It is common that the hosts are protected by one or more firewalls. In order for the communication between the various components of the system to work, you may need to update your firewall settings.
Accessing Ports in Pico Instances
In , it is always the client that establishes a connection to the Platform. Once a connection has been established, it is used as a two-way communication channel; the Platform never needs to open an outgoing connection. Typically, the Platform has the server role in the system, while mzsh
, Desktops, ECs and web browsers act as clients.
...
You can manage pico instances in one container from another by enabling remote access, using the mzsh command topo setupremote.
SSH is used by the pico instances for remote access and the default port used by this protocol is 22. For further information about setting up remote access and how to configure the SSH port, see Remote Access to Containers.
...
Inter Workflow Communication
The server port used for Inter Workflow communication, when one EC contacts another EC, is specified by the EC property pico.rcp.server.port
. If no port is set, a dynamic port will be used and the port number will change each time the EC is restarted. To let the firewall allow a connect operation, the property pico.rcp.server.port
has to be set to the same port number as the specific port opened by the firewall.
Info |
---|
ExampleEC1 on Host1 is configured with To allow EC1 to open a connection to contact an Inter Workflow storage on EC2, EC1 will make a TCP connect from Host1 to Host2 on port "RCPPort2". In this case, "RCPPort2" has to be allowed by the firewall. |
Database Communication
For performance reasons, Audit information is logged directly from an EC to the database.
...
For information on how to setup the Audit Profile, refer to /wiki/spaces/MD82/pages/3771258 Audit Profile in the Desktop user's guide.
Firewall Setup
Listed below are The following lists the actions that should be taken to allow communication between hosts in the system. It is assumed that the standard installation ports are used. If the default ports have been changed, replace the port numbers with the ones you are using.
To allow
mzsh
, Desktops and ECs to communicate with the Platform, incoming data to, and outgoing data from port6790
in the Platform Container must be allowed.To allow the Platform Web Interface to be accessed from outside the firewall and for STR synchronization, incoming data to, and outgoing data from the Platform's port
9000
must be allowed.To allow the EC Web Interface to be accessed from outside the firewall, incoming data to, and outgoing data from the EC's port
9090
must be allowed.To enable external access to services on the Platform and the SC, ensure that incoming and outgoing data for the following port ranges are allowed through the firewall:
Platform default port range: 5451-5500 (configurable)
SC port range: xxxx-xxxx (configurable)
To allow remote access to Execution Containers, outgoing data must be allowed on port 22.
Type | Port(s) | Open Internally | Open Externally |
---|---|---|---|
Platform | 6790 9000 Refer to Additional Platform properties for detailsProperties in install.xml for more information. | Default scenario where MZ is only used within an internal (MZ ) network. | If there it is a need required to provide platform ports to external scenarios .. , such as legacy desktop (Java Swing desktop ) running on an external network. |
Web UI | 9001 Refer to Desktop UI propertiesProperties for detailsmore information. | If all browser users are on an internal network. | Default scenario where Web UI is running on browsers on external network. |
Execution Context(s) | 9090 Refer to EC properties for details Execution Context Properties for more information. | Default scenario where services depending on EC is used within an internal network. | If there it is a need required to provide access to ECs from an external network. Example
|
Service Contexts (optional) | Depends on required services. Refer to Service Context propertiesProperties for detailsmore information. | Default scenario where services depending on SC is used within an internal network. | If there it is a need required to provide access to SCs from an external network. |
Legacy Java Swing Desktop | 6790 | Default scenario when Swing the legacy desktop is used within an internal network. | If Swing the legacy desktop needs requires to be used run from an external network. |
Operations REST Interface | 9000 Refer to Operations REST Interface for detailsmore information. | Default scenario where services depending on Operations REST Interface is used within an internal network. | If there it is a need required to provide access to Operations REST Interface from an external network. |
...
Info |
---|
Info!
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|