Versions Compared

Old Version 8

changes.mady.by.user Kevin Wu

Saved on

compared with

New Version Current

changes.mady.by.user Jenni Wallin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
mzsh topo get --format data-only topo://container:<container>/pico:.*/val:config.properties.ec.webserver.port

The port ranges used to communicate with SCs are specified by the property mz.servicehost.port.range. This property is also applicable to the Platform since it may also run services. Use the following command to retrieve the value of this property for the Platform and all SCs in a container:

Code Block
languagetext
mzsh topo get --format data-only topo://container:<container>/pico:.*/val:config.properties.mz.servicehost.port.range

By default, the Platform uses the port range 5451-5500.

You can manage pico instances in one container from another by enabling remote access, using the mzsh command topo setupremote. SSH is used by the pico instances for remote access and the default port used by this protocol is 22. For further information about setting up remote access and how to configure the SSH port, see Remote Access to Containers.

...

firewall_architecture.pngImage Added

Inter Workflow Communication

The server port used for Inter Workflow communication, when one EC contacts another EC, is specified by the EC property pico.rcp.server.port. If no port is set, a dynamic port will be used, and the port number will change each time the EC is restarted. To let the firewall allow a connect operation, the property pico.rcp.server.port has to be set to the same port number as the specific port opened by the firewall.

Info

Example - Inter Workflow Communication

EC1 on Host1 is configured with RCPPort1, and EC2 on Host2 with RCPPort2.

To allow EC1 to open a connection to contact an Inter Workflow storage on EC2, EC1 will make a TCP connection from Host1 to Host2 on port RCPPort2.

In this case, RCPPort2 has to be allowed by the firewall.

Database Communication

For performance reasons, Audit information is logged directly from an EC to the database.

...

For information on how to set up the Audit Profile, refer to see Audit Profile in the Desktop user's guide.

Firewall Setup

The following lists the actions that should be taken to allow communication between hosts in the system. It is assumed that the standard installation ports are used. If the default ports have been changed, replace the port numbers with the ones you are using.

  • To allow mzsh, Desktops and ECs to communicate with the Platform, incoming data to, and outgoing data from port 6790 in the Platform Container must be allowed.

  • To allow the Platform Web Interface to be accessed from outside the firewall and for STR synchronization, incoming data to, and outgoing data from the Platform's port 9000 must be allowed.

  • To allow the EC Web Interface to be accessed from outside the firewall, incoming data to, and outgoing data from the EC's port 9090 must be allowed.To enable external access to services on the Platform and the SC, ensure that incoming and outgoing data for the following port ranges are allowed through the firewall:

    • Platform default port range: 5451-5500 (configurable)

    • SC port range: xxxx-xxxx (configurable)

  • To allow remote access to Execution Containers, outgoing data must be allowed on port 22.

Type

Port(s)

Open Internally

Open Externally

Platform

6790

9000

Refer to

See Additional Platform Properties in install.xml for more information.

Default scenario where

Image Removed

MediationZone is only used within an internal

(Image Removed)

network.

If it is required to provide platform ports to external scenarios, such as Legacy Desktop (Java Swing) running on an external network.

Desktop

9001

Refer to

See Desktop UI Properties for more information.

If all browser users are on an internal network.

Default scenario where the Desktop is running on browsers on an external network.

Execution Context(s)

9090

Refer to

See Execution Context Properties for more information.

Default scenario where services depending on EC are used within an internal network.

If it is required to provide access to ECs from an external network.

Example
The

It is required if the Prometheus server is deployed on a remote network and needs to work with EC in an internal network

.

Service Contexts (optional)

Depends on the required services.

Refer to Service Context Properties for more information.

Default scenario where services depending on SC are used within an internal network.

If it is required to provide access to SCs from an external network.

, for example.

Legacy Desktop

6790
9000

Default scenario when the Legacy Desktop is used within an internal network.

If the Legacy Desktop requires to run from an external network.

Operations REST Interface

9000

Refer to

See Operations REST Interface for more information.

Default scenario where services depending on Operations REST Interface are used within an internal network.

If it is required to provide access to Operations REST Interface from an external network.

...

Note!

  • It is recommended to enable client authentication for security. For more information,

...

...

  • services that require access to port 6790 (for Platform Container) and 9000 (standard installation).
    For example, providing VPN to access the Legacy Desktop remotely.