Information related to internode communication, PKI certificate, and ports used in Veritas Data Insight:
Article ID: 100049408
Updated On:
Description
Details
Veritas Data Insight secures communication between Data Insight Servers using mutual TLS, all traffic between servers is encrypted and authenticated using public/private certificates generated by Data Insight during configuration.
When Data Insight components are all installed on a single node (also called a ‘Single Tier’ installation), there is no internode communication but the commd service is still secured by mutual TLS, so it cannot be accessed externally.
During Data Insight Management server configuration, a PKI certificate is generated for the Management Server. During Worker node configuration, the certificate is distributed and subsequently used to negotiate authentication from the Worker Node to the Management Server node. All this traffic is also encrypted using TLS.
List of Ports from our SCL
|
Component |
Default Port |
|
Management Server |
Management Console, HTTPS port 443 |
|
|
Communication service, HTTPS port 8383 |
|
|
DataInsightConfig service, port 8282 |
|
|
Workflow Service HTTPS, port 8686 |
|
|
Standard RPC ports 139 and 445 |
|
|
|
|
Collector worker node Indexer plus Collector worker node |
Communication service, HTTPS port 8383 |
|
|
Standard RPC ports 139 and 445 |
|
|
DataInsightConfig service, port 8282 |
|
|
NetApp Cluster-Mode service, TCP port 8787 |
|
|
(configurable) |
|
|
Generic Collector service, HTTPS port 8585 |
|
|
(configurable) |
|
|
|
|
|
|
|
Indexer/ Worker Node |
Communication service, HTTPS port 8383 |
|
|
DataInsightConfig service, port 8282 |
Veritas does not currently support importing externally generated certificates or using an external CA to acquire certificates when configuring the internode communication in versions prior to 7.0.
