Customer is asking is it possible to run Ambari Server on the VLAN different then the cluster wide interconnect VLAN?
If yes which ports should I to open between those two to successfully install and manage whole cluster.
Is that enough to open ports 80, 8440, 8041 and 8670?
Pros and cons more then welcome.
Hi! Those are the Ambari ports. Depending on what else is running on the Ambari server you may need to open more ports. The complete list is at http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.5.0/bk_reference/content/reference_chap2.html
Let's step back and ask what does the customer want to accomplish by doing this? Are they looking to isolate Ambari from something or someone? Quite often I use the Ambari server as my debug platform so I install all the clients on that server. That would require a lot of ports be opened up to make all the clients work. In general the Ambari admin server is considered part of the cluster and it should be on the same vlan as the rest of the cluster. I also put things like the metrics collector, smartsense, etc. on the Ambari server and these services touch all the servers.
If they have Ambari Views users that need isolating they are better off creating a Views only server and isolating that from the cluster. I assume they will be using security so this method fits well with the HDP security model.
Let me know if you have more questions.
Hello Ron. Customer have a subnet for admins where administrative tools are hosted. Therefore first assumption was to locate Ambari Server there. At the moment we are trying to convince customer to shift Ambari Server to the cluster interconnect network and host it on one of the admin nodes. Hope we'll be successful with that as I totally share your view.
Many thanks for helping us here, Marek.