Network

Ports

The table below details the networking requirements for Nirmata PE:

Component Connections
Core Services Inbound Connections
- HTTPS (443) from the LB / users
- HTTPS (443) from Nirmata agent on Container Hosts
- SSH (22) for secure shell access
Outbound Connections
- HTTPS (443) to image registry
Shared Services Inbound Connections
- TCP (27017) MongoDB from Nirmata Core Services
- TCP (9092) Kafka from Nirmata Core Services
- TCP (2181) ZooKeeper from Nirmata Core Services
- TCP (2888) ZooKeeper from Nirmata Shared Services
- TCP (3888) ZooKeeper from Nirmata Shared Services
- TCP (9200) ElasticSearch from Nirmata Core Services
- TCP (9300) ElasticSearch from Nirmata Shared Services
- SSH (22) for secure shell access
Outbound Connections

Additionally, a well known address will need to be configured for Nirmata (e.g. nirmata.company-name.com). This address will resolve to the load balancer IP address (VIP) or Nirmata server IP address, if load balancer is not used.

Note 1: A load-balancer is not required for the PoC deployment.

Note 2: It is assumed that Container Hosts in the private data-center (e.g. Diamanti VMs) and Container Hosts in public cloud (e.g. Azure) have direct L3 connectivity to the Nirmata Core Services.

Network Proxy

In case you are required to use network proxy for any external communication, please keep the proxy settings available so that they can be used during the installation.

Configure proxy for Docker Engine by adding the following to /etc/systemd/system/docker.service.d/http-proxy.conf:

[Service]
Environment="HTTP_PROXY=<proxy-address>"
Environment="HTTPS_PROXY=<proxy-address>"
Environment="NO_PROXY=127.0.0.1,localhost,<nirmata-services-host-ip,nirmata-shared-services-host-ip>

You can find more details on configuring HTTP/HTTPS proxy for Docker Engine at https://docs.docker.com/config/daemon/systemd/#httphttps-proxy.

DNS

It is required that host names for all hosts resolve via DNS.

image