To administrate and run the Gemini Appliance and services, certain communication channels between clients and nodes are required. As a minimum, ports TCP/443 (HTTPS) and TCP/22 (SSH) are required for basic system configuration and operations. As the web interface and SSH console offer low-level system access, make sure to not expose these ports towards public access (Anywhere, 0.0.0.0/0). Depending on the deployment, add inbound/outbound rules as needed.

For further details, see the following tables.

Gemini Enterprise Components

Port Protocol Direction Purpose Customizable
443TCPClient → ApplianceWeb InterfaceYes
4444TCPAppliance ↔ ApplianceBulk Provisioning API
6996TCPAppliance (Peer) → Appliance (Master)License Server API
8797TCPAppliance (Master) → Appliance (Peer)Cloudera Deployment API
8888TCPAppliance (Master) → Appliance (Peer)Splunk Deployment API
8888TCPAppliance (Peer) ↔ Appliance (Peer)Splunk Deployment API
8889TCPAppliance (Peer) → Appliance (Master)Splunk Deployment API
9118TCPAppliance ↔ ApplianceFailover API
13218TCPAppliance ↔ ApplianceGemini Cluster API

Common Splunk Services

Port Protocol Direction Purpose Customizable
8000TCPClient → ApplianceSplunk Web InterfaceYes
8089TCPClient → ApplianceSplunk REST APIYes
9998TCPAppliance ↔ ApplianceIndex Cluster ReplicationYes
9998TCPAppliance ↔ ApplianceSearch Head Cluster ReplicationYes
9997TCPClient → ApplianceSplunk Data ForwardingYes

To get the complete list of ports used by Splunk, refer to the official Splunk Enterprise documentation.

Common Cloudera Services

Port Protocol Direction Purpose Customizable
7180TCPClient → ApplianceCloudera Manager Web Interface (HTTP)
7183TCPClient → ApplianceCloudera Manager Web Interface (HTTPS)
7182TCPAppliance ↔ ApplianceCloudera Agents

To get the complete list of ports used by Cloudera CDH and Hadoop components, refer to the official Cloudera Enterprise 5.2.x documentation.

Administration and Monitoring Services

Port Protocol Direction Purpose Customizable
22TCPClient → ApplianceSSH AccessYes
161UDPClient → ApplianceSNMP Monitoring
2121TCPClient → ApplianceFTP ServiceYes

External Resources

Port Protocol Direction Purpose Customizable
443TCPAppliance → Cloud Repository
(updates.geminidata.com)
Integration Center Cloud Repository
162UDPAppliance → Trap DestinationSNMP TrapsYes
389TCPAppliance → LDAP ServerLDAP AuthenticationYes
636TCPAppliance → LDAP ServerLDAP over SSL/TLS AuthenticationYes
111
2049
TCPAppliance → NFS ServerNFS Access
445TCPAppliance → CIFS ServerCIFS/SMB Access (NetBIOS not included)
443TCPAppliance → S3 Endpoint
(<bucket_name>.s3.amazonaws.com)
Amazon S3 Bucket Access
3260TCPAppliance → iSCSI TargetiSCSI Discovery & ConnectionYes