Skip to content

Network Connectivity Requirements

This topic covers the general network and connectivity requirements, including connection requirements, port allocation, and firewall and Intrusion Detection System (IDS) considerations.

A security mechanism exists that does not allow the Masking engine to deploy behind a reverse proxy on the network.

General Outbound Connections from the Virtual Machine Delphix Masking Engine

Protocol Port Numbers Use
TCP 25 Connection to a local SMTP server for sending email.
TCP/UDP 53 Connections to local DNS servers.
UDP 123 Connection to an NTP server.
UDP 162 Sending SNMP TRAP messages to an SNMP Manager.
TCP 443 HTTPS connections from the Delphix Engine to the Delphix Support upload server.
TCP/UDP 636 Secure connections to an LDAP server.
TCP/UDP various Connections to target environments such as databases (JDBC) and files (FTP, SFTP, NFS, or CIFS).

General Inbound Connections to the Virtual Machine Delphix Masking Engine

Protocol Port Numbers Use
TCP 22 SSH connections to the Delphix Engine.
TCP 80 HTTP connections to the Delphix GUI (optional). 
UDP 161 Messages from an SNMP Manager to the Delphix Engine.
TCP 443 HTTPS connections to the Delphix GUI.

General Outbound Connections from the Containerized Delphix Masking Engine

Containerized Masking is deployed as a Pod on a customer Kubernetes infrastructure rather than being a self-contained machine like the VM deployments. There is much underlying infrastructure (NTP, for example) that the VM deployment must manage, which is unnecessary for a containerized deployment. There are many features (again using time as one example) that a contanerized deployment requires from the underlying infrastructure, but since they are no longer managed by the Pod itself, they no longer appear in the list of networking requirements.

Protocol Port Numbers Use
TCP 25 Connection to a local SMTP server for sending email.
TCP/UDP 53 Connections to local DNS servers.
TCP/UDP various Connections to target environments such as databases (JDBC) and files (FTP, SFTP, NFS, or CIFS).

General Inbound Connections to the Containerized Delphix Masking Engine

Note

The inbound ports shown in the table below are all internal. The kubernetes config defines a service that routes customer supplied external facing ports to the listed internal ports allowing the customer to choose any ports that work best for their infra. The example config maps external port 30080 to internal port 8080 and external port 30443 to internal port 8443, but that is left entirely to customer discretion.

Protocol Port Numbers Use
TCP 8080 HTTP connections to the Delphix GUI (optional). 
TCP 8443 HTTPS connections to the Delphix GUI.

Firewalls and Intrusion Detection Systems (IDS)

Firewalls can add milliseconds to the latency between servers. Accordingly, for best performance, there should be no firewalls between the Delphix Masking Engine and the target environments. If the Delphix Masking Engine is separated from a target environment by a firewall, the firewall must be configured to permit network connections between the Delphix Masking Engine and the target environments for the application protocols (ports) listed above.

Intrusion detection systems (IDSs) should also be made permissive to the Delphix Masking Engine deployment. IDSs should be made aware of the anticipated high volumes of data transfer between the Delphix Masking Engine and target environments.