Network security and OpenPages
By default, the OpenPages® service allows ingress connections from outside the cluster.
The OpenPages service exposes specific network communication ports to allow ingress connections from outside of the Cloud Pak for Data cluster. The ingress ports are controlled by Cloud Pak for Data and Red Hat® OpenShift®.
In addition, you can configure the OpenPages service to allow egress traffic to external services outside of Cloud Pak for Data. This task is optional. The egress ports are not restricted. To allow egress connections, you must configure egress network traffic rules on the host cluster’s network infrastructure.
Ingress ports
Port usage | External port | Internal port | Protocol |
---|---|---|---|
External client traffic over HTTPS including client browsers and REST API clients. | 443 |
10111 | HTTPS |
Restricting egress to known ports
The following table lists the ports that you can configure for egress traffic from the OpenPages service to external hosts.
Cloud Pak for Data on Red Hat
OpenShift does not restrict egress traffic from the
OpenPages service to external destinations.
Create Deny All
firewall rules in your host network infrastructure and expose only
the services that are necessary, using allow lists as needed.
If an external service uses a nonstandard port number, contact your service provider.
By default, in OpenPages, these integrations are not enabled.
Port usage | External port | Protocol |
---|---|---|
Watson™ APIs for Natural Language Classifier, Watson Assistant, and Watson Discovery | 443 |
HTTPS |
Email Service for system notifications | 25/465/587 |
SMTP |
Thomson Reuters feed via SFTP | 22 |
SFTP |
Other feeds via API (for example, Ascent, RegTrack, SecurityScorecard, Supply Wisdom, and Wolters Kluwer.) | 443 |
HTTPS |
GRC REST API
When you call the OpenPages GRC REST API from inside the cluster you might need to access OpenPages by using its internal service name and port, instead of the external URL. Use the internal URL, for example, if your environment has network restrictions that prevent the use of the external URL.
The internal service URL uses the format:
https://openpages-<instance_name>-svc:10111
.
For example, if the external URL for OpenPages is
https://cpd-zen.apps.op-abc-test-10.xyz.company.com/openpages-openpagesinstance1/
,
the internal service URL is https://openpages-openpagesinstance1-svc:10111/
.
Example URI paths
https://openpages-openpagesinstance1-svc:10111/openpages-openpagesinstance1-grc/api
https://openpages-openpagesinstance1-svc:10111/openpages-openpagesinstance1-grc/api/types