Firewall recommendations for IBM Spectrum Scale GUI
Dedicating certain ports for firewalls helps to secure IBM Spectrum Scale™ management and installation GUIs. Different ports are used for securing installation GUI and management GUI.
Port Number | Functions | Protocol |
---|---|---|
9080 | Installation GUI | HTTP |
9443 | Installation GUI | HTTPS |
80 | Management GUI IBM Spectrum Scale management API |
HTTP |
443 | Management GUI IBM Spectrum Scale management API |
HTTPS |
4444 | Management GUI | Localhost only |
All nodes of the IBM Spectrum Scale cluster must be able to communicate with the GUI nodes through the ports 80 and 443. If multiple GUI nodes are available in a cluster, the communication among those GUI nodes is carried out through the port 443.
Both the management GUI and IBM Spectrum Scale management API share the same ports. That is, 80 and 443. However, for APIs, the ports 443 and 80 are internally forwarded to 47443 and 47080 respectively. This is done automatically by an iptables rule that is added during the installation.
The management GUI uses ZIMon to collect performance data. ZIMon collectors are normally deployed with the management GUI and sometimes on other systems in a federated configuration. Each ZIMon collector uses three ports, which can be configured in ZIMonCollector.cfg. The default ports are 4739, 9085, and 9084.
The port 4444 is accessible only from the localhost.