I have searched and had various helpful posts and instruction manuals, but nothing concrete, so I just thought I would ask the community.
We have been running our multi-tier environment for a few years now, wide open (no firewall). We now must implement a firewall, per company security. Our sas installer has been hesitant to assist in this endeavor. We are running Oracle 6.8, if that helps or matters. Our environment structure will be listed below in the outline and our proposed method.
Tools that people are using: VA, SMC, EG, Text Miner, SAS DI Studio, SAS Studio, Environment Manager, Document Conversion Server.
Global rules:
- All outbound will be open.
- Between the 7 sas servers, all ports and protocols will be open.
- Ping is open to a specific server (network monitoring server)
- Loopback is enabled
- Port 22 is open for SSH
SAS client tools port rules:
Web:
7980 # SAS Web Server HTTP Port
8343 # SAS Web Server HTTPS Port
7080 # Environment Manager HTTP
7443 # Environment Manager HTTPS
Meta:
8561 # Management Console
8591 # Enterprise Guide
Compute:
8701 # pooled workspace server port
8591 # Enterprise Guide
8601, 8611, 8621, 8631 # stored process server port
5308 # idk what this one is used for, but installer did mention it
VA:
8701 # pooled workspace server port
VA worker 1-3:
Nothing SAS specific has been opened
At first I was concerned about ldap and odbc database connections, but then realized they would be covered under outgoing. So is there anything else that I may have missed or need to open. Or does this path forward appear to be good?