Ports Used by Cloudera Director

Cloudera Director needs to communicate with each of the nodes in the clusters that it manages. The simplest way to achieve this, if your organization's security policies allow it, is to enable all network traffic between Cloudera Director, cluster instances, and the Cloudera Manager node using any protocol on any port. You can do this in AWS by creating a security group for your VPC that allows traffic between its members and assigning this security group to Cloudera Director, Cloudera Manager, and all cluster instances. With this approach, you do not have to specify each port that is required by Cloudera Manager.
Type Protocol Port Range Source
ALL Traffic ALL ALL security_group_id
SSH (22) TCP (6) 22 0.0.0.0/0
In a restricted network environment, you may want to enable minimal network traffic between instances and keep open ports to a minimum.
  • Minimally, open port 22 for traffic to allow SSH access to the Cloudera Director server. If using SSH tunneling, the other Cloudera Director ports below are not required.
  • Minimally, the Cloudera Director server needs SSH (port 22) access to every node in the cluster.
  • Open outbound port 123 so that the Cloudera Manager and cluster nodes can access an NTP time server.
  • Optionally, open port 7189 on the Cloudera Director server to enable access to the Cloudera Director web UI. Optionally, you can configure Cloudera Director to use HTTPS. You can configure a non-default port for the Cloudera Director web UI with the lp.remote.hostAndPort property in the application.properties file. To enable HTTPS, configure the server.ssl.* settings in the SSL section of the application.properties file.
  • Optionally, open port 7180 on the Cloudera Manager instances so that the Cloudera Director server can use port 7180 to interact with the Cloudera Manager API. (Otherwise, Cloudera Director will use SSH tunnels on port 22 to communicate with Cloudera Manager.)
  • The Cloudera Director server needs access to outbound ports 80 and 443 to retrieve packages for initial installation, metering access, and for API access to the AWS, Azure, and Google APIs. Refer to AWS, Azure, and Google documentation for the exact domains.

For information on ports used by Cloudera Manager and CDH, see Ports in the Cloudera Manager documentation.

The following table summarizes the Cloudera Director port requirements described above:
Service Role Purpose Default Port Protocol Required?
Cloudera Director Cloudera Director server Cloudera Director web UI and API 7189 (configurable) HTTP No (SSH tunnel can be used instead)
Web UI and API configurable HTTPS No (SSH tunnel can be used instead)
Clusters managed by Cloudera Director Cloudera Manager node Cloudera Manager API 7180 HTTP No (SSH tunnel can be used instead)
NTP 123 (outbound) UDP Yes
Node installation 22 SSH Yes
Cluster nodes NTP 123 (outbound) UDP Yes
Node installation 22 SSH Yes
archive.cloudera.com, metering.cloudera.com, AWS, Azure, and Google REST APIs, etc. Cloudera Director server and the Cloudera Manager node Software download/metering 80 (outbound) HTTP Yes*
443 (outbound) HTTPS Yes*
*You can restrict access to archive.cloudera.com and metering.cloudera.com if you have an internal parcel repository and Cloudera Manager repository, and are not using usage-based billing (which requires metering), but your instances still require access to your cloud provider's REST APIs through HTTP or HTTPS.