Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

It is common that the hosts are protected by one or more firewalls. In order for For the communication between the various components of the system to work, you may need to update your firewall settings.

...

In , it is always the client that establishes a connection to the Platform. Once a connection has been established, it is used as a two-way communication channel; the Platform never needs to open an outgoing connection. Typically, the Platform has the server role in the system, while mzsh, Desktops, ECs and web browsers act as clients.

The common property  property pico.rcp.platform.port specifies a port used by pico instances to communicate with Platform. The default value is 6790 in a standard installation. Use the following command to retrieve the value of this property:

...

The Platform property mz.webserver.port specifies specifies a port used to communicate with the Platform Web Interface. The default value is 9000 in a standard installation. Use the following command to retrieve the value of this property from the Platform Container:

Code Block
languagetext
mzsh topo get topo://container:<container>/pico:platform/val:config.properties.mz.webserver.port

The property propertyec.webserver.port specifies a port used to communicate with an EC Web Interface. The default value is 9090 in a standard ec-template. Use the following command to retrieve the value of this property for all ECs in a container:

...

The server port used for Inter Workflow communication, when one EC contacts another EC, is specified by the EC property pico.rcp.server.port. If no port is set, a dynamic port will be used, and the port number will change each time the EC is restarted. To let the firewall allow a connect operation, the  property the property pico.rcp.server.port has to be set to the same port number as the specific port opened by the firewall.

Example

EC1 on Host1 is configured with "RCPPort1", and EC2 on Host2 with "RCPPort2".

To allow EC1 to open a connection to contact an Inter Workflow storage on EC2, EC1 will make a TCP connect connection from Host1 to Host2 on port "RCPPort2".

In this case, "RCPPort2" has to be allowed by the firewall.

...

If the system is unable to log Audit information directly from the EC, Audit will instead be performed through the Platform. This might happen if an external EC is unable to connect to the database in case of, for example, a network failure or if the EC has problems to connect connecting through a firewall. To avoid this, configure the firewall so that the EC can communicate directly with the Audit database.

For information on how to setup set up the Audit Profile, refer to Audit Profile in the Desktop user's guide.

...

Type

Port(s)

Open Internally

Open Externally

Platform

6790

9000

Refer to Additional Platform Properties in install.xml for more information.

Default scenario where is only used within an internal () network.

If it is required to provide platform ports to external scenarios, such as legacy desktop Legacy Desktop (Java Swing) running on an external network.

Web UIDesktop

9001

Refer to Desktop UI Properties for more information.

If all browser users are on an internal network.

Default scenario where Web UI the Desktop is running on browsers on an external network.

Execution Context(s)

9090

Refer to Execution Context Properties for more information.

Default scenario where services depending on EC is are used within an internal network.

If it is required to provide access to ECs from an external network.

Example
The Prometheus server is deployed on a remote network and needs to work with EC in an internal network.

Service Contexts (optional)

Depends on the required services.

Refer to Service Context Properties for more information.

Default scenario where services depending on SC is are used within an internal network.

If it is required to provide access to SCs from an external network.

Legacy Java Swing Desktop

6790
9000

Default scenario when the legacy desktop Legacy Desktop is used within an internal network.

If the legacy desktop Legacy Desktop requires to run from an external network.

Operations REST Interface

9000

Refer to Operations REST Interface for more information.

Default scenario where services depending on Operations REST Interface is are used within an internal network.

If it is required to provide access to Operations REST Interface from an external network.

Info

Info!

  • It is recommended to enable the client authentication for security. For more information, refer to Enabling Client Authentication.

  • Consider to provide providing VPN access for services that require access to port 6790 (for Platform Container) and 9000 (standard installation).
    For example, the providing VPN to access the legacy desktop (Java Swing) Legacy Desktop remotely.