TIBCO Spotfire® Server and Environment - Installation and Administration

Ports and firewall configuration

These are the main ports used by Spotfire. The following table indicates their function, the default port number, firewall requirements and, for internal ports, how to change the port when Spotfire has already been installed and configured.

Ports through which Spotfire receives communication (inbound ports) must be opened in any active firewall.

Ports through which Spotfire sends communication (outbound ports) are open by default unless they match a firewall rule that blocks them.

Internal ports

The following ports are used for communication between Spotfire components.

Name of port Function Default Firewall requirements How to change port
Public HTTP port
Note: The HTTP connector port and the HTTPS connector port are configured independently. You can use either of them or, in some cases, both.
Used for non-secure communication with installed and web clients. 80 On computers running Spotfire Server, these ports must be open.

Computers running Spotfire Analyst and web browser clients must have access to these ports.

Proxies, and load balancers in front of servers, also require access to these ports.

In the server.xml file, edit the relevant Connector port parameter.

For general instructions, see Manually editing the server.xml file.

HTTPS connector port Used for secure communication with installed and web clients. 443
Server back-end registration port Used for setting up trust between the Spotfire Server and nodes. 9080 On computers running Spotfire Server, these ports must be open.

Computers running node managers must have access to these ports.

Server back-end communication port Spotfire Server listens to secure traffic from services on the nodes.

Used for secure traffic between nodes.

9443
Node manager registration port Used for setting up trust between node managers and Spotfire Server. 9080

Computers running Spotfire Server must have access to these ports, and computers running node manager must open these ports and have access.

For example, if you run a service such as the TERR service on one node and the Web Player on another node, then the Web Player must have access to the TERR service through its communication port.

Edit the following file: <node manager installation dir>\nm\config\nodemanager.properties
Node manager communication port Used for secure communication within the environment. 9443
Service communication port Used by Spotfire Web Player instances and Automation Services instances for secure communication and basic functionality. 9501 In Spotfire Server, in the Nodes & Services area, on the "Your network" page, select a service instance on the left, and then click Edit in the upper-right pane.
TERR service communication port Used by the TERR service for secure communication and basic functionality. 9502
Spotfire Service for Python communication port Used by the Spotfire Service for Python for secure communication and basic functionality. 9503
TERR service engine ports Used by TERR engines running under the TERR service. 61000-62000 No firewall configuration needed. For information about changing the TERR service engine ports, see the TERR service configuration information.
Spotfire Service for Python engine ports Used by Python engines running under the Spotfire Service for Python. 62000-63000 No firewall configuration needed. For information about changing the Python engine ports, see TIBCO® Spotfire Service for Python configuration information.
Clustering port Used for secure communication within the environment. This port is the same for all servers in the cluster. 5701 These ports must be open between all the Spotfire Servers in the cluster. Use the Spotfire configuration tool to change the port for the clustered servers.

On the Configuration page, click Clustering in the left pane.

Second clustering port A second clustering port, used by Apache Ignite. 5702
Note: This port number is equal to the first clustering port number plus one.
Third clustering port A third clustering port, used by Apache Ignite. 5703
Note: This port number is equal to the first clustering port number plus two.
JMX RMI port If JMX RMI access is enabled, Spotfire Server opens a separate port for this purpose. 1099 Computers running monitoring clients must have access to this port. Use the config-jmx command.

Outbound ports on the server

Spotfire Server uses the following ports to communicate with programs outside of Spotfire. To facilitate this communication, firewalls must allow outgoing traffic through these ports.

Type of port Function Default Firewall requirements
Database communication port The Spotfire database server listens to this port. Oracle database: 1521

SQL Server: 1433

PostgreSQL: 5432

Computers running Spotfire Server must have access to this port.
LDAP port An optional number indicating the TCP port that the LDAP service is listening on. When using LDAP over TLS, the port number defaults to 389.

When using the LDAPS protocol, the port number defaults to 636.

Global Catalog LDAP port Active Directory LDAP servers also provide a Global Catalog containing forest-wide information, instead of domain-wide information only. LDAP: 3268

LDAPS: 3269

TIBCO Enterprise Message Service ( EMS ) This service can be used to trigger scheduled updates.

EMS listens to this port.

Non-secure connection: 7222

Secure connection: 7243

Data connectors

For information on available connectors, see "List of Connectors in this Version" in the Spotfire Analyst User's Guide.

Data connectors listen to these ports. Varies
Kerberos/GSSAPI Used by the Kerberos authentication method, as well as when authenticating to LDAP server using the GSSAPI method. Fixed port 88 on the Active Directory domain controllers
Microsoft Net Logon, SMB, and CIFS Used by the NTLM v2 authentication method. Fixed port 445 on the Active Directory domain controllers
Open ID Connect providers Used by the web authentication method. 443
SMTP port Used by Automation Services. 25, 2525, or 587

Secure SMTP: 465, 25, or 587

Databases and other services used by Information Services JDBC-compliant data sources and other services used by Information Services listen to these ports. Oracle database: 1521

SQL Server: 1433

Netezza: 5480

Otherwise, it varies.
JMX RMI port If JMX RMI access is enabled, Spotfire Server opens a separate port for this purpose. 1099 Computers running monitoring clients must have access to this port.