When using a firewall (or security group, network ACL, etc.) to restrict traffic within the network containing the LifeKeeper cluster nodes, the following types of traffic must be allowed in order for the LKWMC to function properly:
- For all LifeKeeper cluster nodes, allow traffic on TCP port 5000 (or the custom REST API server port, RESTAPI_PORT, as described in Modifying the REST API Server Port from each node where the GUI server will run. This allows the GUI server to communicate with the REST API server on all cluster nodes.
- If clients will connect directly to the node where the GUI server is running (e.g., if the node is located in a public subnet in a cloud environment), then on each node where the GUI server will run, allow traffic on TCP port 5110 (or the custom GUI server port, WEBUI_PORT, described in Modifying the GUI Server Port from each client system that will connect to the LKWMC.
- If the node where the GUI server is running is located in a private subnet or is otherwise not directly accessible by clients needing to connect to the LKWMC, it is possible to use port forwarding to connect to the LKWMC through a bastion host located in a public subnet. See Connecting to the LKWMC Through a Bastion Host in a Cloud Environment for more details.
Post your comment on this topic.