Groundplex requirements: Network

Network throughput

A running Groundplex requires connectivity to the SnapLogic Integration Cloud, as well as the cloud applications, which may be used in the processes/pipelines created and run in the solution. To optimize performance, SnapLogic provides the following guidelines for network throughput:

Network In Network Out
Minimum value: 10MB/sec

Recommended: 15MB/sec or more

Minimum value: 5MB/sec

Recommended: 10MB/sec or more

Depends on usage. Depends on usage.

Network firewall requirements

To communicate with the SnapLogic Control Plane, Groundplexes use a combination of HTTP/HTTPS requests and WebSockets communication over the TLS (SSL) tunnel. For this combination to operate effectively, you must configure the firewall to allow the following network communication requirements:

Port Protocol Function
443 TCP HTTP outbound port in the firewall. Required for the Groundplex to work.
8081 TCP HTTPS port used for communication between JCC nodes in a Snaplex.

If not configured, you could get the message Unable to reach Snaplex neighbor - https://hostname:8081.

8084 TCP The FeedMaster's HTTPS port. Requests for the pipelines are sent here, as well as some internal requests from other Groundplex nodes.
8089 TCP The FeedMaster's embedded ActiveMQ broker SSL port. Other Groundplex nodes connect to this port to send or receive messages.
  • The nodes of a Snaplex need to communicate among themselves, so it is important that each node can resolve each other's host names. This requirement is crucial when you are making local calls into the Snaplex nodes for the execution of the Pipelines instead of initiating it through the SnapLogic Platform. The pipelines are load-balanced by SnapLogic with Tasks passed to the target node.
  • Communication between the customer-managed Groundplex and the SnapLogic-managed S3 bucket is over HTTPS, with TLS enforced by default. The AWS-provided S3 URL also uses an HTTPS connection, with TLS enforced by default. If direct access from the Groundplex to the SnapLogic AWS S3 bucket is blocked, then the connection to the AWS S3 bucket communication falls back to a connection through the SnapLogic control plane that still uses TLS 1.2.
  • To successfully implement the Zero Trust policy in any environment, use the following S3 URLs.

Details

If another application already uses one of the JCC ports used by SnapLogic, the JCC nodes do not complete a full start cycle. The workaround is to override the default port by assigning the following entries in the global properties to ports that are available:
  • For HTTP port: jcc.jetty_port = 8x89
  • For HTTPS port: jcc.cc_secure_port = 8x81

Firewall settings

To communicate with the SnapLogic Integration Cloud, a SnapLogic Groundplex uses a combination of HTTPS requests and WebSockets communication over the TLS (SSL) tunnel.

In addition, SnapLogic recommends the following settings:

  • HTTP HEAD. Without HEAD support, a full GET requires more time and bandwidth.
  • Compression. If not configured, data transfer is slower.
  • Use of Snaps with proxy support. If the Snap uses an HTTP client without proxy support, the Pipeline might fail.
Note:
  • The nodes of a Snaplex need to communicate among themselves directly. If an HTTP proxy is already used for communication with the control plane and external applications, the Snaplex nodes must not use that proxy for communications with other nodes. To prevent Snaplex nodes from using an HTTP proxy, set the nonProxyHosts configuration appropriately.
  • Communication between the customer-managed Groundplex and the SnapLogic-managed S3 bucket is over HTTPS with TLS enforced by default. The AWS-provided S3 URL also uses an HTTPS connection with TLS enforced by default. If direct access from the Groundplex to the SnapLogic AWS S3 bucket is blocked, then the communication is routed through the SnapLogic control plane using a connection with TLS 1.2.

Snap ports

In the SnapLogic Platform, the Snaps communicate with the applications. The protocols and ports required for application communication are mostly determined by the endpoint applications themselves, and not by SnapLogic. 

Cloud/SaaS applications typically communicate using HTTPS. However, older applications and non-cloud/SaaS applications might have their own requirements. Examples:

Application Protocol Default port
Salesforce HTTPS 443
RedShift TCP 5439
Oracle TCP 1521
Netezza TCP 5480

Each of these application connections might allow the use of a proxy for the network connection. However, using a proxy is a configuration option in the application, not in SnapLogic.