// removed jquery ui css and js

CCM Firewall Rules

CCM Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Ingress (optional)0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

443Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

4560EgressMonitorFor ELK communication – Elasticsearch Port.
5671Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.

8443

 

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY

For two-way communication between:

  • The CCO and CCM
  • The Monitor and CCM

Required for all cloud regions supported by your CloudCenter deployment.

For one-way communication from AMQP to CCM.

Egress
  • CCO or
  • CCO_LB
  • Monitor

8881

Egress

Monitor

For ELK communication – Logstash Port.

15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

CCM_SA Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80Ingress (optional)0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

443Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

4560EgressMonitorFor ELK communication – Elasticsearch Port.
5432EgressMGMTPOSTGRES

For communication to the database.

5671Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.

8443

 

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY

For two-way communication between:

  • The CCO and CCM
  • The Monitor and CCM

Required for all cloud regions supported by your CloudCenter deployment.

For one-way communication from AMQP to CCM.

Egress
  • CCO or
  • CCO_LB
  • Monitor

8881

Egress

Monitor

For ELK communication – Logstash Port.

15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

CCM_SA_PRIMARY and CCM_SA_SECONDARY Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/Egress
  • CCM
  • CCM_SA_PRIMARY or
  • CCM_SA_SECONDARY
To remotely configure the CCM from the CCO/AMQP config wizard.

For static file sync between the CCM Primary and Secondary VMs.

80Ingress (optional)0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

443Ingress

CCM_LB

For UI/API access.

4560EgressMonitorFor ELK communication – Elasticsearch Port.
5432EgressMGMTPOSTGRES

For communication to the database.

5671Ingress/Egress (optional)ESB API CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish programmatic access to the AMQP module – only required if you use the ESB functionality.
5703Ingress/Egress
  • CCM_SA_PRIMARY or
  • CCM_SA_SECONDARY

For internal implementation to handle data in HA.

8443

 

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • CCM_LB
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY

For two-way communication between:

  • The CCO and CCM
  • The Monitor and CCM

Required for all cloud regions supported by your CloudCenter deployment.

For one-way communication from AMQP to CCM.

Egress
  • CCO or
  • CCO_LB
  • Monitor

8881

Egress

Monitor

For ELK communication – Logstash Port.

15672Ingress/Egress (optional)ESB UI CommunicationFor two-way communication with the ESB AMQP module in the CCM. This port must be open if you need to establish access to the AMQP module from the AMQP UI – only required if you use the ESB functionality.

MGMTPOSTGRES Ports

Port

Direction

Remote Source

Notes

22

Ingress (Optional)

Allowed SSH source IP

For troubleshooting purposes.

5432  

Ingress 

CCM_SA

For incoming connection from a CCM standalone VM.

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE Ports

Port

Direction

Remote Source

Notes

22

Ingress (Optional)

Allowed SSH source IP

For troubleshooting purposes.

Ingress/EgressMGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVEFor static file sync between the MGMTPOSTGRES master and slave VMs.
2224Ingress/Egress

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE

For Pacemaker clustering between both database VMs to ensure high availability.

3121

5432

Ingress 

CCM_SA_PRIMARY and CCM_SA_SECONDARY

For incoming connection from the CCM standalone VM.

Ingress/Egress

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE

For communication between master and slave database VMs.

5405

(UDP)

Ingress/Egress

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE

21064

Ingress/Egress

MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE

For Pacemaker clustering between both database VMs to ensure high availability.

CCM_LB Ports

Port

Direction

Remote Source

Notes

22

Ingress (optional)

Allowed SSH source IP

For troubleshooting purposes.

80

Ingress (optional)

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For HTTP to HTTPS redirection.

443

Ingress

0.0.0.0/0 (or appropriate IP address range for user browsers that are allowed to access)

For UI/API access.

Egress

CCM_SA_PRIMARY and CCM_SA_SECONDARY

For communication with CCM primary and secondary VMs.

8443

 

Egress

CCM_SA_PRIMARY and CCM_SA_SECONDARY

For communication with CCM primary and secondary VMs.

Ingress

  • CCO or
  • CCO_PRIMARY, CCO_SECONDARY, and CCO_TERTIARY
  • Monitor
  • AMQP or
  • AMQP_PRIMARY and AMQP_SECONDARY

For communication from the CCO, AMQP, and Monitor VMs.

 

 

  • No labels
© 2017 Cisco Systems