Follow

Firewall Port Requirements

Buttonwood strongly recommends deploying the Broker within the trusted network where there is no firewall restricting traffic between the Broker and other internal network services such as
DNS, AD/LDAP, NTP, and management clients.

The following diagram depicts a typical deployment of the Broker with network ports listed.

The Broker primarily communicates with external network resources, such as the Buttonwood Core Services and Cloud Service Providers, using outbound HTTPS (TCP 443). This is commonly already allowed in a typical corporate network.

Additional services such as SSH (TCP 22), WinRM over HTTP (TCP 5985), and WinRM over HTTPS (TCP 5986) are optional but recommended ports used for executing additional management activities on a deployed workload as part of a blueprint configuration.

Outbound Ports

Port Protocol Source Destination Additional Information
22 TCP Broker Appliance

Deployed Workloads
(Linux Instances)

SSH
Optional
Required only if management activities are to be carried out on deployed workloads
53 TCP/UDP Broker Appliance

DNS Servers

DNS
Required for internal and external name resolution
123 TCP/UDP Broker Appliance

NTP Servers

NTP
Required for system time synchronisation

443 TCP Broker Appliance

Integrated Service API Frameworks

HTTPS
Required for secure communication with Service Provider endpoints such as Buttonwood Core Services and Cloud Service Providers

389 TCP Broker Appliance

LDAP Servers

LDAP
Required for integration of user authentication with LDAP sources

5672 TCP Broker Appliance

Message Queuing Servers

AMQP
Optional
Required for configuration of logging to a Message Queuing server such as RabbitMQ

5985 TCP Broker Appliance

Deployed Workloads
(Windows Instances)

WinRM over HTTP
Optional
Required only if management activities are to be carried out on deployed workloads
5986 TCP Broker Appliance

Deployed Workloads
(Windows Instances)

WinRM over HTTPS
Optional
Required only if management activities are to be carried out on deployed workloads

Inbound Ports

Port Protocol Source Destination Additional Information
22 TCP Management Clients

Broker Appliance

SSH
Required for accessing the Broker management console
443 TCP Management Clients

Broker Appliance

HTTPS
Required for access to the Broker Management Web UI
8443 TCP Management Clients

Broker Appliance

HTTPS
Required for access to the Broker Admin Console UI

 

Was this article helpful?
0 out of 0 found this helpful

Comments