2.3. Additional Requirements
The following additional requirements must be met before the Satellite Proxy installation can be considered complete:
- Full Access
- Client systems need full network access to the Satellite Proxy services and ports.
- Firewall Rules
- Red Hat strongly recommends setting up a firewall between the Satellite Proxy and the Internet. However, depending on your Satellite Proxy implementation, you need to open several TCP ports in this firewall:
Table 2.1. Ports to Open on the Satellite Proxy Port Direction Reason 80 Outbound The Satellite Proxy uses this port to reach your Satellite URL. 80 Inbound Client requests arrive using either HTTP or HTTPS. 443 Inbound Client requests arrive using either HTTP or HTTPS. 443 Outbound The Satellite Proxy uses this port to reach the Satellite URL. 5222 Inbound Allows osadclient connections to thejabberddaemon on the Satellite Proxy when using Red Hat Network Push technology.5269 Inbound and Outbound If the Satellite Proxy is connected a Satellite Server, this port must be open to allow server-to-server connections using jabberdfor Red Hat Network Push Technology. - Synchronized System Times
- Time sensitivity is a significant factor when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative the time settings on the clients and server are close together so that the SSL certificate does not expire before or during use. It is recommended that Network Time Protocol (NTP) be used to synchronize the clocks.
- Fully Qualified Domain Name (FQDN)
- The system upon which the Satellite Proxy is installed must resolve its own FQDN properly.
- Distribution Locations
- Because the Satellite Proxy forwards virtually all local HTTP requests to Red Hat Satellite, take care in putting files destined for distribution (such as in a kickstart installation tree) in the non-forwarding location on the Satellite Proxy:
/var/www/html/pub/. Files placed in this directory can be downloaded directly from the Satellite Proxy. This can be especially useful for distributing GPG keys or establishing installation trees for kickstart files. - Bandwidth
- Network bandwith is important for communication among Satellites, Proxies, and Clients. To accomodate high volume traffic, Red Hat recommends a high bandwidth on a network capable of delivering packages to many systems and clients. As a guide, Red Hat provides a set of estimates for package transfer from one system to another over various speeds.
Table 2.2. Bandwidth estimates Single Package (10Mb)Minor Release (750Mb)Major Release (6Gb)256Kbps5 Mins 27 Secs6 Hrs 49 Mins 36 Secs2 Days 7 Hrs 55 Mins512Kbps2 Mins 43.84 Secs3 Hrs 24 Mins 48 Secs1 Day 3 Hrs 57 MinsT1 (1.5Mbps)54.33 Secs1 Hr 7 Mins 54.78 Secs9 Hrs 16 Mins 20.57 Secs10Mbps8.39 Secs10 Mins 29.15 Secs1 Hr 25 Mins 53.96 Secs100Mbps0.84 Secs1 Min 2.91 Secs8 Mins 35.4 Secs1000Mbps0.08 Secs6.29 Secs51.54 SecsRed Hat recommends at least a 100Mbps network speed for minor and major releases. This avoids timeouts for transfers longer than 10 minutes. All speeds are relative to your network setup.
Red Hat recommends that the system running the code should not be publicly available. Only system administrators should have shell access to these machines. All unnecessary services should be disabled. Use
ntsysv or chkconfig to disable services.
