Products | Versions |
---|---|
TIBCO OpenSpirit Runtime | v4.3 |
Due to security vulnerabilities, clients are often leery of opening all ports for access. Therefore, the question commonly asked is “can OSP be assigned to a unique, single port or port range? “
The OpenSpirit Developers offer the detailed explanation below:
OpenSpirit utilizes CORBA for inter-process communication. CORBA is a point-to-point communications protocol where communication flows between client applications, data servers, the OpenSpirit notification service process and the OpenSpirit Shared Services process. These processes dynamically allocate port addresses. The range of port numbers used for the dynamically allocated ports are in the ephemeral port range, which could be from 1024-65535 depending on your servers specific port range settings. We do not currently provide a way to restrict the port range, so it could be any available port in the ephemral range. You cannot close any ports as the OpenSpirit notification services dynamically allocate ports for inter-process communication, and we do not currently provide a way to restrict the port range.
On Windows, the default built-in firewall is capable of excluding certain executables from firewall rules. As of this article publish date, Linux does not have the same capability with its built in firewalls (IPTables/Firewalld) to our knowledge. Contact your system administrator to determine if you can exclude the OpenSpirit binaries from the specific firewall application in-use on your specific network and operating system. If not, either the firewall must be turned off or the firewall cannot exclude any ports within your ephemeral port range.