Groundplex requirements: Network
Network throughput
A running Groundplex requires connectivity to the SnapLogic Integration Cloud, as well as the cloud applications, which may be used in the processes/pipelines created and run in the solution. To optimize performance, SnapLogic provides the following guidelines for network throughput:
Network In | Network Out |
---|---|
Minimum value: 10MB/sec Recommended: 15MB/sec or more |
Minimum value: 5MB/sec Recommended: 10MB/sec or more |
Depends on usage. | Depends on usage. |
Network firewall requirements
To communicate with the SnapLogic Control Plane, Groundplexes use a combination of HTTP/HTTPS requests and WebSockets communication over the TLS (SSL) tunnel. For this combination to operate effectively, you must configure the firewall to allow the following network communication requirements:
Port | Protocol | Function |
---|---|---|
443 | TCP | HTTP outbound port in the firewall. Required for the Groundplex to work. |
8081 | TCP | HTTPS port used for communication between JCC nodes in a Snaplex. If not configured, you could get the message Unable to reach Snaplex neighbor - https://hostname:8081. |
8084 | TCP | The FeedMaster's HTTPS port. Requests for the pipelines are sent here, as well as some internal requests from other Groundplex nodes. |
8089 | TCP | The FeedMaster's embedded ActiveMQ broker SSL port. Other Groundplex nodes connect to this port to send or receive messages. |
- The nodes of a Snaplex need to communicate among themselves, so it is important that each node can resolve each other's host names. This requirement is crucial when you are making local calls into the Snaplex nodes for the execution of the Pipelines instead of initiating it through the SnapLogic Platform. The pipelines are load-balanced by SnapLogic with Tasks passed to the target node.
- Communication between the customer-managed Groundplex and the SnapLogic-managed S3 bucket is over HTTPS, with TLS enforced by default. The AWS-provided S3 URL also uses an HTTPS connection, with TLS enforced by default. If direct access from the Groundplex to the SnapLogic AWS S3 bucket is blocked, then the connection to the AWS S3 bucket communication falls back to a connection through the SnapLogic control plane that still uses TLS 1.2.
- To successfully implement the Zero Trust policy in any environment, use the following S3 URLs.
-
snaplogic.com is required for all users.
-
snaplogic-prod-sldb.s3.amazonaws.com and s3.amazonaws.com access is required for file operations that use
sldb
protocol (For example, FileReader / FileWriter Snaps that are configured to usesldb
protocol).
-
Details
- For HTTP port:
jcc.jetty_port = 8x89
- For HTTPS port:
jcc.cc_secure_port = 8x81
Firewall settings
To communicate with the SnapLogic Integration Cloud, a SnapLogic Groundplex uses a combination of HTTPS requests and WebSockets communication over the TLS (SSL) tunnel.
In addition, SnapLogic recommends the following settings:
- HTTP HEAD. Without HEAD support, a full GET requires more time and bandwidth.
- Compression. If not configured, data transfer is slower.
- Use of Snaps with proxy support. If the Snap uses an HTTP client without proxy support, the Pipeline might fail.
- The nodes of a Snaplex need to communicate among themselves directly.
If an HTTP proxy is already used for communication with the control plane and external applications,
the Snaplex nodes must not use that proxy for communications with other nodes.
To prevent Snaplex nodes from using an HTTP proxy, set the
nonProxyHosts
configuration appropriately. - Communication between the customer-managed Groundplex and the SnapLogic-managed S3 bucket is over HTTPS with TLS enforced by default. The AWS-provided S3 URL also uses an HTTPS connection with TLS enforced by default. If direct access from the Groundplex to the SnapLogic AWS S3 bucket is blocked, then the communication is routed through the SnapLogic control plane using a connection with TLS 1.2.
Snap ports
In the SnapLogic Platform, the Snaps communicate with the applications. The protocols and ports required for application communication are mostly determined by the endpoint applications themselves, and not by SnapLogic.
Cloud/SaaS applications typically communicate using HTTPS. However, older applications and non-cloud/SaaS applications might have their own requirements. Examples:
Application | Protocol | Default port |
---|---|---|
Salesforce | HTTPS | 443 |
RedShift | TCP | 5439 |
Oracle | TCP | 1521 |
Netezza | TCP | 5480 |
Each of these application connections might allow the use of a proxy for the network connection. However, using a proxy is a configuration option in the application, not in SnapLogic.