Network connectivity requirements
This topic covers the general network and connectivity requirements, including connection requirements, port allocation, and firewall and Intrusion Detection System (IDS) considerations.
A security mechanism exists that does not allow the Masking engine to deploy behind a reverse proxy on the network.
General outbound connections from the virtual machine Delphix Continuous Compliance Engine
Protocol | Port Numbers | Use |
|---|---|---|
TCP | 25 | Connection to a local SMTP server for sending email. |
TCP/UDP | 53 | Connections to local DNS servers. |
UDP | 123 | Connection to an NTP server. |
UDP | 162 | Sending SNMP TRAP messages to an SNMP Manager. |
TCP | 443 | HTTPS connections from the Delphix Engine to the Delphix Support upload server. |
TCP/UDP | 636 | Secure connections to an LDAP server. |
TCP/UDP | various | Connections to target environments such as databases (JDBC) and files (FTP, SFTP, NFS, or CIFS). |
General inbound connections to the virtual machine Delphix Continuous Compliance Engine
Protocol | Port Numbers | Use |
|---|---|---|
TCP | 22 | SSH connections to the Delphix Engine. |
TCP | 80 | HTTP connections to the Delphix GUI (optional). |
UDP | 161 | Messages from an SNMP Manager to the Delphix Engine. |
TCP | 443 | HTTPS connections to the Delphix GUI. |
General outbound connections from the containerized Delphix Continuous Compliance Engine
Containerized Masking is deployed as a Pod on a customer Kubernetes infrastructure rather than being a self-contained machine like the VM deployments. There is much-underlying infrastructure (NTP, for example) that the VM deployment must manage, which is unnecessary for a containerized deployment. There are many features (again using time as one example) that a containerized deployment requires from the underlying infrastructure, but since they are no longer managed by the Pod itself, they no longer appear in the list of networking requirements.
Protocol | Port Numbers | Use |
|---|---|---|
TCP | 25 | Connection to a local SMTP server for sending email. |
TCP/UDP | 53 | Connections to local DNS servers. |
TCP/UDP | various | Connections to target environments such as databases (JDBC) and files (FTP, SFTP, NFS, or CIFS). |
General inbound connections to the containerized Delphix Continuous Compliance Engine
The inbound ports shown in the table below are all internal. The kubernetes config defines a service that routes customer supplied external facing ports to the listed internal ports allowing the customer to choose any ports that work best for their infra. The example config maps external port 30080 to internal port 8080 and external port 30443 to internal port 8443, but that is left entirely to customer discretion.
Protocol | Port Numbers | Use |
|---|---|---|
TCP | 8080 | HTTP connections to the Delphix GUI (optional). |
TCP | 8443 | HTTPS connections to the Delphix GUI. |
Firewalls and Intrusion Detection Systems (IDS)
Firewalls can add milliseconds to the latency between servers. Accordingly, for best performance, there should be no firewalls between the Delphix Masking Engine and the target environments. If the Delphix Masking Engine is separated from a target environment by a firewall, the firewall must be configured to permit network connections between the Delphix Masking Engine and the target environments for the application protocols (ports) listed above.
Intrusion detection systems (IDSs) should also be made permissive to the Delphix Masking Engine deployment. IDSs should be made aware of the anticipated high volumes of data transfer between the Delphix Masking Engine and target environments.