Cisco Cisco Email Security Appliance C650 Guía Del Usuario
Chapter 8 Centralized Management
8-28
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Cluster Communication Security
Cluster Communication Security (CCS) is a secure shell service similar to a
regular SSH service. IronPort implemented CCS in response to concerns
regarding using regular SSH for cluster communication. SSH communication
between two machines opens regular logins (admin, etc.) on the same port. Many
administrators prefer not to open regular logins on their clustered machines.
regular SSH service. IronPort implemented CCS in response to concerns
regarding using regular SSH for cluster communication. SSH communication
between two machines opens regular logins (admin, etc.) on the same port. Many
administrators prefer not to open regular logins on their clustered machines.
Tip: never enable Cluster Communication Services, even though it is the default,
unless you have firewalls blocking port 22 between some of your clustered
machines. Clustering uses a full mesh of SSH tunnels (on port 22) between all
machines. If you have already answered Yes to enabling CCS on any machine,
remove all machines from the cluster and start again. Removing the last machine
in the cluster removes the cluster.
unless you have firewalls blocking port 22 between some of your clustered
machines. Clustering uses a full mesh of SSH tunnels (on port 22) between all
machines. If you have already answered Yes to enabling CCS on any machine,
remove all machines from the cluster and start again. Removing the last machine
in the cluster removes the cluster.
CCS provides an enhancement where the administrator can open up cluster
communication, but not CLI logins. By default, the service is disabled. If the
centralized management feature is enabled on the appliance, then you will be
prompted to enable CCS from the
communication, but not CLI logins. By default, the service is disabled. If the
centralized management feature is enabled on the appliance, then you will be
prompted to enable CCS from the
interfaceconfig
command when you are
prompted to enable other services. For example:
Do you want to enable SSH on this interface? [Y]>
Which port do you want to use for SSH?
[22]>
Do you want to enable Cluster Communication Service on this
interface?
[N]> y
Which port do you want to use for Cluster Communication Service?
[2222]>