Networking
Network Ports
The table below details the ports that must be accessible for ASI to operate in both standalone and clustered modes. If you have a software firewall enabled on your systems, you will need to open the incoming ports using the iptable, nftables or firewall commands. You can configure different port numbers for your environment should you require to do so, instructions on how to do this is detailed in the configuration section.
Standalone
| Source | Destination | Network Port | Description | Protocol |
|---|---|---|---|---|
| Users / Clients | asi server (asi-core) | 52000 | HTTPS traffic for web and API access | HTTPS |
| asi server (asi-core) | datahub server | 50005 | Query data from datahub | TCP |
| asi server (asi-core) | bes server (asi-events) | 50819 | Access BES webservices on bes server (asi-events) server | TCP |
| asi server (asi-core) | bes server (asi-events) | 52002 | Access bes server (asi-events) microservice | TCP |
| asi server (asi-core) | PostgreSQL database | 5432 | Database access | TCP |
| bes server (asi-events) | asi server (asi-core) | 50890 | ASI Discovery service | TCP |
| bes server (asi-events) | asi-dashboards | 50050 | BES event feed | TCP |
| bes server (asi-events) | datahub server | 50000 | BES event feed | TCP |
Product Communication Rules
| Product | Source | Source Port | Destination | Destination Port | Description |
|---|---|---|---|---|---|
| asi | asi-load-balancer | 443 | core instance(s) | 52000 | User access to platform |
| asi | dashboards instance | 5701 | other dashboard instances | 5701 | Cache intercommunication |
| asi | authenticator | 50443 | other authenticator instances | 50443 | Authenticator intercommunication |
| asi | management-service | 58090 | each management-service instances | 58090 | Discovery intercommunication |
| asi | each asi-member | 58092 | each asi-member | 58092 | ??? intercommunication |
| asi | asi-dashboards | 50819 | bes-load-balancer | 50819 | Web services |
| asi | each asi-member | 52002 | bes-load-balancer | 52002 | Events module |
| asi | each asi-member | 5432 | bes-load-balancer | 5432 | Database |
| asi | each asi-member | 50005 | datahub-load-balancer | 50005 | Datahub web services |
| bes | bes-load-balancer | 50819 | both bes servers | 50819 | Web services |
| bes | bes-load-balancer | 52002 | both bes servers | 52002 | Events module |
| bes | bes-load-balancer | 5432 | both bes servers | 5432 | Database |
| bes | bes-primary | 5432 | bes-secondary | 5432 | Database replication |
| bes | bes-secondary | 5432 | bes-primary | 5432 | Database replication |
| bes | bes-primary | 50050 | each asi-member | 50050 | ASI event feed |
| bes | bes-secondary | 58090 | each asi-member | 58090 | Discovery intercommunication |
| bes | bes-secondary | 50000 | datahub-load-balancer | 50000 | Datahub web services |
| bes | bes-primary | 50000 | datahub-load-balancer | 50000 | Datahub web services |
| datahub | datahub-load-balancer | 50000 | each datahub-member | 50000 | Load web services |
| datahub | datahub-load-balancer | 50005 | each datahub-member | 50005 | Query web services |
| datahub | each datahub-member | 50001 | each datahub-member | 50001 | Cluster management |
Clustered
| Source | Destination | Network Port | Description | Protocol |
|---|---|---|---|---|
| Load Balancer | each asi-core instance | 52000 | HTTPS traffic for web and API access | HTTPS |
| each asi-core instance | each asi-core instance | 52000 | core cluster | TCP |
| each asi-management-service instance | each asi-management-service instance | 58090 | management service cluster | TCP |
| each asi-dashboards instance | each asi-dashboards instance | 5701 | dashboards data cache | TCP |
| each asi-authenticator instance | each asi-authenticator instance | 50443 | authentication cluster | TCP |
Load Balancers
Flow
Typically, your environment will use TLS certificates, and users will log in through the ASI load balancer via port 443. The load balancer will then direct traffic to port 52000. Other ports should pass through the load balancer on the port they were received on. The configuration below shows a typical setup for load balancers.
Health Rules
Perform health checks on each cluster member for the product's load balancer. For a three-node cluster, three health checks should be configured—one for each instance. Standalone environments typically don't require a load balancer, but if one is provisioned, configure it for the single instance.
Configuration
| Load Balancer | URL Check | Response Code | Mode | Sticky Sessions | Inbound Traffic | Outbound Traffic |
|---|---|---|---|---|---|---|
| asi | https://asi-instance:52000/status | 200 | round-robin | yes | 443 | 52000 |
| bes | https://bes-instance:50819/escapex/login.jsp | 200 | round-robin | no | 50819 5432 | 50819 5432 |
| datahub | https://datahub-instance:50005/datahub/v3/health | 200 | round-robin | no | 50000 50005 | 50000 50005 |
For any updates or clarifications, please contact the support team.