Planning for firewall traffic between the monitoring console and data grid servers

You must plan for data grid traffic between the monitoring console and data grid servers.

The examples illustrate where you must allow communication between these servers. You should read the port properties and values that are defined in Planning for network ports

Figure 1. Administration traffic consists of traffic from a host running a monitoring console server. Communication between a monitoring console server and data grid servers must be allowed through any firewall.
M1: Only the monitoring console and container servers using an ORB transport protocol can initiate traffic.
If a listener port is not configured on a catalog server, it will default to 2809. If a listener port is not configured for the monitoring console server or a container server, an ephemeral port is chosen and this port can vary each time that the monitoring console or container server is restarted. In this example, the listener port is set to 2809. Outbound traffic uses source port: ephemeral, destination port: 2809, and return traffic from the data grid server flows over the same connection. Similarly, for traffic that is initiated by a container server, outbound traffic uses source port: ephemeral, destination port: 2809 and return traffic flows over the same connection.
Note: When a data grid server operates inside WebSphere Application Server and uses an Object Request Broker (ORB) transport protocol, another port ORB_LISTENER_ADDRESS must also be opened. The BOOTSTRAP_ADDRESS port forwards requests to this port.
M2: Only the monitoring console can initiate traffic.
If a Java Management Extensions (JMX) service port is not configured for a catalog server, it will default to 1099. If a JMX service port is not configured for a container server, a dynamic port is chosen, and this port can vary each time the container server is restarted. In this example, the JMX service port is set to 1099. Outbound traffic uses source port: ephemeral, destination port: 1099, and return traffic from the data grid server flows over the same connection.
M3: Only the monitoring console can initiate traffic.
In this example, a JMX connector port is set to 32701. Outbound traffic uses source port: ephemeral, destination port: 32701, and return traffic from data grid server flows over the same connection.
Note:
  • If Secure Socket Layer (SSL) is not configured, but a JMX connector port is configured, firewall traffic uses the JMX connector port.
  • If SSL is not configured and a JMX connector port is not configured, firewall traffic uses the JMX service port.
  • If SSL is configured, but a JMX connector port is not configured, an ephemeral port is chosen. This port can vary each time that the server is restarted. Firewall traffic flows over the ephemeral port.