Operator Requirements for air-gapped environments¶
In addition to the flows described in Network Flows and Firewall Requirements there are certain actions that are typically one-off operations that are typically performed by an operator (admin) from his laptop or some jump server:
Install OS templates
Install extensions
Download firmware upgrades and create baselines
Flows¶
Flow |
Description |
Ports |
Direction |
Required for Fabric Manager |
Required for Compute & Storage Manager |
|---|---|---|---|---|---|
Get Switch Operating System templates |
Download the operating system templates (ztp base configurations) from github. |
TCP 443 (HTTPS) |
Outbound to github.com |
Required |
Not required |
Get Server Operating System templates |
Download the operating system templates (the files that are injected into the ISO) from github |
TCP 443 (HTTPS) |
Outbound to github.com |
Not required |
Required |
Install extensions |
Install various extensions (such s for infoblox or to install VMWare VCF) |
TCP 443 (HTTPS) |
Outbound to github.com |
Recommended |
Recommended |
Download Firmware binaries |
Download various firmware binaries |
TCP 443 (HTTPS) |
Outbound to the vendor’s website (downloads.dell.com, downloads.hpe.com) |
Not required |
Recommended |
Download Firmware binaries |
Download various firmware binaries |
TCP 443 (HTTPS) |
Outbound to the vendor’s website (downloads.dell.com, downloads.hpe.com) |
Not required |
Recommended |
Upload assets to the repository |
Upload the various firmware binaries to the repository |
TCP 443 (HTTPS) |
Outbound to the enterprise repository |
Required |
Required |