.. _reference-network-comms-in-cluster: Network Communications between Nodes within the Cluster ------------------------------------------------------- The cluster contains multiple nodes which can be contained in separate firewalled networks. Network ports need to be opened on firewalls to allow inter-node communication. All communication between nodes is encrypted. The following details are all based on the default settings. These can vary depending on the application setup and network design (such as NAT) of the solution, so may need adjustment accordingly. Where a dependant is noted, this is fully dependant on the configuration with no default. These communications are all related to communications between application nodes within the cluster. There are a few different deployment models so the details below cover the different models and relevant ports. So review and implement according to the deployment model in use. Note that Standalone is only a single node so this section is not relevant for that deployment model. * Proxy to Proxy Node This is relevant if the proxy node is present in the system. +------------------------+----------+-------------------------+ | Communication | Protocol | Port | +========================+==========+=========================+ | Cluster Communications | HTTPS | TCP 8443 bi-directional | +------------------------+----------+-------------------------+ * Proxy to Unified/Application Node This is relevant if the proxy node is present in the system. +------------------------+----------+-------------------------+ | Communication | Protocol | Port | +========================+==========+=========================+ | User access | HTTPS | TCP 443 | +------------------------+----------+-------------------------+ | Cluster Communications | HTTPS | TCP 8443 bi-directional | +------------------------+----------+-------------------------+ * Unified Node to Unified node This is relevant to the communications between the unified nodes (application and database combined). If the application and database nodes are split, then see the relevant application and database node details below. Database arbiters run on port 27030. +------------------------+----------+------------------------------------+ | Communication | Protocol | Port | +========================+==========+====================================+ | Database access | database | TCP 27020 and 27030 bi-directional | +------------------------+----------+------------------------------------+ | Cluster Communications | HTTPS | TCP 8443 | +------------------------+----------+------------------------------------+ * Application node to Application node This is relevant to the communications between application nodes nodes in the system. This is only relevant where the database node is separate from the application node (in other words, not Unified node). +------------------------+----------+-------------------------+ | Communication | Protocol | Port | +========================+==========+=========================+ | Cluster communications | HTTPS | TCP 8443 bi-directional | +------------------------+----------+-------------------------+ * Application Node to Database node This is relevant to the communications between the application node and the database node. This is relevant if the database node is separate from the application node. Database arbiters run on port 27030. +------------------------+----------+------------------------------------+ | Communication | Protocol | Port | +========================+==========+====================================+ | Database access | database | TCP 27020 and 27030 bi-directional | +------------------------+----------+------------------------------------+ | Cluster Communications | HTTPS | TCP 8443 | +------------------------+----------+------------------------------------+ * Database Node to Database node This is relevant to the communications between the application node and the database node.  This is relevant if the database node is separate from the application node. Database arbiters run on port 27030. +------------------------+----------+------------------------------------+ | Communication | Protocol | Port | +========================+==========+====================================+ | Database access | database | TCP 27020 and 27030 bi-directional | +------------------------+----------+------------------------------------+ | Cluster Communications | HTTPS | TCP 8443 | +------------------------+----------+------------------------------------+