What's new Cloud Manager Nov 28:
Ports 8023 and 49000 are no longer open on Cloud Volumes ONTAP systems in
Azure for both single node systems and HA pairs.
Looks like it's fixed now...
On Tue, Nov 30, 2021, 16:39 Scott Eno via Toasters <toasters@teaparty.net>
wrote:
>
>
>
> ---------- Forwarded message ----------
> From: Scott Eno <cse@hey.com>
> To: Toasters <toasters@teaparty.net>
> Cc:
> Bcc:
> Date: Tue, 30 Nov 2021 10:35:37 -0500
> Subject: wide open telnet on azure cluster interconnects
> Hi,
>
> After running port scans we found that our Azure Cloud Volume ONTAP HA
> pairs are accessible via passwordless telnet over the cluster interfaces
> which normally would be on a private network connected to a cluster switch,
> or node-to-node in switchless config.
>
> These CVO HA pairs were built with Cloud Manager and it **should** have
> set up those interfaces to a private network instead of using the subnet
> provided to it for all the other accessible interfaces.
>
> No question here, just for everyone's info and discussion.
>
> If one telnet's to the IP of a cluster interconnect, port 8023, it drops
> you into the nodeshell with no authentication. I can't find an option to
> disable telnet and not sure if I should. Would anything break? I don't
> know. I figure the quickest solution is to set a deny for port 8023 on the
> NSG for the resource group, or worst case, try to figure out how to re-ip
> the cluster interconnects to a 169.. private network.
>
>
>
> ---------- Forwarded message ----------
> From: Scott Eno via Toasters <toasters@teaparty.net>
> To: Toasters <toasters@teaparty.net>
> Cc:
> Bcc:
> Date: Tue, 30 Nov 2021 15:35:42 GMT
> Subject:
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> https://www.teaparty.net/mailman/listinfo/toasters
message-rfc822.eml (5.50 KB)