Operator Requirements for air-gapped environments
In addition to the flows described in Network Flows and Firewall Requirements there are certain actions that are typically one-off operations that are typically performed by an operator (admin) from his laptop or some jump server:
- Install OS templates
- Install extensions
- Download firmware upgrades and create baselines
:::{list-table} :align: left :class: .table-small :header-rows: 1 * - Flow - Description - Ports - Direction - Required for Fabric Manager - Required for Compute & Storage Manager
-
- Get Switch Operating System templates
- Download the operating system templates (ztp base configurations) from github.
- TCP 443 (HTTPS)
- Outbound to github.com
- [Required]{.bg-required}
- [Not required]{.tx-smaller}
-
- Get Server Operating System templates
- Download the operating system templates (the files that are injected into the ISO) from github
- TCP 443 (HTTPS)
- Outbound to github.com
- [Not required]{.tx-smaller}
- [Required]{.bg-required}
-
- Install extensions
- Install various extensions (such s for infoblox or to install VMWare VCF)
- TCP 443 (HTTPS)
- Outbound to github.com
- [Recommended]{.bg-recommended}
- [Recommended]{.bg-recommended}
-
- Download Firmware binaries
- Download various firmware binaries
- TCP 443 (HTTPS)
- Outbound to the vendor’s website (downloads.dell.com, downloads.hpe.com)
- [Not required]{.tx-smaller}
- [Recommended]{.bg-recommended}
-
- Download Firmware binaries
- Download various firmware binaries
- TCP 443 (HTTPS)
- Outbound to the vendor’s website (downloads.dell.com, downloads.hpe.com)
- [Not required]{.tx-smaller}
- [Recommended]{.bg-recommended}
-
- Upload assets to the repository
- Upload the various firmware binaries to the repository
- TCP 443 (HTTPS)
- Outbound to the enterprise repository
- [Required]{.bg-required}
- [Required]{.bg-required} :::