OpenText Analytics Database 26.2.x – Configure the network /en/setup/set-up-on-premises/before-you-install/configure-network/ Recent content in Configure the network on OpenText Analytics Database 26.2.x Hugo -- gohugo.io Setup: Reserved ports /en/setup/set-up-on-premises/before-you-install/configure-network/ensure-ports-are-available/ Mon, 01 Jan 0001 00:00:00 +0000 /en/setup/set-up-on-premises/before-you-install/configure-network/ensure-ports-are-available/ <p>The install_vertica script checks that required ports are open and available to Vertica. The installer reports any issues with identifier <code>N0020</code>.</p> <p>You can also verify that ports required by Vertica are not in use by running the following command as the root user and comparing it with the ports required, as shown below:</p> <pre tabindex="0"><code>$ ss -atupn </code></pre><h2 id="firewall-requirements">Firewall requirements</h2> <p>Vertica requires several ports to be open on the local network. Vertica does not recommend placing a firewall between nodes (all nodes should be behind a firewall), but if you must use a firewall between nodes, ensure the following ports are available:</p> <table class="table table-bordered" > <tr> <th > Port</th> <th > Protocol</th> <th > Service</th> <th > Notes</th></tr> <tr> <td > 22</td> <td > TCP</td> <td > sshd</td> <td > Required by <a class="glosslink" href="../../../../../en/glossary/admin-tools/" title="OpenText&amp;trade; Analytics Database Administration Tools provides a graphical user interface for managing the database.">Administration tools</a> and the <a href="../../../../../en/mc/getting-started-with-mc/creating-cluster-using-mc/use-mc-cluster-installation-wizard/">Management Console Cluster Installation</a> wizard.</td></tr> <tr> <td > 4803</td> <td > TCP</td> <td > <a class="glosslink" href="../../../../../en/glossary/spread/" title="An open source toolkit used in OpenText&amp;trade; Analytics Database to provide a high performance messaging service that is resilient to network faults.">Spread</a></td> <td > Client connections</td></tr> <tr> <td > 4803</td> <td > UDP</td> <td > Spread</td> <td > Daemon-to-daemon connections</td></tr> <tr> <td > 4804</td> <td > UDP</td> <td > Spread</td> <td > Daemon-to-daemon connections</td></tr> <tr> <td > 5433</td> <td > TCP</td> <td > Vertica</td> <td > Vertica clients (vsql, ODBC, JDBC, etc)</td></tr> <tr> <td > 5433</td> <td > UDP</td> <td > Vertica</td> <td > Vertica Spread monitoring and MC cluster import</td></tr> <tr> <td > 5434</td> <td > TCP</td> <td > Vertica</td> <td > Intra- and inter-cluster communication. Vertica opens the Vertica client port +1 (5434 by default) for intra-cluster communication, such as during a plan. If the port +1 from the default client port is not available, then Vertica opens a random port for intra-cluster communication.</td></tr> <tr> <td > 5444</td> <td > TCP</td> <td > Vertica Management Console</td> <td > MC-to-node and node-to-node (agent) communications port. See <a href="../../../../../en/mc/configuring-mc/changing-mc-or-agent-ports/#">Changing MC or agent ports</a>.</td></tr> <tr> <td > 5450</td> <td > TCP</td> <td > Vertica Management Console</td> <td > Port used to connect to MC from a web browser and allows communication from nodes to the MC application/web server. See <a href="../../../../../en/mc/getting-started-with-mc/connecting-to-mc/">Connecting to Management Console</a>.</td></tr> <tr> <td > 5554</td> <td > TCP</td> <td > <a href="../../../../../en/admin/managing-db/node-management-agent/#">Node Management Agent</a></td> <td > Node Management Agent</td></tr> <tr> <td > 6543</td> <td > UDP</td> <td > Spread</td> <td > Monitor-to-daemon connection</td></tr> <tr> <td > 8443</td> <td > TCP</td> <td > HTTPS</td> <td > HTTPS service. To change the port, use <a href="../../../../../en/sql-reference/config-parameters/general-parameters/#HTTPServerPortOffset">HTTPServerPortOffset</a>.</td></tr></table> Setup: Firewall considerations /en/setup/set-up-on-premises/before-you-install/configure-network/firewall-considerations/ Mon, 01 Jan 0001 00:00:00 +0000 /en/setup/set-up-on-premises/before-you-install/configure-network/firewall-considerations/ <p>Vertica requires multiple ports be open between nodes. You may use a firewall (IP Tables) on Redhat/CentOS and Ubuntu/Debian based systems. Note that firewall use is not supported on SuSE systems and that SuSE systems must disable the firewall. The installer reports issues found with your IP tables configuration with the identifiers <strong>N0010</strong> for (systems that use IP Tables) and <strong>N011</strong> (for SuSE systems).</p> <p>The installer checks the IP tables configuration and issues a warning if there are any configured rules or chains. The installer does not detect if the configuration may conflict with Vertica. It is your responsibility to verify that your firewall allows traffic for Vertica as described in <a href="../../../../../en/setup/set-up-on-premises/before-you-install/configure-network/ensure-ports-are-available/#">Reserved ports</a>. <div class="alert admonition note" role="alert"> <h4 class="admonition-head">Note</h4> The installer does not check NAT entries in iptables. </div></p> <p>You can modify your firewall to allow for Vertica network traffic, or you can disable the firewall if your network is secure. Note that firewalls are not supported for Vertica systems running on SuSE. <div class="admonition important" role="alert"> <h4 class="admonition-head">Important</h4> You may encounter the <strong>N0010</strong> issue even when the firewall is disabled. If this occurs, you can workaround this issue and install Vertica by ignoring installer WARN messages. To do this, install (or update) with a failure threshold of FAIL. For example, <code>/opt/vertica/sbin/install_vertica --failure-threshold FAIL &lt;other install options...&gt;</code>. </div></p> <h2 id="red-hat-and-centos-systems">Red Hat and CentOS systems:</h2> <p>To disable the system firewall, run the following command as root or sudo:</p> <pre tabindex="0"><code># systemctl mask firewalld # systemctl disable firewalld # systemctl stop firewalld </code></pre><h2 id="ubuntu-and-debian-systems">Ubuntu and Debian systems</h2> <p>For details on how to configure iptables and allow specific ports to be open, see the platform-specific documentation for your platform:</p> <ul> <li> <p>Debian: <a href="https://wiki.debian.org/iptables">https://wiki.debian.org/iptables</a></p> </li> <li> <p>Ubuntu: <a href="https://help.ubuntu.com/12.04/serverguide/firewall.html">https://help.ubuntu.com/12.04/serverguide/firewall.html</a>.</p> </li> </ul> <div class="alert admonition note" role="alert"> <h4 class="admonition-head">Note</h4> Ubuntu uses the ufw program to manage iptables. </div> <p>To disable iptables on Debian, run the following command as root or sudo:</p> <pre tabindex="0"><code> $ /etc/init.d/iptables stop $ update-rc.d -f iptables remove </code></pre><p>To disable iptables on Ubuntu, run the following command:</p> <pre tabindex="0"><code>$ sudo ufw disable </code></pre><h2 id="suse-systems">SuSE systems</h2> <p>The firewall must be disabled on SUSE systems. To disable the firewall on SuSE systems, run the following command:</p> <pre tabindex="0"><code># /sbin/SuSEfirewall2 off </code></pre>