Server Communications
Overview
In order for the AppsAnywhere Analytics server to operate, there are a number of inbound and outbound communications that must be enabled. The Analytics server itself will restrict these communications accordingly using its own, internal firewall, however they are documented here for informational purposes.
It is recommended that access for Analytics users is provisioned on an internal network only. See port 9999 TCP under Inbound Traffic (Internal) of the Connectivity Requirements (Firewall Rules) section.
All connections to the Analytics server should be blocked by an internal network firewall apart from the ones specified here. This article details all of the connections, inbound and outbound, that Analytics Server will need to make as part of it's general operations.
Connectivity Requirements (Firewall Rules)
You will need to ensure that your network and firewalls are configured to permit the required traffic to and from your Analytics server. The following tables detail the connectivity required, grouped according to the origin of the network traffic.
Internal Destinations should be amended to match your internal servers and services.
You do not need to configure any firewall rules on the Analytics server itself, as the virtual appliance is preconfigured with the required firewall rules.
All traffic is bi-directional.
Inbound Traffic (Internal)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
Analytics Viewer/Explorer (end user) devices | analytics.uni.edu | 9999 TCP | Retrieving content to be embedded into AppsAnywhere Analytics user interface and is required from all Analytics Viewer/Explorer (end user) devices (note: this is only the named Analytics Viewers/Explorers users and not all users of AppsAnywhere). It is recommended that access is only available on the internal network. |
AppsAnywhere Servers | analytics.uni.edu | 19999 TCP | Authorizing sessions for AppsAnywhere Analytics and pulling data on behalf of AppsAnywhere Analytics UI and is only required from the AppsAnywhere Servers |
AppsAnywhere Remote Access via VPN or Windows Jumphost | analytics.uni.edu | 22 TCP | AppsAnywhere remote support for installation, configuration and upgrades |
Outbound Traffic (Internal)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
Analytics Server | MSSQL.uni.edu | 1433 TCP | Connection to your SQL database |
Analytics Server | MSSQL.uni.edu | 1433 UDP | Connection to your SQL database |
Outbound Traffic (External)
Sources | Port | Usage |
|---|---|---|
Analytics Server | 123 UDP | CentOS (Chrony) Time Service |
Analytics Server | 443 TCP | Appliance ACC, Daily License Check and CentOS updates |
Analytics Server | 80 TCP | CentOS updates |
Analytics Server | 587 TCP | Email alerts via SMTP |
External Destinations
Optionally, you may wish to apply more specific firewall rules for outbound connections from your Analytics server.
The following table provides details of all the outbound destinations that Analytics requires access to during normal operation.
Source | External Destination | Port | Usage |
|---|---|---|---|
Analytics Server | 0.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics Server | 1.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics Server | 2.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics Server | 3.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics Server | mirrorlist.centos.org | 80 TCP | CentOS Update Repository |
Analytics Server | cdn.remirepo.net | 80 TCP | CentOS Update Repository |
Analytics Server | rpms.remirepo.net | 443 TCP | CentOS Update Repository |
AppsAnywhere | mirrors.fedoraproject.org | 443 TCP | CentOS Update Repository |
Analytics Server | s2public.blob.core.windows.net | 443 TCP | ACC Updates |
Analytics Server | software2-public.azureedge.net | 443 TCP | ACC Updates |
Analytics Server | bitbucket.org | 443 TCP | Analytics model and ML updates used by reports and the reporting schema |
Analytics Server | license.looker.com | 443 TCP | Daily heartbeat to licensing server |
Analytics Server | smtp.sendgrid.net | 587 TCP | Email alerts via SMTP |