Opening Network Ports for Clients

The Yellowbrick client applications (ybtools) run on customer computers and need to communicate with Yellowbrick instances in order to send or receive data, using the customer's existing network infrastructure.

The network infrastructure is usually protected by firewalls (and/or Layer 3 switches) that filter traffic, mainly for security or performance reasons. These firewalls are typically configured to allow access only to critical services, such as web servers, mail servers, and existing databases. Therefore, you will need to open up access to Yellowbrick traffic through specific ports. If you don't make these firewall changes, you are likely to see the following errors or other "could not connect" errors:
  • Connection Refused: the firewall rejected the traffic and sent a response to the client indicating that it was rejected.
  • Connection Timeout: the firewall dropped the traffic without sending a response to the client.

Configure the network firewall to allow traffic from the client computer to the cluster on these ports (for example, by opening up the ports using source and destination filters in routing tables). The corporate IT staff should be familiar with this process and should only need to be informed about the port requirements listed on this page. In most cases, a VPN should not be necessary to send Yellowbrick client traffic through corporate firewalls.

Yellowbrick client tools communicate with the cluster by specifying both a host (instance name or YBHOST value) and port 5432 (YBPORT), which cannot be changed.

SSL-only mode is used for client connections.

All client application and user connections to Yellowbrick instances occur via the following reserved ports.

Port Purpose Protocol Notes
80 CDWM/Yellowbrick Manager HTTP HTTP server port (redirects to 443)
443 CDWM/Yellowbrick Manager HTTPS TLS versions 1.1 and 1.2 only
5432 Yellowbrick database TCP Default port for database connections for all protocols: ODBC, JDBC, libpq, and so on.
11111, 11112 ybtools control port TCP Control ports used for ybload, ybunload, ybbackup, and ybrestore. (11111 redirects to 11112.)
31000 and 31001 ybtools data transfer TCP 31000 and 31001: two ports for sending and receiving data (used by ybload, ybunload, ybbackup, ybrestore, and so on)