Connectivity requirements
Overview Copied
This page outlines the connectivity requirements of a Gateway Hub node.
Existing Geneos components Copied
You can find the latest versions of all Geneos components at . For more information about the compatibility between Gateway Hub components and other Geneos components, see the compatibility matrix.
Licence Copied
A valid licence is required to run Gateway Hub. Contact your sales representative for a licence.
Server connections Copied
Hostnames Copied
Each server in the cluster must have a unique hostname, resolvable forward and backward with every other node with both normal and reverse DNS name lookup.
Logon method Copied
You must decide to use either passwordless SSH, or an interactive logon, as the method to log in to any server that will form part of the Gateway Hub cluster.
Server to server access Copied
Each Gateway Hub server must have access to the listed ports of all other Gateway Hub nodes in the cluster. You should configure your firewall to allow these connections.
Ports Copied
All ports used are TCP ports unless otherwise specified. The table below shows the configuration for he default ports on each Gateway Hub node.
| Service | Port (TCP) | Source IP | Destination IP | Purpose |
|---|---|---|---|---|
| DNS | 53 (UDP) |
Any Gateway Hub node |
DNS server | Domain Name Service |
| Gateway Hub message bus (Kafka listener) | 9092 | Any external Gateway and any Gateway Hub Node |
Any Gateway Hub node |
Receives Gateway data |
| Gateway Hub REST API |
|
Any external client |
Any Gateway Hub node |
Gateway Hub REST API |
| Gateway Hub Web Console |
|
Any external client |
Any Gateway Hub node |
Gateway Hub Web Console |
| NTP (optional) | 123 (UDP) |
Any Gateway Hub node |
NTP server | Network Time Protocol |
| SSH | 22 | Any external client |
Any Gateway Hub node |
Secure Shell, for Ansible install and troubleshooting |
| SSO Agent |
|
Any external client | Any Gateway Hub node | Gateway Hub SSO Agent |
| Zookeeper | 5181 |
Any Gateway Hub node |
Any Gateway Hub node |
Zookeeper API calls |
| Zookeeper follow-the-leader |
|
Any Gateway Hub node |
Any Gateway Hub node |
Zookeeper server-to-server communication |
| Zookeeper leader election |
|
Any Gateway Hub node |
Any Gateway Hub node |
Zookeeper server-to-server communication |
| etcd cluster | 2380 | Any Gateway Hub node | Any Gateway Hub node | etcd member communication |
| Capacity Planner | 9090 | Any Gateway Hub node | Capacity Planner | Publishing to Capacity Planner |
| JMX | 10974 | Any Gateway Hub node | Any Gateway Hub node | JMX |
Firewall access Copied
You may need to update your firewall policies to open ports required by Gateway Hub. You should always consult with your local security policy and team before making firewall changes.
If you are installing on a CentOS 7.x or RHEL 7.x system you can use the firewall-cmd command to check and modify your firewall policy. For a full list of supported operating systems, see Operating Systems in Software requirements.
The following procedures are provided as an example, you will need to modify these steps to suit your local network configuration and security policies.
- Check which ports are currently open:
firewall-cmd --list-ports
- Open each of the ports that are required:
sudo firewall-cmd --permanent --add-port={22/tcp,8080-8081/tcp,8443/tcp,9092/tcp,5181/tcp,5188-5189/tcp,2380/tcp,10974/tcp}
- Restart the firewall:
sudo firewall-cmd --reload
- Check that the required ports are now open:
firewall-cmd --list-ports
Note
In the above example all listed ports are opened to external in addition to internal access.
SSL certificates Copied
SSL certificates are required to secure the communication between Gateway Hub nodes and client applications, these can be added to Gateway Hub after installation of the binaries. You can also deploy Gateway Hub with self signed certificates for testing an development.
Obtain the certificates from your systems administrator.
For instructions on adding the SSL certificates to Gateway Hub, see installation > tls in Install.