Configuration Notes

Security Users Groups/Permissions

See Administrative Privileges for more details.

Certificates

The DataCore REST Support installation automatically creates and registers a self-signed certificate that is used to secure HTTPS communications. Due to the limitations of this creation, the certificate only displays as "trusted" when using a browser on the machine where the REST support is installed. If browsing from a different machine, it is recommended to first use a browser to navigate to the https://fqdn of the REST server and accept the browser warnings regarding the untrusted certificate, untrusted source, and so on.

Architectural Overview

The architectural diagram shown below provides high-level interactions between SANsymphony server groups and the DataCore Plug-in.

  • All communications between SANsymphony server groups and the DataCore Plug-in are proxied through vCenter for security. New firewall settings are not required if the vCenter and SANsymphony server are network reachable.
  • All the operations initiated from the DataCore Plug-in are executed by the SANsymphony server group and the vCenter/ESXi hosts connected to the server group.
  • When DataCore Plug-in is connected to multiple SANsymphony server groups, all plug-in communications are proxied through the trusted connection between vCenter and the SANsymphony server where DataCore Plug-in was registered.
  • DataCore Plug-in is always installed with the DataCore REST service. The REST service is installed on the SANsymphony server by default however, the service may be installed by itself on other hosts. DataCore Plug-in supports that configuration as well.
  • If installing the SANsymphony REST support on a standalone server, the administrators must modify the Web.config file first and specify the corresponding SANsymphony server name or network address of the primary SANsymphony server for the property <add key="DestinationServer" value=""/>. The Web.config file may be found in the following REST installation folder: C:\Program Files\DataCore\Rest. After modifying the value, restart the Internet Information Services (IIS) server application.

DataCore Plug-in Registration Network Communication

  • DataCore Plug-in sends registration information from the SANsymphony server to vCenter over HTTPS.
  • vCenter keeps a record of the DataCore Plug-in and SANsymphony server identification details (FQDN, Certificates), and treats the session as a registered plug-in session. vCenter uses these details to authorize all future network communication from DataCore Plug-in.
  • The DataCore REST Support installation automatically creates and registers a self-signed certificate that is used to secure HTTPS communications. It is possible to modify the bindings for the “Default Web Site” on port 443 to use a different certificate (a certificate provided by a trusted Certificate Authority). Before modifying this property, unregister DataCore Plug-in from the vCenter, and re-register after modifying the port binding.

DataCore Plug-in Action and Operations Network Communication

  • Actions and operations triggered from the DataCore Plug-in UI (in vCenter web client) cause network command to be sent to SANsymphony and vCenter over HTTPS. Responses are also returned from the SANsymphony server back to the DataCore Plug-in UI and vCenter over HTTPS.
  • Any operations required on ESXi hosts are communicated by the SANsymphony server to vCenter over HTTPS.
  • If DataCore Plug-in actions are targeted to resources on a different SANsymphony server group, then those operations are relayed to the destination server group by the SANsymphony server on which the DataCore Plug-in was registered.