1 Reply Latest reply on Aug 10, 2018 9:59 AM by cahunt

    Unrouted subnet between Orion and SQL?

    sennecgn

      Hello

       

      I have a question concerning the L1/L2 connectivity of the solarwinds servers.

       

      We are planning on installing a multi-region (think AMER - EMEA - APAC) solarwinds NPM environment with our main Orion server and SQL db in our HQ.

      We have a separate server for SQL with 4 ethernet ports and another server for Orion also with 4 ports.

       

      We would like to separate the SQL server from the rest of the network with the following setup.

      Put the Orion-server in eg subnet 10.1.1.0/24 (VLAN101) and connect 2 of its interfaces to the server-switch.

      This subnet gets routed.

      Connect the other 2 Orion-server interfaces to the server-switch as well and create a separate VLAN 201 (10.2.2.0/24).

      Connect 2 interfaces of the SQL-server on the server-switch and also put them on VLAN 201.

      VLAN 201 doesn't get routed. This is a VLAN only intended to isolate the traffic between Orion and SQL db.

      This way we separate the SQL server from the rest of the network.

       

      However, what I can't find in any documentation is if this setup will work.

      Do the additional polling engines need a direct connection to the SQL server!? Or will they send their traffic over the main Orion server, which then forwards it to the SQL server?

      If they need a direct connection to the SQL server also, then we probably need to put the SQL server in the same VLAN 101 or start routing the VLAN 201?

       

      Any feedback or other setup designs are appreciated.

       

      Best regards

      Senne

        • Re: Unrouted subnet between Orion and SQL?
          cahunt

          If you NICs on the Server are setup to route the traffic properly you can create a setup like this. Specifically this setup was used to monitor two different networks with a single Orion instance in my case; where each NIC connected to the two different networks and traffic was routed accordingly between the two Server NICs.

          This should be doable to isolate your server - sql connection, but your NICs on the box need to be setup so that device & user subnets comes in/out over vlan 101 mapped interface and the DB connection flows over the vlan 201 mapped interface.

           

          The APE would need to be configured the same way somewhat. Where vlan 201 is needed for your DB and Primary Server connections; but the other NIC can be on whatever vlan is used for user/web and device traffic.

           

          If proper traffic direction is in place then you should be able to make this work. I would want to set this up with a new deployment - or migration. But it does seem possible to also change an existing setup to work this way.

           

          -CharlesH

          Loop1 Systems: SolarWinds Training and Professional Services