How-To

Recommended firewall settings for an on-premise installation of Data Virtuality


Userlevel 5
Badge
  • Community Manager
  • 21 replies

Recommended firewall settings for ports used by Data Virtuality Server.

Name in dvserver-standalone.xml

Port

Private network

Public network

Description

Used by Data Virtuality Studio

Necessary for DV to start

jboss.socket.binding.port-offset

N/A

N/A

N/A

Port offset

N/A

N/A

management-http

9990

Closed

Closed

WildFly management interface.

No

No

management-https

9993

Closed

Closed

ajp

8009

Closed

Closed

Apache JServ Protocol. Used for HTTP clustering and load balancing.

No

No

http

8080

Open

Closed

Default Data Virtuality Server portal and Rest API server.

No

No

https

8443

Open

Open

No

No

txn-recovery-environment

4712

Open

Closed

The JTA transaction recovery manager.

No

Yes

txn-status-manager

4713

Open

Closed

The JTA / JTS transaction manager.

No

Yes

dv-jdbc

31000

Open

Closed

 

Yes

No

dv-jdbc-ssl

31001

Open

Open

 

Yes

No

dv-odbc

35432

Open

Closed

 

No

No

dv-odbc-ssl

35433

Open

Open

 

No

No

postgresql DB

54322

Open

Closed

Internal Postgres DB

No

Yes

 

Additional information can be found here: https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/6/html/installation_guide/network_ports_used_by_jboss_enterprise_application_platform_62

 

Port offset

Already documented. https://documentation.datavirtuality.com/24/administration-guide/configuration/network-configuration

management-http and management-https

This is a web-based management console for WildFly.

For more information, please refer to this documentation: https://docs.jboss.org/author/display/WFLY10/Management%20Clients.html

 

Ajp (Apache JServ Protocol)

The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. AJP is a highly trusted protocol and should never be exposed to untrusted clients, which could use it to gain access to sensitive information or execute code on the application server.[1]

For more information, please refer to this documentation: https://en.wikipedia.org/wiki/Apache_JServ_Protocol

 

http and https

Default ports for a web-based interface to Data Virtuality. This portal include links to binaries, management, and documentation. These are also the ports used by the Rest API server inside of Data Virtuality Server.

txn-recovery-environment and txn-status-manager

Internal transaction manager and transaction crash recovery system for WildFly. Used by Data Virtuality Server.

See https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/5/html/transactions_development_guide/chap-transactions_jta_programmers_guide-transaction_recovery

 

dv-jdbc

Port used by client connections using the Data Virtuality JDBC connector. This port does not encrypt traffic between the client and the server.

dv-jdbc-ssl

Port used by client connections using the Data Virtuality JDBC connector. This port uses SSL to encrypt the traffic between the client and the server.

 

dv-odbc

Port used by client connections using the Data Virtuality ODBC driver. This port does not encrypt traffic between the client and the server.

dv-odbc-ssl

Port used by client connections using the Data Virtuality ODBC driver. This port uses SSL to encrypt the traffic between the client and the server.

 

 

 

 

 

References

"AJP File Read/Inclusion in Apache Tomcat (CVE-2020-1938) and Undertow (CVE-2020-1745)". Red Hat Customer Portal. Retrieved 1 March 2020.


0 replies

Be the first to reply!

Reply