Enabling Cloud-Based Monitoring and VPN Remote Support for Qumulo Core

This section explains how to enable Cloud-Based Monitoring and VPN Remote Support for your Qumulo cluster.

Important
To let the Qumulo Care team provide fast support when you need it most, we strongly recommend enabling both Cloud-Based Monitoring and VPN Remote Support.

How Cloud-Based Monitoring Works

Cloud-Based Monitoring (which includes Nexus Monitoring functionality) sends telemetry data to Qumulo to allow the Qumulo Care team to monitor your Qumulo cluster proactively.

Important
Cloud-Based Monitoring and Nexus Monitoring don’t collect file names, path names, client IP addresses, or account credentials.

We use a proprietary application that aggregates diagnostic cluster data and alerts the Qumulo Care team if an issue arises. Depending on the issue severity and cluster state, a member of the Qumulo Care team reaches out. For more information, see:

How VPN Remote Support Works

VPN Remote Support lets the Qumulo Care team access your Qumulo cluster solely to assist you with a software update or perform diagnostics or troubleshooting on your cluster from the command line.

When you install VPN keys in the /etc/openvpn directory, an authorized member of the Qumulo Care team uses SSH to connect to the ep1.qumulo.com server and then uses SSH through a secure VPN connection to connect to your cluster (normally, this VPN connection is closed).

By default, the VPN tunnel remains open for four hours to allow members of the Qumulo Care team to run remote debugging commands on your cluster. You can configure the connection period and enable or disable VPN Remote Support at any time.

Note

Currently, Qumulo Core doesn't support VPN connections with IPv6.
The VPN tunnel isn't required to upload logs to monitor.qumulo.com or to a secure Amazon S3 bucket or to send diagnostic data to a private Amazon EC2 instance for analysis.

What Data Gets Sent to Qumulo

Cloud-Based Monitoring and VPN Remote Support let your cluster send the following detailed diagnostic data to Qumulo through an encrypted connection.

Cluster name
Number of nodes in cluster
Hardware and software incidents
- Drives
  - CRC errors
  - S.M.A.R.T. status alerts
  - Capacity triggers
- Nodes
  - PSU failure
  - Fan failure
  - Recused node
  - Offline node
  - Unreachable cluster
- Qumulo Core
  - New process core dump
Configuration data (such as users, groups, SMB shares, and NFS exports)
Logs, stack traces, and code dumps

Prerequisites

Before you can use Cloud-Based Monitoring and VPN Remote Support:

A member of the Qumulo Care Team must install VPN keys on your Qumulo cluster

You must enable the following destination hostnames for TCP on port 443

Hostname	Description
`api.missionq.qumulo.com`	Cloud-Based Monitoring connectivity
`monitor.qumulo.com`	Cloud-Based Monitoring log uploads
`api.nexus.qumulo.com`	Nexus Monitoring connectivity
`ep1.qumulo.com`	VPN Remote Support Important If your organization has an intrusion detection device or a firewall that performs SSL or HTTPS deep-packet inspection, you must add an exception to the IP address that resolves to `ep1.qumulo.com`. To identify this IP address, log in to a node in your Qumulo cluster and run the `nslookup ep1.qumulo.com` command.
`missionq-dumps.s3.amazonaws.com`	Proxy Forwarding networking configuration