Syncplicity Support

Follow

Prerequisites for WOPI Connector

The Syncplicity On-Premises WOPI Connector is server software that runs as a virtual machine. It connects the Syncplicity orchestration layer in the cloud and Microsoft Office cloud application services to your storage endpoint. You should review About Syncplicity StorageVaults before reading further.

The storage endpoint should already be configured with at least two Syncplicity Storage Connectors. If you have not configured your storage for this, see Hybrid Cloud Storage and Deploying Syncplicity On-Premises Storage Connector to setup your storage endpoint for Syncplicity.

The following topics describe the prerequisites for installing the on-premises WOPI Connector.

Hardware requirements

The WOPI Connector requires:

  • A minimum of two virtual machines hosted on VMware vSphere Hypervisor (ESXi) 6.0 or later.
  • Each virtual machine must be configured with 8 gigabytes of random access memory, 8 virtual cores and a hard disk drive (HDD) of at least 50 GB.

See the next topic about network configuration for the network hardware requirements, which includes an externally-addressable SSL-offloading load balancer, two or more Storage Connectors, and a storage backend that supports a standard NFS v3 or s3 interfaces.

Network configuration

The WOPI Connector is supplied as an OVA file and installed on a virtual machine. The WOPI Connector requires the following:

  • Each WOPI Connector requires a dedicated virtual machine hosted on VMware vSphere Hypervisor.
  • At least two WOPI Connectors, but you can deploy more for scalability and high-availability.
  • Deployment of an externally addressable SSL-offloading load balancer in front of all virtual machines, configured with a certificate authority (CA) signed SSL certificate. Do not use a self-signed certificate.
  • Ensure that TLS1.2 is used (by disabling TLS1.0 and TLS1.1), and that SSLv3 is disabled (SSLv3 is disabled by default from the JDK).
Syncplicity client or app Minimum version
iOS 4.4.0

As shown in the diagram, a typical example is with the storage layer in the private area of the corporate network. The Storage Connector and WOPI Connector virtual machines are in the semi-private area. The SSL-offloading load balancer is in the DMZ.

WOPI_Connector_-_Network_Diagram.png

Open port requirements

The WOPI Connector requires specific inbound and outbound ports to be open.

Inbound port requirements

To enable the Syncplicity clients to connect to the WOPI Connector from the Internet, the following inbound ports must be open.

Connection Port

Protocol

From the Internet to the SSL-offloading load balancer in the DMZ.

443

HTTPS

From the SSL-offloading load balancer to the WOPI Connector virtual machines

9000

HTTP

Atmos storage requirements

To enable the WOPI Connector to connect to an EMC Atmos storage backend, the following inbound ports must be open.

Connection

Port

Protocol

From the WOPI Connector to the Atmos load balancer

443 if SSL is used with Atmos
80 if SSL is not used with Atmos

HTTP or HTTPS

From the WOPI Connector in the DMZ to the Network Time Protocol (NTP) server

123

UDP

EMC ECS storage requirements

To enable the WOPI Connector to connect to an ECS storage backend, the following inbound ports must be open.

Connection

Port

Protocol

From the WOPI Connector to the ECS load balancer

9021 if SSL is used to ECS
9020 if SSL is not used to ECS

HTTP or HTTPS

From the WOPI Connector in the DMZ to the NTP server

123

UDP

NFS v3-based storage

To enable connections from the WOPI Connector virtual machines to the NFS storage backend, the following inbound ports must be open. This includes EMC Isilon storage.

Port

Protocol

Type of Traffic

53

TCP

DNS for SmartConnect (Isilon only)

111

TCP

SUN Remote Procedure Call

111

UDP

SUN Remote Procedure Call

300

TCP

NFS mount daemon

300

UDP

NFS mount daemon

302

TCP

NFS stat daemon

302

UDP

NFS stat daemon

304

TCP

NFS lock daemon

304

UDP

NFS lock daemon

2049

TCP

NFS server daemon

2049

UDP

NFS server daemon

Outbound port requirements

In general, traffic outbound to external hosts on port 443 should be allowed. If for some reason this is not so, at least the following should be allowed.

Connection

Port

Protocol

From the WOPI Connector virtual machines to xml.syncplicity.com, xml.eu.syncplicity.com, api.syncplicity.com, api.eu.syncplicity.com, health.syncplicity.com, health.eu.syncplicity.com, and bootstrapper.wopi.syncplicity.com

443

HTTPS

From the WOPI Connector virtual machines to centos.org

Note: Only required during the upgrade procedure to allow for RPM dependency checking.

80

HTTP

Configuring Isilon storage

If you are not using Isilon storage, skip this section.

Isilon storage requires the following additional configuration steps.

  1. Create a directory on EMC Isilon cluster where you want to store the Syncplicity data. This should be done via an ssh session to the Isilon cluster.

    Example: /ifs/syncp-data

  2. Configure the permissions on the directory via an ssh session to the Isilon cluster.

    # chown syncp-wopi:syncp-wopi /ifs/syncp-data
    # chmod 770 /ifs/syncp-data

    These commands lock down security access, specifically for the “syncp” user.

  3. Create an NFS Export via the WebUI.

    The following screen shows the basic export settings that lock the export down to only the connected Storage Connectors and WOPI Connectors. Add the IP addresses of the WOPI Connectors in the appropriate fields. The values 10.111.158.3 and 10.111.158.4 are example IP addresses of the Storage Connectors.  Your IP addresses will be different.

    All other export settings should be left as the defaults and not change.

    basic_export_settings.png

  4. If the WOPI Connector is in the DMZ (Internet side of the firewall) and Isilon storage is inside of the firewall, you need to verify specific ports are opened on the firewall to allow access via NFS from the WOPI Connectors to the Isilon storage. This does not apply if the Isilon storage is not behind a firewall.

  5. See Installing WOPI Connector to check the NFS mount to the Isilon storage.

This completes the basic configuration of the EMC Isilon storage for the Syncplicity on-premises WOPI Connector.

Powered by Zendesk