Ports Used by Altus Director
Altus Director needs to communicate with each of the nodes in the clusters that it manages. The simplest way to achieve this, if your organization's security policies allow it, is to
enable all network traffic between Altus Director, cluster instances, and the Cloudera Manager node using any protocol on any port. You can do this in AWS by creating a security group for your VPC
that allows traffic between its members and assigning this security group to Altus Director, Cloudera Manager, and all cluster instances. With this approach, you do not have to specify each port that
is required by Cloudera Manager.
| Type | Protocol | Port Range | Source |
|---|---|---|---|
| ALL Traffic | ALL | ALL | security_group_id |
| SSH (22) | TCP (6) | 22 | 0.0.0.0/0 |
In a restricted network environment, you might want to enable minimal network traffic between instances and keep open ports to a minimum.
- Minimally, open port 22 for traffic to allow SSH access to the Altus Director server. If using SSH tunneling, the other Altus Director ports below are not required.
- Minimally, the Altus Director server needs SSH (port 22) access to every node in the cluster.
- Open outbound port 123 so that the Cloudera Manager and cluster nodes can access an NTP time server.
- Optionally, open port 7189 on the Altus Director server to enable access to the Altus Director web UI. Optionally, you can configure Altus Director to use HTTPS. You can configure a non-default port for the Altus Director web UI by adding the server.port property to the server application.properties file and specifying the desired port number. To enable HTTPS, configure the server.ssl.* settings in the SSL section of the application.properties file.
- Optionally, open port 7180 on the Cloudera Manager instances so that the Altus Director server can use port 7180 to interact with the Cloudera Manager API. (Otherwise, Altus Director will use SSH tunnels on port 22 to communicate with Cloudera Manager.)
- The Altus Director server needs access to outbound ports 80 and 443 to retrieve packages for initial installation, metering access, and for API access to the AWS, Azure, and Google APIs. Refer to AWS, Azure, and Google documentation for the exact domains.
For information on ports used by Cloudera Manager and CDH, see Ports in the Cloudera Manager documentation.
The following table summarizes the Altus Director port requirements described above:
*You can restrict access to archive.cloudera.com and metering.cloudera.com if you have an internal parcel repository and Cloudera Manager repository, and are not using usage-based billing (which
requires metering), but your instances still require access to your cloud provider's REST APIs through HTTP or HTTPS.
| Service | Role | Purpose | Default Port | Protocol | Required? |
|---|---|---|---|---|---|
| Altus Director | Altus Director server | Altus Director web UI and API | 7189 (configurable) | HTTP | No (SSH tunnel can be used instead) |
| Web UI and API | configurable | HTTPS | No (SSH tunnel can be used instead) | ||
| Clusters managed by Altus Director | Cloudera Manager node | Cloudera Manager API | 7180 | HTTP | No (SSH tunnel can be used instead) |
| NTP | 123 (outbound) | UDP | Yes | ||
| Node installation | 22 | SSH | Yes | ||
| Cluster nodes | NTP | 123 (outbound) | UDP | Yes | |
| Node installation | 22 | SSH | Yes | ||
| archive.cloudera.com, metering.cloudera.com, AWS, Azure, and Google REST APIs, etc. | Altus Director server and the Cloudera Manager node | Software download/metering | 80 (outbound) | HTTP | Yes* |
| 443 (outbound) | HTTPS | Yes* |