MettleCI - Firewall Rules & Security
- John McKeever
- Drew Nuttall-Smith
NOTE
MettleCI Workbench uses your existing Information Server authentication scheme so users login to Workbench using their DataStage Designer credentials.
If you wish to configure MettleCI to use HTTPS you can either use the self-signed certificate generated during the MettleCI Workbench installation, or provide one yourself. We will work with you to describe how your certificate renewal process will work with MettleCI's components. See IBM's page on Storing certificates for client applications.
Firewall Rules
Host | Component | Windows Service Name | External Port | Internal Port | Comment |
|---|---|---|---|---|---|
MettleCI Agent Host | Build Agent | As required | n/a | As required | |
MettleCI Agent Host | DataStage Designer Client | n/a | n/a | As required | Interfacing MettleCI to Information Server via whichever port you are currently using for DataStage clients. This Designer Client is exclusively for MettleCI automated use only. Internal port is set based on customer standards, and/or as required by IBM. |
MettleCI Agent Host | Windows Remote Desktop | Remote Desktop Services | 3389 (default) | n/a | As required by your organisation |
DataStage Development Engine Tier | MettleCI Workbench | MettleCI Workbench | 8080 & 8081 | 8080 & 8081 | Browser-based user interface for Unit Test specification and results, Compliance invocation, and Git check in. Note that these ports are configurable. Port 8081 is required only for the exposure of MettleCI diagnostic output. |
DataStage Development Engine Tier | Installation access | SSH | 22 | n/a | The Customer Engineer (who will perform the installation and commissioning of MettleCI under our remote guidance) will require port 22 (SSH) open on the DataStage Engine tier for the duration of the installation process. |
DataStage Development Engine Tier | Information Server processes | As required | As required | As required | As supported by O/S, configured by customer, and/or required by IBM |
DataStage Development Engine Tier | SSH server process | As required | As required | As required | As supported by O/S, configured by customer, and/or required by IBM |
DataStage Development Services Tier | Information Server processes | As required | As required | As required | As supported by O/S, configured by customer, and/or required by IBM |
DataStage Development Services Tier | Information Server Operations Console | As required | 9443 (default) | 9443 (default) | As supported by O/S, configured by customer, and/or required by IBM |
DataStage Development Services Tier | Information Governance Catalog REST API | As required | 9443 (default) | 9443 (default) | As supported by O/S, configured by customer, and/or required by IBM |
Public Internet Access
Ideally, developers, testers, and any other MettleCI users should be provided with unfiltered HTTP (port 80) and HTTPS (port 443) internet access to the following domains for installation support purposes only:
*.mettleci.com (for access to the self-service MettleCI Report Card)
*.mettleci.io (documentation and software downloads)
datamigrators.atlassian.net (support portal)
MettleCI itself does not access the internet.
© 2015-2024 Data Migrators Pty Ltd.