Table of contents

Network security and OpenPages

By default, the OpenPages® service allows ingress connections from outside the cluster.

The OpenPages service exposes specific network communication ports to allow ingress connections from outside of the Cloud Pak for Data cluster. The ingress ports are controlled by Cloud Pak for Data and Red Hat® OpenShift®.

In addition, you can configure the OpenPages service to allow egress traffic to external services outside of Cloud Pak for Data. This is an optional task. The egress ports are not restricted. To allow egress connections, you must configure egress network traffic rules on the host cluster’s network infrastructure.

Ingress ports

The following table lists the ingress ports that are exposed by OpenPages by default.
Table 1. Ingress ports for OpenPages
Port usage External port Internal port Protocol
External client traffic over HTTPS including client browsers and rest clients. 443 10111 HTTPS

Restricting egress to known ports

The following table lists the ports that you can configure for egress traffic from the OpenPages service to external hosts.

Cloud Pak for Data on Red Hat OpenShift does not restrict egress traffic from the OpenPages service to external destinations. Create Deny All firewall rules in your host network infrastructure and expose only the services that are necessary, using allow lists as needed.

If an external service uses a non-standard port number, contact your service provider.

By default, in OpenPages, these integrations are not enabled.

Table 2. External connections
Port usage External port Protocol
Watson™ APIs for Natural Language Classifier, Watson Assistant, and Watson Discovery 443 HTTPS
Email Service for system notifications 25/465/587 smtp(s)
Thomson Reuters feed via SFTP 22 SFTP
Other feeds via API (for example, Ascent, RegTrack, SecurityScorecard, Supply Wisdom, and Wolters Kluwer.) 443 HTTPS