Info

NOTE

MettleCI Workbench uses your existing Information Server authentication scheme so users login to Workbench using their DataStage Designer credentials.
If you wish to configure MettleCI to use HTTPS you can either use the self-signed certificate generated during the MettleCI Workbench installation, or provide one yourself. We will work with you to describe how your certificate renewal process will work with MettleCI's components. See IBM's page on Storing certificates for client applications.

Firewall Rules

Host	Component	Windows Service Name	External Port	Internal Port	Comment
MettleCI Host

MettleCI Scheduler

n/a

8081

The MettleCI Scheduler (Azkaban) operates internally on port 8081, and does not need to expose an external interface outside the MettleCI Host.

MettleCI Host

MettleCI Wallboard

n/a

5000

The MettleCI Wallboard operates internally on port 5000, and does not need to expose an external interface outside the MettleCI Host.

MettleCI Host

CI/CD

Build Agent	As required	n/a	As required
MettleCI Host	DataStage Designer Client	n/a	n/a	As required	Interfacing MettleCI to Information Server via whichever port you are currently using for DataStage clients. This Designer Client is exclusively for MettleCI automated use only. Internal port is set based on customer standards, and/or as required by IBM.
MettleCI Host	Windows Remote Desktop	Remote Desktop Services	3389 (default)	n/a
DataStage Development Engine Tier	MettleCI Workbench	MettleCI Workbench	8080 & 8081	8080 & 8081	Browser-based user interface for Unit Test specification and results, Compliance invocation, and Git check in. Note that these ports are configurable. Port 8081 is required only for the exposure of MettleCI diagnostic output.
DataStage Development Engine Tier

Customer Engineer's access during installation

Installation access	SSH	22	n/a	The Customer Engineer (who will perform the installation and commissioning of MettleCI under our remote guidance) will require port 22 (SSH) open on the DataStage Engine tier for the duration of the installation process.
DataStage Development Engine Tier	Information Server processes	As required	As required	As required	As supported by O/S, configured by customer, and/or required by IBM
DataStage Development Engine Tier	SSH server process	As required	As required	As required	As supported by O/S, configured by customer, and/or required by IBM
DataStage Development Services Tier	Information Server processes	As required	As required	As required	As supported by O/S, configured by customer, and/or required by IBM
DataStage Development Services Tier	Information Server Operations Console	As required	9443 (default)	9443 (default)	As supported by O/S, configured by customer, and/or required by IBM
DataStage Development Services Tier	Information Governance Catalog REST API	As required	9443 (default)	9443 (default)	As supported by O/S, configured by customer, and/or required by IBM

MettleCI Host Firewall Rules

Column

width	50%

Inbound

Port	Protocol	Remote Address	Application	Comment
8081	TCP	As required	MettleCI Scheduler	Developers need to be able to access the MettleCI Scheduler (Azkaban) in their browser
5000	TCP	As required	MettleCI Wallboard	Developers need to be able to access the MettleCI Wallboard in their browser

Column

width	50%

Outbound

Port	Protocol	Remote Address	Reason

TCP

Public Internet Access

Ideally, developers, testers, and any other MettleCI users should be provided with unfiltered HTTP (port 80) and HTTPS (port 443) internet access to the following domains for installation support purposes only:

...

Versions Compared

Old Version 8

New Version 9

Key

Firewall Rules

MettleCI Host Firewall Rules

Inbound

Outbound

Public Internet Access

Page Comparison

Versions Compared

Old Version 8

New Version 9

Key

Firewall Rules

MettleCI Host Firewall Rules

Inbound

Outbound

Public Internet Access