Firewall recommendations for IBM Spectrum Scale GUI
Dedicating certain ports for firewalls helps to secure IBM Spectrum Scale™ management and installation GUIs. Different ports are used for securing installation GUI and management GUI.
| Port Number | Functions | Protocol |
|---|---|---|
| 9080 | Installation GUI | HTTP |
| 9443 | Installation GUI | HTTPS |
| 80 | Management GUI IBM Spectrum Scale management API |
HTTP |
| 443 | Management GUI IBM Spectrum Scale management API |
HTTPS |
| 4444 | Management GUI | Localhost only |
All nodes of the IBM Spectrum Scale cluster must be able to communicate with the GUI nodes through the ports 80 and 443. If multiple GUI nodes are available in a cluster, the communication among those GUI nodes is carried out through the port 443.
Both the management GUI and IBM Spectrum Scale management API share the same ports. That is, 80 and 443. However, for APIs, the ports 443 and 80 are internally forwarded to 47443 and 47080 respectively. This is done automatically by an iptables rule that is added during the startup of the GUI and is removed when the GUI is being stopped. The update mechanism for iptables can be disabled by setting the variable UPDATE_IPTABLES to false, which is stored at: /etc/sysconfig/gpfsgui.
The management GUI uses ZIMon to collect performance data. ZIMon collectors are normally deployed with the management GUI and sometimes on other systems in a federated configuration. Each ZIMon collector uses three ports, which can be configured in ZIMonCollector.cfg. The default ports are 4739, 9085, and 9084. The GUI is sending its queries on the ports 9084 and 9085 and these ports are accessible only from the localhost. For more information on the ports used by the performance monitoring tools, see Firewall recommendations for Performance Monitoring tool.
The port 4444 is accessible only from the localhost.