Title	Port settings for installation

URL Name	000004240

Audience	Public

Product (Internal List) aiWare - aiWare

Body

As part of the installation and deployment of an aiWARE instance, you will need to ensure that certain nodes and services can communicate via port settings.

Ports required by aiWARE run modes

If you have a firewall, open the ports listed in the following table for each aiWARE node.

Setting the run mode on an aiWARE node determines which services run on that node, and therefore which ports must be open for those services to run. If a node has multiple run modes, then you must open all the ports for all the run modes on that node.

Run Mode	Port	Protocol	Description
agent (all modes)	8000	HTTP	Prometheus metrics collection.
services (app, api)	8443	HTTPS	Load balancer (LB) manages the communication to applications and APIs.
automate (automatestudio)	5000-6000	HTTP	Proxies connections to Automate Studio. Ports randomly generated.
controller	9000	HTTP	The API that nodes use for status, monitoring, alerting, and updates.
controller	8001	HTTP	Prometheus metrics and performance collection.
db	5432	TCP	PostgreSQL database for AI Data and AI Processing persistent data.
db	9187	HTTP	Prometheus metrics collection.
es	9200	HTTP	Elastic search (ES) index of persistent data. Application search indexes.
engine	9580	HTTP	Progress updates from engines to the agent proxy.
lb	8443	HTTPS	Load balancer that manages communication with applications and APIs
lb	8080	HTTP	Load balancer for applications and APIs that do not require SSL
minio	10000	HTTP	Persistent storage of imported and processed content. Application object storage.
nfs	2049	TCP	Shared storage via NFS. Particularly `/cache` and `/cache/N` where `N` is a NFS partition number.
nsq	4150, 4151, 4160, 4161	HTTP, TCP	Message queuing for AI Data and AI Processing services and Applications.
prometheus	9090	TCP	Prometheus metrics collection.
prometheus	9091	HTTP	Pushgateway for metrics collection.
prometheus	9093	HTTP	Alert Manager.
redis	6379	TCP	Caching and other temporary data storage of sessions, and searches. Application data storage.
registry	443	HTTP	Docker registry server hosting Docker engine and service images.
registry	9111	HTTP	Prometheus metrics collection.
storage	30051, 30551	HTTP	Secure file storage for engine and agent I/O, logging, and caching.

Ports required between aiWARE services

This section provides information about which services need to communicate with each other and over which ports that communication happens.

Connections from the aiware-agent

The aiware-agent is installed on every node (computer, vm) in the aiWARE instance. It connects to the following services over these ports.

Component	Target run mode	Port	Protocol and use
Agent	Controller	9000	HTTP: Agent also communicates with controller to handle specific tasks for that instance such as launching engine containers.
Agent	Registry	443	HTTP: Used for pulling Docker images. The agent attempts the following registry servers: Registry nodes, registry central, specified registry on the service or engine.
Agent	NFS	2049	TCP: Shared storage via NFS. Particularly /cache and /cache/N where 'N' is a NFS partition number.
Agent	Storage Server	30051, 30551	HTTP: Used for file storage

Connections to controller

Target run mode	Port	Protocol and use
LB (agent)	8443	HTTPS: If aiWARE instance has an LB/Services run mode, then all connections to controller are through LB

Connections from run modes

Source run mode	Target run mode	Port	Protocol and use
Controller (aiware-controller)	Automate	5000-6000	HTTP: Used for proxying HTTP connections to Automate Studio.
Controller (aiware-controller)	Redis	6379	TCP: Used for Redis.
Controller (aiware-controller)	NSQ	4150, 4151, 4160, 4161	HTTP, TCP Used for queuing
Controller (aiware-controller)	Prometheus	9090	TCP
Controller (aiware-controller)	Minio	10000	HTTP: Access to stored content
Engine (engine-instance)	Controller (Specific Instance)	9000	HTTP: If the controller websocket is listening for a task update, the engine instance POSTs the job and task status along with engine output to the controller that is listening for that task.
Engine (engine-instance)	Minio	10000	HTTP, TCP: Used for uploading processed content.
Prometheus (aiware-prometheus)	all agents	8000	HTTP: Used for agent /metrics.
Prometheus (agent)	Controller	9000	HTTP: Used for node discovery and alerting.
Services (core-*)	Redis	6379	TCP: aiWARE Data uses redis to store sessions, in progress searches and other items. Services/applications may use Redis as well in separate databases.
Services (core-*)	Elastic Search	9200	HTTP: aiWARE Data persists index data in elastic search. Services/applications can use ES indices as well.
Services (core-*)	DB	5432	TCP: aiWARE Data uses separate databases to persist information. Services/applications can use DB as well.
Services (core-*)	NSQ	4150, 4151, 4160, 4161	HTTP, TCP: aiWARE Data uses NSQ for eventing messages. Services/applications may use NSQ as well
Services (core-*)	Minio	10000	HTTP: aiWARE Data uses Min.io for Object Storage.
Services (core-*)	Services (Data)	8443	HTTPS: aiWARE Data uses LB for API access to aiWARE Data and other services.
Prometheus	Prometheus	9093	HTTP: Alert Manager
Engine	Prometheus	9091	HTTP: Pushgateway for Prometheus for Engine Toolkit metrics
Engine	Storage Server	30051, 30551	HTTP: File storage and logging
Engine	Agent Proxy	9580	HTTP: Progress updates
Prometheus	DB	9187	HTTP: metrics
Prometheus	Registry	9111	HTTP: metrics
Prometheus	Controller	8001	HTTP: metrics, pprof

Exposed ports outside of the aiWARE instance

Run Mode	Port	Protocol	Description
LB	8443	HTTPS	This is the external port that exposes the controller, and any services that are hosted. You can put this into a Load Balancer for HA. Expose this port to all networks that can have access to aiWARE
LB	8080	HTTP	HTTP variant of port 8443. This port does not work with applications that require secure cookies
Controller	9000	HTTP	If no LB node is in the cluster, expose this to the networks you want to have access to aiWARE