Security groups are virtual firewalls for your Amazon instances. In order for you
and the Cluster Manager to communicate with the cluster nodes, you must open a few
specific ports. The following describes how to create the Transfer Node Security
Group.
-
Click Add Rule and create an inbound rule for each of
the ports and protocols listed below to enable connectivity from external
systems.
Type Protocol Port Range Source Port Range Description Custom TCP Rule TCP 443 Anywhere 0.0.0.0/0 The Cluster Manager and external systems communicate to the asperanoded service on this port. Custom TCP Rule TCP 33001 Anywhere 0.0.0.0/0 The fasp protocol uses this port to connect to the node. Custom UDP Rule UDP 33001 Anywhere 0.0.0.0/0 The fasp protocol uses this port to connect to the node. SSH TCP 22 Anywhere 0.0.0.0/0 (or your custom IP address) Administrators use this port to SSH into the node. Custom TCP Rule TCP 43001 - 43010 Custom
VPC subnet of cluster nodes
Nodes use this port for node-to-node communication through ScaleKV. Custom TCP Rule TCP 5002 Custom
VPC subnet of cluster nodes
When launched, nodes use this port to retrieve launch configuration information from other nodes if the Cluster Manager is unreachable. Note: The transfer node runs SSH on port 22 for administrative purposes only. You must use an SSH key when connecting through this port.For security reasons, Aspera recommends restricting access to port 22 to your own IP address and the subnet used by your transfer nodes.
To do so, configure the SSH TCP rule as follows:
- Set the Source to Custom.
- Set the Port Range to your IP address and the subnet used by your transfer nodes.
