Ports required for HBase replication policies
Open the ports 2181 and 16020 on the source and destination secondary nodes to ensure that the source HBase service can reach Zookeeper and HBase services on the destination hosts. You must also ensure that the Cloudera Manager server port is open on the source cluster.
Use one of the following methods to open the required ports for HBase replication:
- Choose a security group for your environment and open the ports manually.
In this method, you choose the security groups that are automatically created for
the environment. By default, the security groups do not have any rules for Zookeeper
and HBase ports, therefore, you must open the required ports manually after you
create a Data Hub.
After you open the ports, the required security groups are assigned to the nodes when the nodes are autoscaled. This is a one-time process that you must perform when you create a Data Hub.
- Define a security group with the required ports open, and assign it to the
new Data Hub environment. In this method, you define a security group for a VPC that
contains inbound rules to open the required ports which include Zookeeper and HBase
ports. When you create an environment, you assign this security group to it. If
required, you can assign different security groups to the gateway node and other
This method allows you to reuse the security groups in other new Data Hubs. Security issues do not appear because the nodes in the same security group do not access each other by default. However, if required, you can add a separate rule to impose this restriction. Sharing the same security group for inbound and outbound network access rules remains as strict as having separate security groups for each environment, but the extra rules for Zookeeper and HBase ports do not need to be added at each environment creation.
- You replicate HBase data to another CDP account or region in the same cloud provider. In this use case, ensure that the VPC/VNET peering is complete before you open the ports to establish connection over private networks.
- You replicate HBase data to COD or Data Hub using a direct connection. In this use case, you ensure that public IPs and Zookeeper ports are not open to the internet.