Port Usage
SuperADMIN and SuperSERVER present a very small TCP/IP "surface area" that also makes effective layer three firewalling simple to achieve. This makes it easy to configure stateful firewall rules to control ingress and egress for the network segment in which SuperADMIN and SuperSERVER are installed.
As shown here, most ports only need to be open for internal communication between components.
Ports that Must be Externally Accessible
The following ports are the only ports that must be accessible externally:
SuperADMIN | SuperWEB2 |
---|---|
9001 (User Registration and Password Resets) | 8080 (External end-user connections to Tomcat) |
The user registration system was introduced in SuperSTAR 9.9 so you need to ensure that port 9001 is accessible if upgrading from an earlier version and you want to enable user registration.
Ports that Must be Internally Accesible
The following ports need to be accessible on your internal network for communication between SuperADMIN, SuperSERVER, Metadata Server and the client applications:
SuperADMIN | SuperSERVER | Metadata Server |
---|---|---|
9000 (Configuration Server) | 9232 (CORBA IIOP protocol) | 8005 (CORBA communications) |
9001 (User Registration and Password Resets) | ||
9002 (The ZMQ subscription port for connections to SuperADMIN) | ||
9003 (The ZMQ message port for connections to SuperADMIN) | ||
9230 (CORBA IIOP) | ||
9231 (Java RMI-JRMP protocol - services) | ||
9234 (Java RMI-JRMP protocol - registry) | ||
9235 (Java RMI - SuperADMIN) | ||
9236 (Java RMI - SuperADMIN) |
The configuration server was introduced in SuperSTAR 9.0, so you will need to ensure that port 9000 is accessible if upgrading from an earlier version.
The ZMQ ports are used from version 9.9.2 onwards. The port numbers can be reconfigured using the SuperWEB2 configuration.properties file, so you will need to ensure the relevant ports are open if you have changed the configuration.
Port Usage Overview
The following diagram shows the SuperSTAR Port Usage. If any of these ports are not available it is possible to configure the relevant application to use other ports. Please refer to the configuration guide of the relevant product.