Follow

DNS Requirements for Security with Eyeglass UI  

Eyeglass uses self-signed certs to login to a webUI.  Isilon also uses self-signed certs.  The cert includes an FQDN hostname in the cert. This affects login to eyeglass AND when adding clusters to Eyeglass even though an IP address is entered.

 

Best Practice:  Ensure forward and reverse lookup addresses exist for Eyeglass and Isilon clusters managed by Eyeglass.

  1. When a cluster as is added to Eyeglass the following happens.

  2. IP address is written to a file and Eyeglass connects to REST API on port 8080 over https.  It does NOT use the FQDN or hostname in the self-signed cert returned by the cluster

  3. Java TLS https functions validate the hostname in the cert using a DNS forward and reverse lookup of the clusters hostname entry found in the cert.  This is normal TLS security function.

  4. It’s important to ensure DNS is accurately set up with forward and reverse lookup values for TLS to correctly validate the host record in the CERT.  Incorrect DNS forward or reverse lookup can cause Eyeglass to be passed IP address that was not expected during inventory functions.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk