Ports and firewall configuration
These are the main ports used by Spotfire. The following table indicates their function, the default port number, firewall requirements and, for internal ports, how to change the port when Spotfire has already been installed and configured.
Ports through which Spotfire receives communication (inbound ports) must be opened in any active firewall.
Ports through which Spotfire sends communication (outbound ports) are open by default unless they match a firewall rule that blocks them.
Internal ports
The following ports are used for communication between Spotfire components.
| Name of port | Function | Default | Firewall requirements | How to change port |
|---|---|---|---|---|
| Public HTTP port
Note: The HTTP
connector port and the HTTPS connector port are configured independently. You
can use either of them or, in some cases, both.
|
Used for non-secure communication with installed and web clients. | 80 | On computers running Spotfire
Server, these ports must be open.
Computers running Spotfire Analyst and web browser clients must have access to these ports. Proxies, and load balancers in front of servers, also require access to these ports. |
In the
server.xml file, edit the relevant
Connector port parameter.
For general instructions, see Manually editing the server.xml file. |
| HTTPS connector port | Used for secure communication with installed and web clients. | 443 | ||
| Server back-end registration port | Used for setting up trust between the Spotfire Server and nodes. | 9080 | On computers running Spotfire
Server, these ports must be open.
Computers running node managers must have access to these ports. |
|
| Server back-end communication port | Spotfire Server listens to secure traffic
from services on the nodes.
Used for secure traffic between nodes. |
9443 | ||
| Information Services communication port |
Used for communication with Information Services. Note: Information Services runs in its own sub-process on the
Spotfire Server.
|
9445 |
On computers running Spotfire Server, this port must be open. No firewall configuration needed. |
Run the command line reference
For more information, see config-external-information-services-process. Another option is to Manually edit the Spotfire Server configuration. |
| Node manager registration port | Used for setting up trust between node managers and Spotfire Server. | 9080 |
Computers running Spotfire Server must have access to these ports, and computers running node manager must open these ports and have access. For example, if you run a service such as the Python service on one node and the Web Player on another node, then the Web Player must have access to the Python service through its communication port. |
Edit the following file: <node manager installation dir>\nm\config\nodemanager.properties |
| Node manager communication port | Used for secure communication within the environment. | 9443 | ||
| Service communication port | Used by Spotfire Web Player instances and Automation Services instances for secure communication and basic functionality. | 9501 | In the Spotfire Server web administration pages, under Nodes & Services, on the Network page, select a service instance on the left, and then click Edit in the upper-right pane. | |
| Spotfire Enterprise Runtime for R –Server Edition communication port | Used by the Spotfire Enterprise Runtime for R –Server Edition for secure communication and basic functionality. | 9502 | ||
| Spotfire Service for Python communication port | Used by the Spotfire Service for Python for secure communication and basic functionality. | 9503 | ||
| Spotfire Enterprise Runtime for R –Server Edition engine ports | Used by the Spotfire Enterprise Runtime for R engines running under the Spotfire Enterprise Runtime for R –Server Edition service. | 61000-62000 | No firewall configuration needed. | For information about changing the Spotfire Enterprise Runtime for R engine ports, see TERR service configuration properties. |
| Spotfire Service for Python engine ports | Used by Python engines running under the Spotfire Service for Python. | 62001-63000 | No firewall configuration needed. | For information about changing the Python engine ports, see Spotfire® Service for Python configuration properties. |
| Spotfire Service for R engine ports | Used by the R engines running under the Spotfire Service for R. | 63001-64000 | No firewall configuration needed. | For information about changing the R engine ports, see Spotfire® Service for R configuration properties. |
| Clustering port | Used for secure communication within the environment. This port is the same for all servers in the cluster. | 5701 | These ports must be open between all the Spotfire Servers in the cluster. | Use the Spotfire configuration
tool to change the port for the clustered servers.
On the Configuration page, click Clustering in the left pane. |
| Second clustering port | A second clustering port, used by Apache Ignite. | 5702
Note: This port
number is equal to the first clustering port number plus one.
|
||
| Third clustering port | A third clustering port, used by Apache Ignite. | 5703
Note: This port number is equal to the first clustering port
number plus two.
|
||
| Fourth clustering port | A fourth clustering port, used by Apache Ignite. | 5704
Note: This port number is equal to the first clustering port
number plus three.
|
||
| JMX RMI port | If JMX RMI access is enabled, Spotfire Server opens a separate port for this purpose. | 1099 | Computers running monitoring clients must have access to this port. | Use the config-jmx command. |
| JMX RMI port (Information Services) | If JMX RMI access is enabled, Information Services opens a separate port for this purpose. | 1100 | Computers running monitoring clients must have access to this port. | Use the config-jmx command. |
Outbound ports on the server
Spotfire Server uses the following ports to communicate with programs outside of Spotfire. To facilitate this communication, firewalls must allow outgoing traffic through these ports.
| Type of port | Function | Default | Firewall requirements |
|---|---|---|---|
| Database communication port | The Spotfire database server listens to this port. | Oracle database: 1521
SQL Server: 1433 PostgreSQL: 5432 |
Computers running Spotfire Server must have access to this port. |
| LDAP port | An optional number indicating the TCP port that the LDAP service is listening on. | When using LDAP over TLS, the port number
defaults to 389.
When using the LDAPS protocol, the port number defaults to 636. |
|
| Global Catalog LDAP port | Active Directory LDAP servers also provide a Global Catalog containing forest-wide information, instead of domain-wide information only. | LDAP: 3268
LDAPS: 3269 |
|
| TIBCO Enterprise Message Service ( EMS ) | This service can be used to trigger scheduled
updates.
EMS listens to this port. |
Non-secure connection: 7222
Secure connection: 7243 |
|
| Data connectors
For information on available connectors, see "List of Connectors in this Version" in the Spotfire Analyst User Guide. |
Data connectors listen to these ports. | Varies | |
| Kerberos/GSSAPI | Used by the Kerberos authentication method, as well as when authenticating to LDAP server using the GSSAPI method. | Fixed port 88 on the Active Directory domain controllers | |
| Microsoft Net Logon, SMB, and CIFS | Used by the NTLM v2 authentication method. | Fixed port 445 on the Active Directory domain controllers | |
| Open ID Connect providers | Used by the web authentication method. | 443 | |
| SMTP port | Used by Automation Services. | 25, 2525, or 587
Secure SMTP: 465, 25, or 587 |
|
| Databases and other services used by Information Services | JDBC-compliant data sources and other services used by Information Services listen to these ports. | Oracle database: 1521
SQL Server: 1433 Netezza: 5480 Otherwise, it varies. |
|
| JMX RMI port | If JMX RMI access is enabled, Spotfire Server opens a separate port for this purpose. | 1099 | Computers running monitoring clients must have access to this port. |
| JMX RMI port (Information Services) | If JMX RMI access is enabled, Information Services opens a separate port for this purpose. | 1100 | Computers running monitoring clients must have access to this port. |