Security Requirements

10/29/2020 Contributors Download PDF of this page

The security requirements include:

Provide an allow list for firewalls.
The access control list (ACL) for API’s RBAC and Active IQ Unified Manager.

Source	Destination URL/IP Addresses	Connectivity	Protocol	Port	Description
Kubernetes nodes	github.com	Outbound	HTTP, HTTPS	80,443	NetApp Service Engine platform configuration management
Kubernetes nodes	rest.zuora.com	Outbound	HTTP, HTTPS	80,443	NetApp cloud billing
Kubernetes nodes	auth.docker.io	Outbound	HTTP, HTTPS	80,443	Docker registry auth
Kubernetes nodes	registry-1.docker.io	Outbound	HTTP, HTTPS	80,443	Docker Hub images; general Docker images including NetApp Service Engine pods
Kubernetes nodes	production.cloudflare.docker.com	Outbound	HTTP, HTTPS	80,443	Docker Hub images; general Docker images including NetApp Service Engine pods
Kubernetes nodes	quay.io	Outbound	HTTP, HTTPS	80,443	Quay images - Prometheus Pods
Kubernetes nodes	cdn.quay.io	Outbound	HTTP, HTTPS	80,443	Quay images - Prometheus Pods
Kubernetes nodes	k8s.gcr.io	Outbound	HTTP, HTTPS	80,443	Google images - Kubernetes Cluster Pods
Kubernetes nodes	storage.googleapis.com	Outbound	HTTP, HTTPS	80,443	Google images - Kubernetes Cluster Pods
Kubernetes nodes	kubernetes-charts.storage.googleapis.com	Outbound	HTTP, HTTPS	80,443	Helm repository
All CentOS VMs	rackspace.com	Outbound	HTTP, HTTPS	80,443	CentOS yum package mirror
OpsRamp Gateway	netapp.api.opsramp.com	Outbound	HTTPS	443	Cloud monitoring and NetApp Support tunnel connectivity
OpsRamp Gateway	140.239.76.0/24 206.80.7.128/26 63.251.89.0/24 199.250.248.0/24 74.217.75.0/24	Outbound	HTTPS	443	Cloud monitoring and NetApp Support tunnel connectivity

Source

Destination URL/IP Addresses

Connectivity

Protocol

Port

Description

Kubernetes nodes

github.com

Outbound

HTTP, HTTPS

80,443

NetApp Service Engine platform configuration management

Kubernetes nodes

rest.zuora.com

Outbound

HTTP, HTTPS

80,443

NetApp cloud billing

Kubernetes nodes

auth.docker.io

Outbound

HTTP, HTTPS

80,443

Docker registry auth

Kubernetes nodes

registry-1.docker.io

Outbound

HTTP, HTTPS

80,443

Docker Hub images; general Docker images including NetApp Service Engine pods

Kubernetes nodes

production.cloudflare.docker.com

Outbound

HTTP, HTTPS

80,443

Docker Hub images; general Docker images including NetApp Service Engine pods

Kubernetes nodes

quay.io

Outbound

HTTP, HTTPS

80,443

Quay images - Prometheus Pods

Kubernetes nodes

cdn.quay.io

Outbound

HTTP, HTTPS

80,443

Quay images - Prometheus Pods

Kubernetes nodes

k8s.gcr.io

Outbound

HTTP, HTTPS

80,443

Google images - Kubernetes Cluster Pods

Kubernetes nodes

storage.googleapis.com

Outbound

HTTP, HTTPS

80,443

Google images - Kubernetes Cluster Pods

Kubernetes nodes

kubernetes-charts.storage.googleapis.com

Outbound

HTTP, HTTPS

80,443

Helm repository

All CentOS VMs

rackspace.com

Outbound

HTTP, HTTPS

80,443

CentOS yum package mirror

OpsRamp Gateway

netapp.api.opsramp.com

Outbound

HTTPS

443

Cloud monitoring and NetApp Support tunnel connectivity

OpsRamp Gateway

140.239.76.0/24
206.80.7.128/26
63.251.89.0/24
199.250.248.0/24
74.217.75.0/24

Outbound

HTTPS

443

Cloud monitoring and NetApp Support tunnel connectivity