Three node cluster
This section describes a common high availability deployment used in mid-sized deployments. In this type of deployment, all of the OpenIAM services, infrastructure are replicated on each of the three linux hosts that make up the cluster. The database is external to the cluster and can have its own cluster.
If integration to Active Directory or another Microsoft application is required, then a Windows VM should be used to host the connector. In this example, we will use the Active Directory PowerShell connector.
Note: This diagram is limited to integration with one application using common ports. The list of ports can change if integration with other applications is required.
Contents of the table below over-ride the port values in the diagram
| Host | Ports | Description |
|---|---|---|
| OpenIAM cluster nodes | Following ports should be opened on each node in the cluster; Linux hosts nodes 1,2 and 3. | |
| 443 | Primary port that will be used by end users after SSL has been enabled | |
| 80 | Port that that will be used by end users before SSL is enabled. | |
| 8080 | Port that allows use of the OpenIAM using without going through the rProxy. Access to this port is helpful during development. | |
| 9080 | OpenIAM application port | |
| 15672 | RabbitMQ management interface | |
| Following ports should be opened on each node in the cluster( Linux hosts nodes 1,2 and 3) to support inter cluster communication between stack components. | ||
| 22 | SSH | |
| 25672 | RabbitMQ - Internode communication | |
| 15671 (https) | RabbitMQ | |
| 4369 (epmd) | RabbitMQ - Peer discovery service used RabbitMQ nodes and CLI tools | |
| 9142 (https) | Cassandra - Interconnect | |
| 9160, 7000, 7001 | Cassandra | |
| 8182, 9042 | JanusGraph | |
| 6379, 6390 (TCP) | Redis | |
| 26379 (TCP) | Redis Sentinel | |
| 9200, 9300 (http/https) | ElasticSearch | |
| 2379, 2380 (TCP) | Etcd cluster (Vault DB) | |
| 587 | SMTP Service connection | |
| 111, 2049,20048,32767,32765 -(TCP/UDP) | NFS | |
| 8200,8203 (Http / Https) | Vault | |
| Windows Connector VM | 5672 | Connector will send and receive messages back to RabbitMQ using this port. |
| 5986 | WinRM ports used by the connector. | |
| 9389 | Used to access Active directory Web services | |
| Active Directory | 5986 | WinRM ports |
| 9389 | Active Directory Web services | |
| 636 | Ldaps for AD authentication |