Port Requirements
The ports listed in the following table must be available for use by the deployment. If you will be running Kubernetes, then the requirements listed in Kubernetes Port Requirements also apply.
If the firewalld service is installed and enabled on the Controller, and
the firewalld service is installed and enabled on all hosts before they
are added to the deployment, the installer for HPE Ezmeral Runtime Enterprise
automatically configures firewall rules to open the required ports.
| Port | Service | Protocol | Host | Direction | Agent* | Comments |
| 22 | SSH access | TCP | Controller Worker Gateway | both | Not required | This port is needed for password-less SSH installations. It is not applicable for agent-based installations such as cloud deployments. HPE recommends enabling SSH access for troubleshooting purposes. |
| 53 | DNS server TCP port | TCP | Controller Worker Gateway | From cloud to on-premises (Primary/Shadow/Cluster IP) | DNS port forwarding. | |
| 53 | DNS server UDP port | UDP | Controller Worker Gateway | From cloud to on-premises (Primary/Shadow/Cluster IP) | DNS port forwarding. | |
| 80 | Apache HTTP access | TCP | Controller Worker Gateway | From cloud to on-premises (Primary/Shadow/Cluster IP) | This is technically not needed for Worker hosts; however, since these hosts may become the Shadow Controller when High Availability is enabled, enabling HTTP access is recommended for these hosts. | |
| 88 464 | Kerberos UDP | UDP | Controller Worker | Both directions | This is technically not needed for Worker hosts; however, since these hosts may become the Shadow Controller when High Availability is enabled, enabling HTTP access is recommended for these hosts. | |
| 88 464 749 754 | Kerberos TCP | TCP | Controller Worker Gateway | Both directions | ||
| 111 | RPC bind on TCP | TCP | Controller Worker Gateway | egress | ||
| 111 | RPC bind on UDP | UDP | Controller Worker Gateway | egress | ||
| 123 | NTP server port | TCP | Controller Worker | egress | ||
| 443 | Apache HTTPS access | TCP | Controller Worker Gateway | N/A (outside access only) | Not required | |
| 2224 | PCS daemon | TCP | Controller Worker | N/A | This need only be open between the Primary and Shadow Controllers. | Required. Before the platform can be configured, the PCS daemon needs to be started and enabled to boot on startup on each host. This daemon works with the PCD CLI command to manage syncing the configuration across all the nodes in the platform. |
| 2888, 5181, 3888 | HPE Ezmeral Data Fabric-ZK | TCP | Controller, Worker | Both directions | All communication occurs between nodes; end users need not access these ports. | |
| 4369 | Erlang EPMD | TCP | Controller Worker Gateway | Both directions | ||
| 4789 | VxLAN | Controller Worker Gateway | Both directions | This port must be open on – Primary and Shadow controllers, Arbiter and Gateway hosts. | ||
| 5405 | Cluster Manager | UDP | Controller Worker | N/A | ||
| 5610 9210 9211 | Monitoring | TCP | Controller Worker Gateway | 9210 from cloud to on-premises. | ||
| 5660-5787 | HPE Ezmeral Data Fabric-FS | TCP | Controller, Worker | Both directions | All communication occurs between nodes; end users need not access these ports. | |
| 5659 | NRPE access | TCP | Controller Worker Gateway | On-premises to cloud, for Nagios to be able to access NRPE running on the cloud VMs. | Nagios Remote Plugin Executor (NRPE). | If this port is blocked, then the Services tab of the Cluster Details screen will not be able to report service statuses. |
| 7220-7222 | HPE Ezmeral Data Fabric-CLBD | TCP | Controller Worker | Both directions | All communication occurs between nodes; the end user need not access these ports. | |
| 7443 | HPE Ezmeral Data Fabric-Login | TCP | Controller, Worker | Both directions | Please contact HPE Technical Support if a user needs to directly access the HPE Ezmeral Data Fabric Management Console. | |
| 8080 | bd_mgmt REST API | TCP | Controller Worker Gateway | N/A (outside access only) | Not required | |
| 8081 | haproxy stats | TCP | Controller Worker Gateway | N/A (outside access only) | Not required | |
| 8085 | Apache HTTP access for Container Platform Nagios | TCP | Controller Worker Gateway | N/A (outside access only) | Not required | |
| 8443 | Apache HTTPS access for Container Platform Nagios | TCP | Controller Worker Gateway | N/A (outside access only) | Not required | |
| 8443 | HPE Ezmeral Data Fabric-REST | TCP | Controller, Worker | Both directions | All communication occurs between nodes; end users need not access these ports. | |
| 9000 9001 | Erlang RPC | TCP | Controller Worker Gateway | Both directions |
|
|
| 9002 | Erlang SSH-RPC | TCP | Controller Worker Gateway | |||
| 9500-9699 | Kubernetes API endpoints for individual clusters | TCP | Gateway | N/A | These ports are used by Gateway hosts to communicate with Kubernetes hosts, specifically to connect the Kubernetes API server to the a specific Kubernetes cluster. | |
| 14000 14001 | HTTPFS | Controller Worker Gateway | Not required for external access. | |||
|
10000 to 50000 |
Container Platform Gateway host service mapping | Controller Worker Gateway | N/A (outside access only) | Random port definitions from the pool are not used. By default, port usage will start from 10000 and proceed incrementally. As virtual clusters are deleted, those ports will become usable by the pool and will be used for new services. | ||
| 7220:7223 | MapR CLDB | TCP | To HPE Ezmeral Runtime Enterprise Controller nodes | By default, CLDB listens on ports 7222 and 7223. For performance reasons, additional ports may be opened. For more details, see Ports Used by HPE Ezmeral Data Fabric Software. | ||
| 8660 | MapR-MAST | TCP | Both | Data Fabric clients use this port to connect to the MAST Gateway. | ||
| 7443 | MapR-Login | TCP | To HPE Ezmeral Runtime Enterprise Controller nodes | When security is enabled for a cluster, the CLDB listens for connections on port 7443. If security is disabled, the maprlogin utility is unable to reach the CLDB. | ||
| 8443 | MapR REST | TCP | To HPE Ezmeral Runtime Enterprise Controller nodes | MapR REST API | ||
| 5660, 5692, 5724, 5756 | MapR FS | TCP | Both | Only required if it is set up with Embedded Data Fabric. The filesystem is a random, read-write, distributed filesystem that allows applications to read and write concurrently directly to disk. Clients use these ports to access the file-system server. | ||
| 2888, 5181, 3888 | MapR-ZK | TCP | To HPE Ezmeral Runtime Enterprise Controller nodes | MapR ZooKeeper |
*=Determine whether or not the port is used for agent-based installations.