It is common that the Platform and EC’s hosts are protected by one or more firewalls. In order for the communication between the various components of the system to work, you may need to update your firewall settings.
Accessing Ports in Pico Instances
In MediationZone, it is always the client that establishes a connection to the Platform. Once a connection has been established, it is used as a two-way communication channel; the Platform never needs to open an outgoing connection. Typically, the Platform has the server role in the system, while
mzsh, Desktops, ECs and web browsers act as clients.
...
| Code Block | ||
|---|---|---|
| ||
mzsh topo get --format data-only topo://container:<container>/pico:.*/val:config.properties.ec.webserver.port |
The port ranges used to communicate with SCs are specified by the property mz.servicehost.port.range. This property is also applicable to the Platform since it may also run services. Use the following command to retrieve the value of this property for the Platform and all SCs in a container:
| Code Block | ||
|---|---|---|
| ||
mzsh topo get --format data-only topo://container:<container>/pico:.*/val:config.properties.mz.servicehost.port.range |
By default, the Platform uses the port range 5451-5500.
You can manage pico instances in one container from another by enabling remote access, using the mzsh command topo setupremote. SSH is used by the pico instances for remote access and the default port used by this protocol is 22. For further information about setting up remote access and how to configure the SSH port, see Remote Access to Containers.
...
...
Firewall Architecture
Inter Workflow Communication
...
To allow
mzsh, Desktops and ECs to communicate with the Platform, incoming data to, and outgoing data from port6790in the Platform Container must be allowed.To allow the Platform Web Interface to be accessed from outside the firewall and for STR synchronization, incoming data to, and outgoing data from the Platform's port
9000must be allowed.To allow the EC Web Interface to be accessed from outside the firewall, incoming data to, and outgoing data from the EC's port
9090must be allowed.To enable external access to services on the Platform and the SC, ensure that incoming and outgoing data for the following port ranges are allowed through the firewall:
Platform default port range: 5451-5500 (configurable)
SC port range: xxxx-xxxx (configurable)To allow remote access to Execution Containers, outgoing data must be allowed on port 22.
Type | Port(s) | Open Internally | Open Externally |
|---|---|---|---|
Platform | 6790 9000 Refer to Additional Platform Properties in install.xml for more information. | Default scenario where |
MediationZone is only used within an internal |
network. | If it is required to provide platform ports to external scenarios, such as Legacy Desktop (Java Swing) running on an external network. | ||||
Desktop | 9001 Refer to Desktop UI Properties for more information. | If all browser users are on an internal network. | Default scenario where the Desktop is running on browsers on an external network. | ||
Execution Context(s) | 9090 Refer to Execution Context Properties for more information. | Default scenario where services depending on EC are used within an internal network. | If it is required to provide access to ECs from an external network.
|
Depends on the required services.
Refer to Service Context Properties for more information.
Default scenario where services depending on SC are used within an internal network.
If it is required to provide access to SCs from an external network.
Legacy Desktop | 6790 | Default scenario when the Legacy Desktop is used within an internal network. | If the Legacy Desktop requires to run from an external network. |
| Info |
|---|
Info!
|