Firewall recommendations for IBM Storage Scale GUI
Dedicating certain ports for firewalls helps to secure the IBM Storage Scale management GUI.
| Port Number | Functions | Protocol |
|---|---|---|
| 47080 | Management GUI | TCP, localhost only |
| 47443 | Management GUI | TCP, localhost only |
| 80 | Management GUI IBM Storage Scale management API |
TCP |
| 443 | Management GUI IBM Storage Scale management API |
TCP |
| 4444 | Management GUI | TCP, localhost only |
| 4739 | Performance monitoring tool | TCP and UDP |
| 9980 and 9981 | Performance monitoring tool | TCP |
All nodes of the IBM Storage Scale cluster must be able to communicate with the GUI nodes through the ports 80 and 443. If multiple GUI nodes are available in a cluster, the communication among those GUI nodes is carried out through the port 443.
If you are installing GUI on RHEL 9 then you must install nftables.
The management GUI uses ZIMon to collect performance data. ZIMon collectors are normally deployed with the management GUI and sometimes on other systems in a federated configuration. Each ZIMon collector uses three ports, which can be configured in ZIMonCollector.cfg. The default ports are 4739, 9980, and 9981. The GUI is sending its queries on the ports 9980, and 9981 and these ports are accessible only from the localhost. For more information on the ports used by the performance monitoring tools, see Firewall recommendations for Performance Monitoring tool.
The port 4444 is accessible only from the localhost.