StarWind Software

Hi there,
it may be that I've found a bug in the latest V8.
If i create a HA Device manually:
1. Create Storage on clusternode1:
"add device (advanced)"-> "Hard Disk Device" -> "Virtual Disk" -> "My Computer\D\iSCSI_Backstores\Storage1.swdsk", 1GB, 512 b sector size -> "thick provisioned"-> "write-back 128MB" -> l2 Cache: N/A
2. after creation, goto replication manager:
"add replica-> synchronous-> "some-ip" -> select desired networks for sync / hb, everything creates but if i press "finish" they cannot synchronize.

After some tests i found out that the access rule for this ha device gets created on node1 but not on node2.
After I've added the rule manually on node2 the ha device was created successfully.
(instead of "partner node not ready" error msg)
This error doesn't appear if i use the "create clustered storage" wizzard, the access rule is created on both nodes.

Kind regards!

EDIT:
I forgot to mention that the "DefaultAccessPolicy" is set to DENY!
And, in addition, i found out that if i create the rule manually before I setup the replication an additional access rule for the cluster communication gets added.
So it seems like the "$create_access_rule" function uses the wrong network connection.

DefaultAccessPolicy parameter should be set to "Allow" for all targets and connections. When this parameter is correctly set, I could not reproduce the problem. Was their any action on your end that could change default access policy? Look forward to hearing from you

Hi there!
Thanks for your reply!
I manually changed the access policy to deny everything.
Thats how i configure firewalls... and how I thought to configure Starwind.
Block everything, allow only initiators / IPs that are needed on interfaces that are needed to targets that are needed.

Lets ask the other way around, if the default policy should be set to allow everything... Why does a additional rule gets added automatically to allow cluster communication? Seems redundant.

Hey qwertz - Like you, I have changed my rules to deny everything as I don't want initiators connecting to LUNs that don't belong to them. BUT, I've also added "Replication" rules between my StarWind hosts that will allow for the "any device on replication IP(1&2)"<->"any device on replication IP(1&2)" type scenarios to solve your issue. This works for me as all my devices are replicated...

Terry

Hi there!
Thanks for your reply.
I've also added the rule for the synchronization manually, initial synch works without problems with those rules.
I just wanted to report that the second rule isn't generated automatically on the second node. (on the first node the rule gets created automatically)
Kind regards!

Thanks for notifying us about this, I’ll pass this to our QA and we’ll schedule the improvement in the nearest builds.