Configuring the IP network ports
A DataMiner System makes extensive use of TCP/IP communication. Below, you find an overview of the TCP and UDP ports being used, as well as instruction on how to change port configurations. This information will especially prove useful when you have to configure firewalls in your network.
In new DataMiner installations from DataMiner 10.1.11/10.2.0 onwards, only the essential ports are opened by default (80, 8004, as well as 162 from DataMiner 10.1.12 onwards). To make use of DataMiner functionality that requires additional ports, you will need to manually create a firewall rule for those ports.
See also: DataMiner hardening guide
Overview of IP ports used in a DMS
Default port: 8004/tcp
|Inter-DMA communication (unless gRPC is configured instead)
DataMiner Cube (unless gRPC is configured instead)
|Inter-DMA communication (if gRPC is configured)
Web apps (e.g. Monitoring, Jobs)
|Cassandra: non-TLS setup (inter-node communication in Failover setups)
|Cassandra: TLS setup (available from DataMiner 10.1.3 onwards)
|Cassandra: cluster backups
|Cassandra: non-TLS setup (server listening for client requests)
|Cassandra: TLS setup (server listening for client requests)
|OpenSearch/Elasticsearch (inter-node communication)
|NATS (required from DataMiner 10.1.1 onwards)
|NATS Monitoring (relevant from DataMiner 10.1.1 onwards)
|NATS Account Server (required from DataMiner 10.1.1 onwards)
|dataminer.services endpoint hosted in DataMiner CloudGateway (by default required from DataMiner 10.3.6/10.4.0/CloudGateway 2.10.0 onwards)
|Stream (by default disabled from DataMiner 9.6.5 onwards)
- When viewing Stream via DataMiner Cube, access to port 23/tcp is not required. Access is only required when using a Telnet client. However, note that Telnet is by default disabled from DataMiner 9.6.5 onwards. For more information on how to enable this, see DataMiner.xml
- Prior to DataMiner 10.0.8, ports 7001, 7199, 9142 and 9160 are opened during Cassandra installation. However, from DataMiner 10.0.8 onwards, only the essential ports 7000 and 9042 are opened.
- Prior to DataMiner 10.1.0 CU10 and 10.2.1, port 8222 is also opened for NATS monitoring. In later DataMiner versions, we recommend manually opening the port in order to be able to debug NATS. With port 8222, you can extract metrics and performance indicators from the NATS message broker, which in turn may allow you to debug if required. However, for maximum security, only expose port 8222 on internal networks to prevent the leaking of sensitive information.
A problem can occur where port 9090 is already used by a third-party software. For more information, see Default NATS port is already in use.
Graphical representation of IP communication within a DMS
The diagrams below show how communication within a DMS could be set up. The blue lines indicate the communication towards the databases (in this case an OpenSearch and Cassandra cluster of three nodes each).
Using gRPC (recommended from DataMiner 10.3.6/10.3.0 [CU3] onwards):
Using .NET Remoting:
We do not recommend letting a DMA connect to another DMA via Web Services. From DataMiner 10.0.11, connecting via Web Services is no longer supported.
To verify if your DataMiner cluster is working correctly, you can run the Check Cluster SLNet Connections BPA test.