Installing VPN Keys on a Qumulo Cluster

This section explains how to install VPN keys obtained from the Qumulo Care Team on your Qumulo cluster, over a network. You can install the VPN keys by using the qq CLI from a machine on the same network as your cluster or from one of your nodes.

Caution
Follow these steps only if a member of the Qumulo Care Team instructs you to do so. Performing these steps incorrectly can cause network performance, connectivity, and data integrity issues. It can also expose your cluster to unauthorized access. For help with this task, contact the Qumulo Care Team.

Prerequisites

Before you begin, make sure that you have done the following.

Obtain a .zip file with VPN keys from Qumulo Care
Add the following domains to your firewall’s allowlist:
- ep1.qumulo.com
- api.missionq.qumulo.com
- monitor.qumulo.com
- api.nexus.qumulo.com
Permit outbound HTTPS traffic on port 443

Note
If your firewall performs stateful packet inspection (also known as SPI or deep-packet inspection), you must allow OpenVPN (SSL VPN) explicitly, rather than only open port 443.

To Install VPN Keys from a Networked Machine

Copy the .zip file from Qumulo Care to a computer on the same network as your cluster, and decompress the file.
Install the qq CLI on the same computer. For more information, see Getting Started with the qq CLI.
To log in to your cluster, use the qq CLI and specify the IP address of a node in the cluster. For example:
```
qq --host 203.0.113.0 login
```
Note
Your user must have PRIVILEGE_SUPPORT_WRITE and PRIVILEGE_SUPPORT_READ.
To install the VPN keys on your cluster, specify your cluster’s IP address and the path to the directory that contains the VPN keys. For example:
```
qq --host 203.0.113.0 install_vpn_keys /my/path
```
To verify that the VPN keys installed correctly, run the get_vpn_keys command. For example:
```
qq --host 203.0.113.0 get_vpn_keys
```
Remove any local copies of the VPN key files.

To Install VPN Keys from a Node

Note
On macOS and Linux, you can use SCP and SSH. On Windows Server 2022, Windows Server 2019, and Windows 10 (build 1809 and higher), we recommend installing OpenSSH.

Copy the .zip file from Qumulo Care to a computer on the same network as your cluster, and decompress the file.
To copy the VPN key files to one of your nodes, use SCP. For example:
```
scp /my-path/* admin@203.0.113.0:~/
```
To log in to the node to which you copied the VPN key files, use SSH. For example:
```
ssh admin@203.0.113.0
```
The qq CLI is available to the admin user. For example:
```
qq version
```
To install the VPN keys on your cluster, specify the path to the directory that contains the VPN keys. For example:
```
sudo qq install_vpn_keys /my/path/
```
To verify that the VPN keys installed correctly, run the get_vpn_keys command. For example:
```
sudo qq get_vpn_keys
```

To Register Cluster with Cloud-Based Monitoring

To retrieve your cluster ID, run the qq node_state_get command.
Send the output of the command to Qumulo Care.
Use the Qumulo Core Web UI to enable Qumulo Care Remote Support.
Notify Qumulo Care when this process is complete.

Qumulo Care verifies your VPN functionality and then adds your cluster to Cloud-Based Monitoring.

Prerequisites

To Install VPN Keys from a Networked Machine

To Install VPN Keys from a Node

To Register Cluster with Cloud-Based Monitoring

Related Topics