Open dkurepa opened 9 months ago
Any update on this? Is the port blocked by some S360 rule that is blocking this? Have we checked with the Redmond folks?
All of my attempts were unsuccessful, I will need to ask for some help once people are back from holidays. One thing to note is that the Helix cluster is still using the Load Balancer to handle the SF Explorer requests, any idea why @riarenas?
One thing to note is that the Helix cluster is still using the Load Balancer to handle the SF Explorer requests, any idea why @riarenas?
Nope.
Are we sure it's a supported scenario to have the cluster explorer under a gateway?
Be aware that there is corporate policy preventing Service Fabric explorer from being publicly accessible (these ports are considered high risk). It is programmatically enforced, so that may have impacted your experiments. I suggest talking to the NetIso team to get the latest info on this scenario.
That's an interesting piece of information Stu! Do you have any details on the policy (link, etc.) by any chance? Also, can you remind me how's the setup of the Helix Services SF Explorer form this perspective?
Also, can you remind me how's the setup of the Helix Services SF Explorer form this perspective?
I only took a quick glance but it does look like the load balancer is the trick for Helix's support.
I tried but unfortunately could not find any info on the policy. IIRC this came up for us about two years ago, and a former team member was tasked with figuring out how to comply.
The NetIso team holds office hours and has been pretty good to work with. If I were the one with this task, I'd start fresh by going to their office hours, describing the scenario and asking for resources and advice. I wouldn't be surprised if there are changes to be made even with Helix's setup.
dotnet/core-eng#15313 is where this originally came up.
thanks for the info @garath!
All traffic currently reaches Maestro through the Application Gateway, which only listens on few selected ports, 443 and 80, and then sends all traffic to port 8088. This breaks:
https://maestro-int.westus2.cloudapp.azure.com:19080/Explorer
maestro-int.westus2.cloudapp.azure.com:19000
For both of these, we will need to create Listeners, Rules and Http settings that will allow these ports