Planning Your Installation
A CTERA Portal installation comprises a cluster of one or more servers. Each server can host any combination of the following services:
Main database. Only one server can host the main database. The server that hosts the main database is called the master server.Catalog node. A database service that stores file metadata. It can be hosted together with the main database or on a separate server.Application service. This service accepts connections and handles requests from Web and CTTP clients.Database replication server. A passive database service set to replicate an active database server (main database or a catalog node). During server installation, you can turn on the replication service and select the database server from which to replicate.Document preview server. This service is in charge of processing document preview requests. It is mandatory to launch a dedicated document preview server. The document preview service supports high availability. You can install one or more servers, in order to ensure uninterrupted document preview generation and redundancy in the event of a server failure.By default, the first installed server is a master server, hosting the main database, application server, and catalog node. In the simplest topology, there are two servers: one server that includes a main database, catalog node, and application service, and a second server that provides document preview services. Optionally, you can install any number of additional servers, for Scalability and Load Balancing and for Data Replication and Failover.
Scalability and Load Balancing
CTERA Portal is horizontally scalable. Additional servers can be added:
As catalog node servers, to increase metadata storage handling capacity and performance.As application servers, to increase client handling capacity. Any servers that are enabled as application servers automatically balance the connected clients between them, allowing for maximized capacity and availability.As document preview servers.Data Replication and Failover
The main database and catalog node services are stateful and any servers hosting these services contain critical data. You must replicate all such servers to maintain the availability of critical data. The application service is stateless, and therefore, any dedicated application servers do not require replication or backup. Failover between application servers is automatic.
For details about replicating the database, see Backing Up the Database.
CTERA Portal includes a built-in replication function for achieving higher level of availability. For more information, refer to the document Configuring Database Backup and Replication.
Replication can be achieved using other platform dependent replication methods (such as SAN or VMWare-level replication).
Security
All internal communications between CTERA Portal servers is authenticated to prevent unauthorized access. Nevertheless, to follow the defense in-depth security philosophy, the master and catalog node servers, which store sensitive data, should be placed in their own firewalled, isolated network, and only the application server should be allowed to face the internet.
Requirements
Requirements for the AWS platform:
In order to install the main CTERA Portal with CloudFormation, you need the following:
Main server CloudFormation template.AWS Keypair.Latest AMI. To obtain the latest AMI, prepare your Amazon account number, by doing the following:a Log in to your Amazon Web Services account.
b In the upper-right corner of the screen, click the down arrow next to your account name and then click My Account.
The Account > Manage Your Account screen opens, displaying your account ID.
c Copy down your account number.
d Contact CTERA Networks, and request the latest Amazon Machine Image (AMI).
i Provide CTERA Networks with your Amazon account number.
ii Provide CTERA with the AWS region where you are planning to install the CTERA Portal instance.
CTERA Networks will then share their latest AMI with your account.
e Download the official CTERA template zip and save it locally to your computer.
The template is located at https://kb.ctera.com/article/aws-cloudformation-main-server-template-version-5-5-341.html
Note: CTERA recommends that you do not change the template or use an unofficial template.
f Unzip the JSON template.
A supported region. Installation using CloudFormation is supported only in the following regions:Oregon, United StatesNorth Virginia, United StatesDublin, IrelandFrankfurt, GermanyTokyo, JapanFor installation in all other regions make sure you have the following requirements:m5.xlarge and at least 100GB EBS storage volume.For the main database server and catalog nodes serving a large number of clients, a provisioned IOPS volume with minimum 1000 IOPS. CTERA recommends at least 2000 IOPS for a production environment.The allocated EBS size should be 2 percent of the total amount of storage (raw) that you will be storing on Amazon S3.The EBS volume attached to the CTERA instances running the CTERA database (applicable for the main database or catalog node) must yield a minimum of 700 TPS (transactions per second). In order test the TPS on your installation, contact CTERA support at http://support.ctera.com.Requirements for the Azure platform:
The CTERA Azure portal image, obtainable from CTERA support at http://support.ctera.com.Requirements for the Google Cloud platform:
The CTERA Google Cloud portal image, obtainable from CTERA support at http://support.ctera.com.Requirements for the Hyper-V platform:
The CTERA Hyper-V portal image, obtainable from CTERA support at http://support.ctera.com.Hyper-V for Windows Server 2012 R2.Requirements for the IBM Cloud (SoftLayer) platform:
The CTERA IBM Cloud (SoftLayer) portal image, obtainable from CTERA support at http://support.ctera.com.Requirements for the OpenStack platform:
The CTERA KVM portal image, obtainable from CTERA support at http://support.ctera.com. Note: Make sure that memory overcommitting is disabled.
Requirements for the VMWare ESXi platform:
The CTERA ESXi portal image, obtainable from CTERA support at http://support.ctera.com.VMware ESXi 5.5 or later. CTERA Portal has been certified for versions up to ESXi 6.7U1.The portal can be managed in VMware vCenter and in VMware vCloud Director.General Requirements
All resources allocated to a server should be dedicated to that server and not shared with other servers.
In a production environment, with a multi-node deployment, the application and database servers each require a 64-bit virtual machine with minimum 16GB RAM, 4 CPU cores and 110GB local hard disk drive. In a small or test environment, with a single server deployment, the requirement is a 64-bit virtual machine with minimum 8GB RAM, 2 CPU cores and 110GB local hard disk drive.The size of the database should be around 2% of the target data. CTERA Recommends seeking guidance from CTERA support for a more accurate estimation of the required database size.Access from the virtual machine to a Storage Area Network (SAN) or directly attached hard drives.The virtual disk attached to the CTERA VMs running the CTERA database, applicable for main database or catalog node, must yield a minimum of 700 TPS (transactions per second). To test the TPS on your installation, contact CTERA support at http://support.ctera.com.Preview servers require at least 16GB of RAM, 4 CPU cores, and 60GB of storage. CTERA recommends using SSD storage.Note: You must not run non-CTERA application on any of the portal servers.
Prepare the following:
A public DNS name for the CTERA Portal installation.An SMTP mail server for sending notificationsRequirements for administrator device
Web browserSSH and SCP clients. For example, the freeware PuTTY.Port Considerations
To allow access to and from the Internet on the firewall on each machine that will operate as an application server or database server, ensure the following network ports are open:
Port | Protocol | Direction | Notes |
|---|---|---|---|
22 | TCP | Inbound and Outbound | SSH. CTERA recommends limiting SSH access to specific IP addresses that may require access to the CTERA application servers, for example to perform scheduled maintenance and support related work. |
53 | UDP | Inbound and Outbound | DNS |
80 | TCP | Inbound and Outbound | HTTP |
123 | UDP | Outbound | NTP |
443 | TCP | Inbound and Outbound | HTTPS |
995 | TCP | Inbound | CTTP. Communications with CTERA appliances and agents. |
xx1 | TCP | Outbound | SMTP |
1 Use the port number that is used at your site for SMTP. The default port for SMTP is 25.
The following ports must be opened towards storage nodes:
Port | Protocol | Direction | Notes |
|---|---|---|---|
80 | TCP | Outbound | CTERA CloudFS |
80 or 443 (for HTTPS) | TCP | Outbound | Object Storage |
111, 2049 | TCP | Outbound | NFS |
1191 | TCP | Outbound | GPFS. Required for accessing GPFS nodes. |
If you are running a separated environment that consists of multiple CTERA servers residing on separate firewalled network segments, open the following additional ports between the CTERA servers. These ports do not need to be accessible from the Internet:
Port | Protocol | Direction | Notes |
|---|---|---|---|
22 | TCP | Inbound and Outbound | SSH management between the servers. |
443 | TCP | Inbound and Outbound | Updates between the servers. |
5432 | TCP | Inbound | PostgreSQL. Applicable for master server, catalog nodes and database replication servers only. |
18682 | TCP | Inbound and Outbound | Applicable for document preview servers only. |
If CTERA Portal will be connected to Active Directory, open the following ports towards the Active Directory servers.
Port | Protocol | Direction | Notes |
|---|---|---|---|
53 | UDP | Outbound | — |
88 | UDP | Outbound | Only if Kerberos is used |
389, 3268,53 | TCP | Outbound | Non-kerberos/ssl |
389, 53, 88 | TCP | Outbound | Only if Kerberos is used |
636, 3269 | TCP | Outbound | If SSL is used |
CTERA Portal requires the following port open for RSync for database replication:
Port | Protocol | Direction | Notes |
|---|---|---|---|
873 | TCP | Inbound | — |
CTERA Portal requires the following port open for antivirus scanning:
Port | Protocol | Direction | Notes |
|---|---|---|---|
1344 | TCP | Outbound | — |
Warning: CTERA Portal operates behind a firewall, and it is important to leave all other ports closed.