Single node deployment
This section describes a common deployment for either small deployments or non-production deployments where high availability is not required. In this type of deployment, all the OpenIAM services, infrastructure and database are deployed on one Linux host.
If integration to Active Directory or another Microsoft application is required, then a Windows VM should be used to host the connector. In this example, we will use the Active Directory PowerShell connector.
Note: This diagram is limited to integration with one application using common ports. The list of ports can change if integration with other applications is required.
| Host | Ports | Description |
|---|---|---|
| Following ports should be opened on each node in the cluster; Linux hosts nodes 1,2 | ||
| OpenIAM cluster nodes | 443 | Primary port that will be used by end users after SSL has been enabled. |
| 80 | Port that that will be used by end users before SSL is enabled. | |
| 8080 | Port that allows use of the OpenIAM using without going through the rProxy. Access to this port is helpful during development. | |
| 9080 | OpenIAM application port. | |
| 15672 | RabbitMQ management interface. | |
| Following ports should be opened on each node in the cluster; Linux hosts nodes 1,2 to support inter cluster communication between stack components. | ||
| 22 | SSH | |
| 25672 | RabbitMQ - Internode communication. | |
| 15671 (https) | RabbitMQ | |
| 4369 (EMPD) | RabbitMQ - Peer discovery service used RabbitMQ nodes and CLI tools. | |
| 9142 (https) | Cassandra - Interconnect | |
| 9160, 7000, 7001 | Cassandra | |
| 8182, 9042 | JanusGraph | |
| 6379, 6390 (TCP) | Redis | |
| 26379 (TCP) | Redis Sentinel | |
| 9200, 9300 (http/https) | ElasticSearch | |
| 2379, 2380 (TCP) | ETCD cluster (Vault DB) | |
| 587 | SMTP Service connection. | |
| 111, 2049,20048,32767,32765 - (TCP/UDP) | NFS | |
| 5672/5671/5673(TCP (AMQP)) | RabbitMQ port - Connectors that are deployed remotely will use this port to send messages back to RabbitMQ. | |
| 7199(TCP/UDP) | Used for monitoring and management of Cassandra. | |
| 8500/TCP | Consul server RPC. | |
| 8301/TCP, 8301/UDP | LAN gossip communication between consul nodes. | |
| 8600/TCP, 8600/UDP | Consul DNS Interface/Service discovery via DNS queries. | |
| 8300/TCP | Consul Server RPC/internal communication/Leader election & Raft protocol. | |
| 8302/TCP, 8302/UDP | Cross-DC gossip and federation. | |
| 8503/TCP | Consul HTTPS API. | |
| 8000(TCP/UDP) | Management APIs, internal HTTP services, or utilities, inter-node port communication. | |
| 8081(http) | IDP port | |
| 8082(http) | WEBCONSOLE_PORT | |
| 8083(http) | SELFSERVICE_PORT | |
| 8084(http) | SELFSERVICE_EXT_PORT | |
| 8085(http) | REPORTVIEWER_PORT | |
| 8086(http) | UI_STATIC_PORT | |
| 8183(TCP (HTTP/HTTPS)) | HAPROXY_JANUS_PORT | |
| 9081(TCP (HTTP)) | HAPROXY_ESB_PORT | |
| 8087(TCP (HTTP/HTTPS)) | HAPROXY_UI_PORT | |
| 9201(TCP (HTTP/HTTPS)) | HAPROXY_ES_PORT | |
| 5002(TCP (HTTP/HTTPS)) | HAPROXY_RABBIT_UI_PORT | |
| 8200,8203 (HTTP/HTTPS) | Vault | |
| 3000(TCP/HTTP/HTTPS) | Grafana dashboard | |
| 9090(TCP/HTTP/HTTPS) | Prometheus dashboard | |
| 9100(TCP/HTTP/HTTPS) | Node exporter | |
| Windows connector VM | 5672/5671 | Connector will send and receive messages back to RabbitMQ using this port. |
| 5986 | WinRM ports used by the connector. | |
| 9389 | Used to access Active directory Web services. | |
| Active Directory | 5986 | WinRM ports |
| 9389 | Active Directory Web services. | |
| 636 | LDAPs for AD authentication. |