by Oliver Choy

Created

May 17, 2013

I came across a few projects in the past that required CQ implementations spanning multiple data centers thus needing tons of firewall rules. Like many enterprise environments, the process of filing firewall requests (to open a few holes), to scheduling outage windows and all the way to getting the rules in place, can easily take up a week or two, if not days. Not to mention that the same process probably have to be repeated multiple times (DEV, QA, Staging, Production…). This is especially hard if your organization is using CQ for the very first time, as there are rules usually missed.

So I wanted to use this post to capture the port that should be opened in a typical CQ set up. In the following tables, I’m assuming:

  • CQ Author running on default port 4502
  • CQ Publish running on default port 4503
  • Dispatcher/Webserver running on port 80/443.

Replication from CQ Author to CQ Publish

+---------------+-------------+--------------------+------------------+
| Source Server | Source Port | Destination Server | Destination Port |
+---------------+-------------+--------------------+------------------+
| CQ Author     | 4502        | CQ Publish         | 4503             |
+---------------+-------------+--------------------+------------------+

Cache Flushing from CQ Publish to Dispatcher

+---------------+-------------+--------------------+------------------+
| Source Server | Source Port | Destination Server | Destination Port |
+---------------+-------------+--------------------+------------------+
| CQ Publish    | 4503        | Dispatcher         | 80 / 443         |
+---------------+-------------+--------------------+------------------+

Clustering CQ (2 instances)

+-----------------+-------------+--------------------+------------------+
| Source Server   | Source Port | Destination Server | Destination Port |
+-----------------+-------------+--------------------+------------------+
| CQ (Auth1/Pub1) | 8088        | CQ (Auth2/Pub2)    | 8088             |
+-----------------+-------------+--------------------+------------------+

Range of ports listed at http://dev.day.com/docs/en/cq/current/core/administering/cluster.html

Reverse Replication from CQ Publish to CQ Author

+---------------+-------------+--------------------+------------------+
| Source Server | Source Port | Destination Server | Destination Port |
+---------------+-------------+--------------------+------------------+
| CQ Publish    | 4503        | CQ Author          | 4502             |
+---------------+-------------+--------------------+------------------+

Dispatcher retrieving published content

+---------------+-------------+--------------------+------------------+
| Source Server | Source Port | Destination Server | Destination Port |
+---------------+-------------+--------------------+------------------+
| CQ Dispatcher | 80 / 443    | CQ Publish         | 4503             |
+---------------+-------------+--------------------+------------------+

If there is a dispatcher sitting in front of Clustered Author

+-------------------+-------------+--------------------+------------------+
| Source Server     | Source Port | Destination Server | Destination Port |
+-------------------+-------------+--------------------+------------------+
| CQ Author         | 4502        | Author Dispatcher  | 80 / 443         |
+-------------------+-------------+--------------------+------------------+
| Author Dispatcher | 80 / 443    | CQ Author          | 4502             |
+-------------------+-------------+--------------------+------------------+
| CQ Author1        | 8088        | CQ Author2         | 8088             |
+-------------------+-------------+--------------------+------------------+

And finally, there are also services being integrated. An example would be port 389 for LDAP / Active Directory. Don’t forget those!