I have a DMA failover and a remote Elastic Cluster in a different subnet. We have asked to make sure to open the TCP port 9200 towards Elastic. Is it required to have this connectivity from both the active and standby server? Or will it be enough to create the rule using the VIP so that only the active server will reach the Elastic cluster?
Hello,
Although I haven't technically investigated this, I believe it's better to configure the firewall to have the connectivity to both the active and standby server (not just the Virtual IP).
I could see multiple reasons, one of them being that future implementations might change the way we create failovers or future implementations where the backup agent might be pushing Elastic data to another cluster.
But mainly, I believe that despite the failover server being on standby, it will already have created an Elastic connection (i believe).
I think it's better safe than sorry, but it could be investigated if this is would pose a problem.