Ports to Open When Promoting Across a Firewall
DavidSeager 110000C5XS Visits (5347)
Promotion is where you copy a service's information from one WebSphere Service Registry and Repository to another. Why? If you have something looking up service details in WSRR, maybe to find the location of a service, then usually you will have multiple WSRR instances. One main WSRR with services in any state (proposed, under development, in production, etc), which is called the "Governance Master". Then for each place a service can run, called the "environment", you have a WSRR instance that holds just the services that run in that environment, called the "runtime" WSRR. For example, you have an instance for your staging server, and all services that are running on the staging server will be in this staging runtime WSRR. The mechanism where a service is copied from the Governance Master (GM for short) to a runtime WSRR is called promotion.
So which ports should you open on your firewall, if promoting from the GM to a runtime WSRR behind a firewall? During this process WSRR currently (up to V8.0) does an EJB lookup from the GM WSRR on the environment WSRR, and invokes the promotion method. Therefore you need to open the ports that let you do RMI communication.
Two resources help here. First this dW article "IBM WebSphere Developer Technical Journal: Firewall Port Assignments in WebSphere Application Server V5" talks about ports to open between an EJB client and a WebSphere Application Server (WAS for short). Secondly this terse technote "Sample configuring static ports to enable RMI communication through a firewall (security enabled)" shows which ports to open.
Putting these together, and the fact that WSRR 7.5 runs on WAS 7, we find that we need these ports open on a firewall between the GM and runtime WSRR are:
If the runtime WSRR is a federated server/cluster, also you need for the Node Agen
But what are the values for these port names? On the runtime WSRR, open the WAS admin console, click Servers -> (server name) -> Ports and get the values from there. Note these values must not be zero. Zero means the port number is dynamically allocated, making it impossible to know the port and open it in the firewall. So set a value if they are zero!
My values are:
BOOTSTRAP_ADDRESS port 280
To find port values for the node agent, on the Deployment Manager, click System Administration -> Node Agents -> (agent name) -> Ports.
For WSRR V8 this runs on WAS 8, but it seems there is no difference between 7 and 8.