Overview

In order for the AppsAnywhere Analytics server to operate, there are a number of inbound and outbound communications that must be enabled. The Analytics server itself will restrict these communications accordingly using its own, internal firewall, however they are documented here for informational purposes.

It is recommended that access for Analytics users is provisioned on an internal network only. See port 9999 TCP under Inbound Traffic (Internal) of the Connectivity Requirements (Firewall Rules) section.

All connections to the Analytics server should be blocked by an internal network firewall apart from the ones specified here. This article details all of the connections, inbound and outbound, that Analytics Server will need to make as part of it's general operations. 

Connectivity Requirements (Firewall Rules)

You will need to ensure that your network and firewalls are configured to permit the required traffic to and from your Analytics server.  The following tables detail the connectivity required, grouped according to the origin of the network traffic.

Internal Destinations should be amended to match your internal servers and services.

You do not need to configure any firewall rules on the Analytics server itself, as the virtual appliance is preconfigured with the required firewall rules.

All traffic is bi-directional.

Inbound Traffic (Internal)

Sources

Internal Destination

Port

Usage

Analytics Viewer/Explorer (end user) devices

analytics.uni.edu

9999 TCP

Retrieving content to be embedded into AppsAnywhere Analytics user interface and is required from all Analytics Viewer/Explorer (end user) devices (note: this is only the named Analytics Viewers/Explorers users and not all users of AppsAnywhere).

It is recommended that access is only available on the internal network.

AppsAnywhere Servers

analytics.uni.edu

19999 TCP

Authorizing sessions for AppsAnywhere Analytics and pulling data on behalf of AppsAnywhere Analytics UI and is only required from the AppsAnywhere Servers

AppsAnywhere Remote Access via VPN or Windows Jumphost

analytics.uni.edu

22 TCP

AppsAnywhere remote support for installation, configuration and upgrades

Outbound Traffic (Internal)

Sources

Internal Destination

Port

Usage

Analytics Server

MSSQL.uni.edu

1433 TCP

Connection to your SQL database

Analytics Server

MSSQL.uni.edu

1433 UDP

Connection to your SQL database

Outbound Traffic (External)

Sources

Port

Usage

Analytics Server

123 UDP

CentOS (Chrony) Time Service

Analytics Server

443 TCP

Appliance ACC, Daily License Check and CentOS updates

Analytics Server

80 TCP

CentOS updates

Analytics Server

587 TCP

Email alerts via SMTP

External Destinations

Optionally, you may wish to apply more specific firewall rules for outbound connections from your Analytics server.

The following table provides details of all the outbound destinations that Analytics requires access to during normal operation.

Source

External Destination

Port

Usage

Analytics Server

0.centos.pool.ntp.org

123 UDP

CentOS Time Service

Analytics Server

1.centos.pool.ntp.org

123 UDP

CentOS Time Service

Analytics Server

2.centos.pool.ntp.org

123 UDP

CentOS Time Service

Analytics Server

3.centos.pool.ntp.org

123 UDP

CentOS Time Service

Analytics Server

mirrorlist.centos.org

80 TCP

CentOS Update Repository

Analytics Server

cdn.remirepo.net

80 TCP

CentOS Update Repository

Analytics Server

rpms.remirepo.net

443 TCP

CentOS Update Repository

AppsAnywhere

mirrors.fedoraproject.org

443 TCP

CentOS Update Repository

Analytics Server

s2public.blob.core.windows.net

443 TCP

ACC Updates

Analytics Server

software2-public.azureedge.net

443 TCP

ACC Updates

Analytics Server

bitbucket.org

443 TCP

Analytics model and ML updates used by reports and the reporting schema

Analytics Server

license.looker.com

443 TCP

Daily heartbeat to licensing server

Analytics Server

smtp.sendgrid.net

587 TCP

Email alerts via SMTP