Planning for firewall traffic between the monitoring console and data grid servers
You must plan for data grid traffic between the monitoring console and data grid servers.
The examples illustrate where you must allow communication between these servers. You should read the port properties and values that are defined in Planning for network ports
- M1: Only the monitoring console and container servers using an ORB transport protocol can initiate traffic.
- If a listener port is not configured on a catalog server, it will
default to 2809. If a listener port is not
configured for the monitoring console server or a container server,
an ephemeral port is chosen and this port can vary each time that
the monitoring console or container server is restarted. In this example,
the listener port is set to 2809. Outbound
traffic uses source port: ephemeral, destination port: 2809,
and return traffic from the data grid server flows over the same connection.
Similarly, for traffic that is initiated by a container server, outbound
traffic uses source port: ephemeral, destination port: 2809 and return
traffic flows over the same connection.Note: When a data grid server operates inside WebSphere Application Server and uses an Object Request Broker (ORB) transport protocol, another port ORB_LISTENER_ADDRESS must also be opened. The BOOTSTRAP_ADDRESS port forwards requests to this port.
- M2: Only the monitoring console can initiate traffic.
- If a Java Management Extensions (JMX) service port is not configured for a catalog server, it will default to 1099. If a JMX service port is not configured for a container server, a dynamic port is chosen, and this port can vary each time the container server is restarted. In this example, the JMX service port is set to 1099. Outbound traffic uses source port: ephemeral, destination port: 1099, and return traffic from the data grid server flows over the same connection.
- M3: Only the monitoring console can initiate traffic.
- In this example, a JMX connector port is set to 32701. Outbound traffic uses source port: ephemeral, destination port: 32701, and return traffic from data grid server flows over the same connection.
Note:
- If Secure Socket Layer (SSL) is not configured, but a JMX connector port is configured, firewall traffic uses the JMX connector port.
- If SSL is not configured and a JMX connector port is not configured, firewall traffic uses the JMX service port.
- If SSL is configured, but a JMX connector port is not configured, an ephemeral port is chosen. This port can vary each time that the server is restarted. Firewall traffic flows over the ephemeral port.