Skip to main content
Pure Technical Services

Cloud Block Store on AWS PhoneHome Requirements

Currently viewing public documentation. Please login to access the full scope of documentation.

 

  • A PureManagement security group will need to be created in advance of stack creation in deployment VPC.
  • This security group which contains inbound and outbound rules will be attached to the managment ENI (elastic network interface) and will allow for Pure1 PhoneHome and RemoteAssist connectivity to and from the Cloud Block Store instance.

ManagementSecurityGroup Requirements:

Security Group to apply to management interfaces. Must allow inbound TCP traffic on ports 22, 80, 8084, and inbound/outbound on port 443.
  • Management Security Group (Applies to Eth3 / VIR3):

 

Port

Inbound

22, 80, 443, 8084

Outbound

443

Allow inbound ports 80, 22, 443

  • In general, we recommend to launch the Purity instance in private subnet with a route to NAT gateway configured in adjoining public subnet. This will provide a route out to the internet via an Internet Gateway in the public subnet.
  • If you are using Network ACLs, you will have to create rules allowing access to the Pure1 Phonehome CIDR block shown below. The rules should be the same as what the PureManagementSecurityGroup in the PAWS Service Catalog template allows.

General Pure1 Cloud Network Requirements:

Transport protocol (non-RA): HTTPS with 2-way mutual TLS authentication
Application protocol (non-RA): REST
RA protocol : SSH over HTTPS with 2-way mutual TLS authentication
Client authentication : Unique certificate
Server authentication : Server certificate verified on the array
Endpoint : *.cloud-support.purestorage.com
IPs : 52.40.255.224/27
Port(s) : 443

See: FlashArray Port Assingments for more information.

6. Phonehome connectivity will be enabled by default. You will need to contact Pure Storage Support to activate the instance over remote assist prior to using.