in terms of ports and we assume ((out of a touch of laziness on our part) that your netTerrain server is, in essence, a web server. We take it for granted that ports 80 and and/or 443 are going to be open (as expected for a Web server).

This got me thinking…maybe the following should be more clearly spelled out in our installation guide:

In addition to ports 80 and/or 443, there are other ports that should be opened in your firewall. The netTerrain application server needs to communicate with the SQL server: if your SQL server database resides on a different virtual or physical machine, then port 1433 should also be open.

Then, there is the discovery piece. Our discovery engine is distributed and multi-tenant, so you can deploy our discovery onto different machines in your IT network or data center in your effort to automate your network mapping infrastructure or DCIM documentation. Ports 161 or 162 need to be enabled on the machines where you have the discovery engine installed. However, those ports don’t need to be opened on the netTerrain server because the discovery is done remotely and the results are sent via a REST API over the network using, you guessed it, ports 80 or 443.

To summarize, most of the information you need to deploy netTerrain is available in the installation guide — however, some of the details may be somewhat buried in the guide or could use some further guidance from our support team, especially when it comes to firewall rules and specific settings that depart from the norm. With that said, we don’t bite: if you are under maintenance, you can always request support by opening a ticket in our portal or emailing our support team.

Happy documenting!

About Jan Durnhofer

As CEO / Product and Engineering Manager, Jan joined Graphical Networks with the purpose of creating the most advanced DCIM and IT visualization company in the market.