To administrate and run the Gemini Appliance and services, certain communication channels between clients and nodes are required. As a minimum, ports TCP/443 (HTTPS) and TCP/22 (SSH) are required for basic system configuration and operations. As the web interface and SSH console offer low-level system access, make sure to not expose these ports towards public access (Anywhere, 0.0.0.0/0). Depending on the deployment, add inbound/outbound rules as needed.
For further details, see the following tables.
Gemini Enterprise Components
| Port | Protocol | Direction | Purpose | Customizable |
|---|---|---|---|---|
| 443 | TCP | Client → Appliance | Web Interface | Yes |
| 4444 | TCP | Appliance ↔ Appliance | Bulk Provisioning API | |
| 6996 | TCP | Appliance (Peer) → Appliance (Master) | License Server API | |
| 8797 | TCP | Appliance (Master) → Appliance (Peer) | Cloudera Deployment API | |
| 8888 | TCP | Appliance (Master) → Appliance (Peer) | Splunk Deployment API | |
| 8888 | TCP | Appliance (Peer) ↔ Appliance (Peer) | Splunk Deployment API | |
| 8889 | TCP | Appliance (Peer) → Appliance (Master) | Splunk Deployment API | |
| 9118 | TCP | Appliance ↔ Appliance | Failover API | |
| 13218 | TCP | Appliance ↔ Appliance | Gemini Cluster API |
Common Splunk Services
| Port | Protocol | Direction | Purpose | Customizable |
|---|---|---|---|---|
| 8000 | TCP | Client → Appliance | Splunk Web Interface | Yes |
| 8089 | TCP | Client → Appliance | Splunk REST API | Yes |
| 9998 | TCP | Appliance ↔ Appliance | Index Cluster Replication | Yes |
| 9998 | TCP | Appliance ↔ Appliance | Search Head Cluster Replication | Yes |
| 9997 | TCP | Client → Appliance | Splunk Data Forwarding | Yes |
To get the complete list of ports used by Splunk, refer to the official Splunk Enterprise documentation.
Common Cloudera Services
| Port | Protocol | Direction | Purpose | Customizable |
|---|---|---|---|---|
| 7180 | TCP | Client → Appliance | Cloudera Manager Web Interface (HTTP) | 7183 | TCP | Client → Appliance | Cloudera Manager Web Interface (HTTPS) | 7182 | TCP | Appliance ↔ Appliance | Cloudera Agents |
To get the complete list of ports used by Cloudera CDH and Hadoop components, refer to the official Cloudera Enterprise 5.2.x documentation.
Administration and Monitoring Services
| Port | Protocol | Direction | Purpose | Customizable |
|---|---|---|---|---|
| 22 | TCP | Client → Appliance | SSH Access | Yes |
| 161 | UDP | Client → Appliance | SNMP Monitoring | |
| 2121 | TCP | Client → Appliance | FTP Service | Yes |
External Resources
| Port | Protocol | Direction | Purpose | Customizable |
|---|---|---|---|---|
| 443 | TCP | Appliance → Cloud Repository (updates.geminidata.com) | Integration Center Cloud Repository | |
| 162 | UDP | Appliance → Trap Destination | SNMP Traps | Yes |
| 389 | TCP | Appliance → LDAP Server | LDAP Authentication | Yes |
| 636 | TCP | Appliance → LDAP Server | LDAP over SSL/TLS Authentication | Yes |
| 111 2049 | TCP | Appliance → NFS Server | NFS Access | |
| 445 | TCP | Appliance → CIFS Server | CIFS/SMB Access (NetBIOS not included) | |
| 443 | TCP | Appliance → S3 Endpoint (<bucket_name>.s3.amazonaws.com) | Amazon S3 Bucket Access | |
| 3260 | TCP | Appliance → iSCSI Target | iSCSI Discovery & Connection | Yes |