[DOCS-4215] Could we document what IPs / ports need to be open for MMS? Created: 21/Oct/14  Updated: 16/Mar/15  Resolved: 28/Oct/14

Status: Closed
Project: Documentation
Component/s: Cloud Manager
Affects Version/s: None
Fix Version/s: v1.3.13

Type: Task Priority: Critical - P2
Reporter: Joanna Cheng Assignee: Bob Grabar
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Duplicate
is duplicated by DOCS-3564 MMS Cloud: Document list of externall... Closed
Related
is related to DOCS-4238 MMS Provisioning: More information on... Closed
is related to DOCS-4377 MMS IP addresses Closed
Participants:
Days since reply: 9 years, 15 weeks, 1 day ago

 Description   

Some customers will be deploying on their own hardware, behind their own firewalls, and will want to know what IPs to allow, which ports to open, etc

This is also true for customers who have their own AWS security groups, and need to know what IPs / ports to allow



 Comments   
Comment by Githook User [ 04/Nov/14 ]

Author:

{u'username': u'bgrabar', u'name': u'Bob Grabar', u'email': u'bob.grabar@10gen.com'}

Message: DOCS-4238 limit SSH access to specific ranges.
DOCS-4215 document what IPs / ports need to be open for MMS.
Branch: master
https://github.com/10gen/mms-docs/commit/23a402059d46d365dbc466daba6840b26a54bab9

Comment by Daniel Medina (Inactive) [ 27/Oct/14 ]

Commented on the PR.

Comment by Cailin Nelson [ 27/Oct/14 ]

This information is only for Cloud.

Why does http://mms.mongodb.com/help-hosted/current/reference/on-prem/ need renaming?

Comment by Cailin Nelson [ 25/Oct/14 ]

This is not a duplicate of DOCS-3564. DOCS-3564 is a subset of what is requested here, so we could close DOCS-3564 as a dup of this.

The IPS/ports information requested can be broken down into the following categories:

On my servers, what outbound ports need to be open to outside world?

The answer here is the same for servers provisioned by MMS an self-provisioned servers. The answer is 443.

If I wish to restrict outbound access on 443 to specific IPS, what are the IPs?

The MMS web servers use IPs 54.221.213.229 and 75.101.156.249 . The MMS Agents will GET AND POST to these IPs on port 443.

(This is the topic of DOCS-3564. It is quite unusual to restrict outbound traffic in this way.)

If I am not using MMS Provisioning, what inbound ports do I need to have open to MMS?

None.

If I want to use MMS Provisioning, what inbound ports do I need to have open to MMS?

This is DOCS-4238

What ports do I need to have open within my own network?

The "MongoDB ports" must be open within your own network. I.e. if you are running MongoDB processes on 27000, 27017 and 27020, then those 3 ports must be open within your own network.

When using m5, the above is strictly true. All ports must be accessible from every server involved in your MMS Deployment.

When using Classic, all ports only need to be open from the servers hosting the Monitoring Agent and Backup Agent.

Generated at Thu Feb 08 07:47:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.