Best Practices DCE private and public network

DCIM_Support · ‎2020-07-04

I have DCE and DCO products on VM platform. Is there a document that describes the best practices for network implementation, or is it a per location type of question?

I want to have my datacenter end devices ( CDU's, thermal modules ) isolated from the rest of the network on an isolated building automation network, but accessible by DCE. I want DCE to be able to accessible by my DCE client from a user network. DCE and DCO need to talk to each other from the user network.

To do this, I assume that I'll need two network interfaces on DCE. Does the Private network talk to the end devices, or to the user network? Does the DCE server perform discovery on the Private or the User network?

Thank you for any helpful direction.

DCIM_Support · ‎2020-07-04

Hi Brady,

When you set up a DCE server with a Private LAN, that LAN should indeed be isolated from the "Public LAN" There should be no routing between the 2 other than DCE itself. The devices then could reside on either the Public or Private LAN. Usually when you have a VM and have specifically created that Private LAN (as opposed to hardware where it already exists) your plan is to put the devices on that LAN. Keep in mind however that other systems not on that LAN will have no access to the devices other than users through DCE. Again, devices can be on either Public, Private, or both LANs, that's all dependent on how you want your network configured.

Users can connect to DCE from either the Public or Private LANs but it is usually the case where they are on the Public LAN along with DNS servers, SMTP servers, etc. DCO would likely be on the Public LAN as well but just consider that the users must be able to access it. If the users are public, so should DCO be public.

DCO doesn't communicate to SNMP or Modbus devices directly, it gets it's device info from DCE or other systems. If for instance you were getting server info with IT Optimize and users are on the DCE Public LAN, you'd need DCO on the Public LAN, ITO on the public LAN, and the servers ITO is communicating with on that same Public LAN.

Thanks,

Steve

See Answer In Context

DCIM_Support · ‎2020-07-04

Hi Brady,

When you set up a DCE server with a Private LAN, that LAN should indeed be isolated from the "Public LAN" There should be no routing between the 2 other than DCE itself. The devices then could reside on either the Public or Private LAN. Usually when you have a VM and have specifically created that Private LAN (as opposed to hardware where it already exists) your plan is to put the devices on that LAN. Keep in mind however that other systems not on that LAN will have no access to the devices other than users through DCE. Again, devices can be on either Public, Private, or both LANs, that's all dependent on how you want your network configured.

Users can connect to DCE from either the Public or Private LANs but it is usually the case where they are on the Public LAN along with DNS servers, SMTP servers, etc. DCO would likely be on the Public LAN as well but just consider that the users must be able to access it. If the users are public, so should DCO be public.

DCO doesn't communicate to SNMP or Modbus devices directly, it gets it's device info from DCE or other systems. If for instance you were getting server info with IT Optimize and users are on the DCE Public LAN, you'd need DCO on the Public LAN, ITO on the public LAN, and the servers ITO is communicating with on that same Public LAN.

Thanks,

Steve

DCIM_Support · ‎2020-07-04

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.