ServiceMobility Firewall Requirements
- Andrew Hill (Deactivated)
Introduction
This document outlines the ServiceMobility firewall requirements for each of the server components installed.
Notes:
- It is assumed that the servers are in the network zones outlines in the ServiceMobility Architecture document
- All of the port numbers are configurable
Disclaimer of Warranty
Node.js Web Server
All data exchanges with ServiceMobility route through the Node.js server. The Node.js server will either handle the request directly or forward the request to the ESB.
Node.js should be installed in the DMZ network segment.
Public Ports
| Port Number | Description | Accessing Servers |
|---|---|---|
| 443 | HTTPS Protocol |
|
RedHat JBoss A-MQ Server
The A-MQ server should be installed in the DMZ network segment.
Public Ports
The following ports must be opened to the internet to allow mobile devices to connect to the system.
An alternative option from opening the port to the internet would be to implement a VPN. Implementing a VPN is out of the scope of this document.
| Port Number | Description | Accessing Servers |
|---|---|---|
| 61614 | Secure WebSockets |
|
Internal Ports
This port is used internally to allow the A-MQ and ESB servers to communicate with each other. This port should not be opened to the internet.
| Port Number | Description | Accessing Servers |
|---|---|---|
| 61616 | Native A-MQ protocol over SSL connection |
|
RedHat JBoss FUSE ESB
The ESB Server should be installed in the LAN network segment.
Internal Ports
| Port Number | Description | Accessing Servers |
|---|---|---|
8081 8082 | Exposes HTTP REST API services to Node.js.
|
|
| 9191 | SOAP protocol used to communicate with ServiceScheduling.
|
|
These ports must only be accessible from Node.js
This port is only required if ServiceMobility is integrated with ServiceScheduling
ServiceScheduling Server
The ServiceScheduling Server should be installed in the LAN network segment.
Internal Ports
| Port Number | Description | Accessing Servers |
|---|---|---|
| 6502 | SOAP
|
|
Microsoft SQL Server
The Microsoft SQL Server should be installed in the LAN network segment.
Internal Ports
| Ports | Description | Accessing Servers |
|---|---|---|
| 1433 | SQL Server Internal Protocol |
|
Cassandra Server
Cassandra is still in active development and is currently not required for production. However, Cassandra will be introduced in an future release so plans should be made to support it.
The Cassandra Server should be installed in the LAN network segment.
Public Ports
The public ports are typically accessed from the LAN network only including VPN access.
| Port Number | Description | Accessing Servers |
|---|---|---|
| 22 | SSH port | |
| 8888 | OpsCenter website
|
|
Cassandra Inter-node Ports
The inter-node ports are required in order for Cassandra clustering.
| Port Number | Description | Accessing Server |
|---|---|---|
| 7000 | Cassandra inter-node cluster communication |
|
| 7001 | Cassandra SSL inter-node cluster communication |
|
| 7199 | Cassandra JMX monitoring port |
|
Cassandra Client Ports
The client ports must be opened in order to allow the other components to access Cassandra.
| Port Number | Description | Accessing Servers |
|---|---|---|
| 9042 | Cassandra client port |
|
| 9160 | Cassandra client port (Thrift) |
|
Cassandra OpsCenter Ports
| Port Number | Description | Accessing Servers |
|---|---|---|
| 61620 | OpsCenter monitoring port
|
|
| 61621 | OpsCenter agent port
|
|
ElasticSearch Server
Internal Ports
| Port Number | Description | Accessing Servers |
|---|---|---|
| 9300 | Native ElasticSearch Protocol
|
|
| 9200 | ElasticSearch REST API
|
|