Networking
Network Ports
The table below details the ports that must be accessible for ASI to operate in both standalone and clustered modes. If you have a software firewall enabled on your systems, you will need to open the incoming ports using the iptable, nftables or firewall commands. You can configure different port numbers for your environment should you require to do so, instructions on how to do this is detailed in the configuration section.
Product Communication Rules
User facing access
| Source | Destination | Source Port | Destination Port | Description |
|---|---|---|---|---|
| Users | ASI | 443 | 52000 | Fronting load balancer running on 443 |
Communication required between ASI modules
| Source | Destination | Destination Port | Description |
|---|---|---|---|
| ASI (legacy) | ASI (legacy) | 5701 | ASI legacy cache intercommunication |
| ASI (all modules) | Authenticator | 50443 | Authentication communication |
| ASI (all modules) | ASI (management-service) | 58090 | Management-Service communication |
| ASI (management-service) | Vault | 58091 | Vault |
| Vault | Vault | 58092 | Vault intercommunication |
| ASI (all modules) | ASI (datagrid) | 47100 | Data grid intercommunication |
| ASI (all modules) | ASI (datagrid) | 47500 | Data grid intercommunication |
| ASI (core) | ASI (dashboards) | 52001 | ASI Dashboards Module |
ASI/BES Communication
| Source | Destination | Destination Port | Description |
|---|---|---|---|
| ASI (events module) | ASI (management-service) | 58090 | Management-Service communication |
| ASI (legacy) | ASI (legacy) | 50819 | BES webservices |
| ASI (core) | ASI (events) | 52002 | ASI Events module |
| ASI | Database | 5432 | PostgreSQL (database) |
| BES (nnBES) | ASI (legacy) | 50050 | ASI Event Feed (nnBES) |
DataHub/ASI Communication
| Source | Destination | Destination Port | Description |
|---|---|---|---|
| ASI (datahub module) | ASI (management-service) | 58090 | Management-Service communication |
| ASI (legacy) | DataHub | 50005 | DataQuery Port |
| ASI (core) | DataHub | 52003 | ASI DataHub Module |
Load Balancers
Flow
Typically, your environment will use TLS certificates, and users will log in through the ASI load balancer via port 443. The load balancer will then direct traffic to port 52000. Other ports should pass through the load balancer on the port they were received on. The configuration below shows a typical setup for load balancers.
Health Rules
Perform health checks on each cluster member for the product's load balancer. For a three-node cluster, three health checks should be configured—one for each instance. Standalone environments typically don't require a load balancer, but if one is provisioned, configure it for the single instance.
Configuration
| Load Balancer | URL Check | Response Code | Mode | Sticky Sessions | Inbound Traffic | Outbound Traffic |
|---|---|---|---|---|---|---|
| asi | https://asi-instance:52000/status | 200 | round-robin | yes | 443 | 52000 |
| bes | https://bes-instance:50819/escapex/login.jsp | 200 | round-robin | no | 50819 5432 | 50819 5432 |
| datahub | https://datahub-instance:50005/datahub/v3/health | 200 | round-robin | no | 50000 50005 | 50000 50005 |
For any updates or clarifications, please contact the support team.