Firewall recommendations for Cloud services
This topic describes the firewall recommendations that you need to follow to be able to implement Cloud services on your cluster.
Port that can be used is 8085 TCP
- Enables connections to Cloud services nodes from all IBM Spectrum Scale™ nodes on this port. All communications from non-cluster nodes on this port can be blocked.
- Cloud services nodes are required to communicate with the configured Object storage provider. Typically, this communication occurs over HTTPS (443) or HTTP (80). Contact your Object storage provider for more details.
- The internal port that is used by Cloud services can be changed from 8085 to any other port by using the mmcloudgateway config command.
| Port number | Protocol | Service name | Component involved in communication |
|---|---|---|---|
| 8085 | TCP | Transparent cloud tiering | Intra cluster |
| Object storage provider dependent | TCP | Transparent cloud tiering | Transparent cloud tiering connection to Object storage provider on the external network. Typically HTTPS (443) or HTTP (80) |
Note: For firewall recommendations for other components such as performance
monitoring tool, protocol access, and GUI, see Securing the IBM Spectrum Scale system using firewall.