Appendix: Ports required for Kyvos
Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace
Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)
This section provides information about ports required for Kyvos.Â
List of ports required for Kyvos:
Kyvos Component | Port Name | Port Number | Source | Description |
---|---|---|---|---|
BI Server Server | REST Server Port | 6803 | Web Portal Server, BI Server, Query Engines | Port that receives the REST calls. |
Listener Port | 45450 | Web Portal Server | Port at which the Kyvos BI Server listens. | |
Thrift Port | 45460 | Query Engines, EMR, Dataproc, Databricks | Coordination Master listener port on which the Kyvos BI Server listens. Kyvos semantic model process jobs will communicate on this port and share the metadata with the BI Server. | |
JMX Port | 6602 | Port that receives the Kyvos BI Server’s health. Required only when JMX is enabled. | ||
Query Engine | REST Server Port | 6903 | BI Server | Port that receives the Kyvos Query Engine’s health status. |
Listener Port (Thrift Server Port) | 45440 | BI Server | Port at which the Kyvos Query Engine listens. | |
Kyvos UI | 8443 | BI Server | Port on which the Kyvos application will run. Port 443 will require sudo user privilege or proxy redirection will be required. This port will be accessible from outside of the VNET (Tableau desktop/server machine VNET) | |
Shuffle | 7003 | Port that will be used for the Query Engine Shuffle Service. | ||
JMX Port | 6603 | Port that receives the Kyvos Query Engine’s health. Required only when JMX is enabled. | ||
Web Portal | AJP Port | 8009 | Port on which the AJP connector creates a socket and awaits an incoming connection. | |
Shut-down Port | 8005 | Port used for shutting down the Tomcat server. | ||
Kyvos Web UI | 8081 | BI Server | Port on which Kyvos Web client will run. | |
JMX Port | 6605 | Port that receives the Kyvos Web Portal’s health. Required only when JMX is enabled. | ||
TLS port (one-way) | 8443 | BI Server | Connector port for Kyvos web portal with one-way TLS authentication. | |
TLS port (mutual authentication) | 8444 | BI Server | Connector port for Kyvos web portal for TLS with Mutual Authentication. | |
Load Balancer connector port  | 9091 | Load Balancer | Port that is used when Kyvos cluster nodes and Databricks cluster are in different network and not shared using VPC peering. | |
Repository | Postgres SQL Port | 45421 | BI Server | Port at which Kyvos embedded Postgres SQL Backend is installed. |
SSH Port | SSH | 22 | Kyvos Manager | To install and Manage Kyvos Service on Web Portal Server, BI Server, Query Engine, Postgres Server, Kyvos Manager Agent, and Zookeeper. For downloading libraries and configuration files on Dataproc and EMR |
Web Server HA (Optional) | Multicast Port | 45564 | Membership between web servers is established using multicast heartbeats. All Tomcat hosts with the same multicast IP address and port are members of the same cluster. | |
Receiver Port | 4000 | Port at which a Tomcat host listens for communications with other Tomcat hosts. | ||
Kyvos Manager | Kyvos Manager UI | 8080 | Port on which Kyvos Manager UI will run. | |
Kyvos Cluster Manager | 4000 | Port on which the Kyvos Cluster Manager Web UI will run. | ||
TLS port | 9444 | Kyvos Manager TLS port. | ||
Zookeeper | 2181, 2888, 3888 | Ports on which Zookeeper service will run. | ||
HTTPS port | 443 | BI Server | Port used to connect to HTTPS endpoints. | |
HTTP port | 80 | Port used to connect to HTTP endpoints. | ||
BI Server Accessility Port | Ping other instances | 7 | Kyvos Manager Server | Port used by Kyvos Manager to check connectivity with all other instances. |
Tomcat HA with virtual host setting | Multicast Port | 45564 | Membership between web servers is established using multicast heartbeats. All Tomcat hosts with the same multicast IP address, and port are members of the same cluster. | |
Receiver Port | 4000 | Port at which a Tomcat host listens for communications with other Tomcat hosts. | ||
Dataproc | 3306, 8030, 8031, 8032, 8033, 8042, 8088, 9083, 8188, 18080, 8050, 8051, 8020, 10020, 19888, 10033, 8188, 9870, 10200, 10000, 10002, 22, 45460, 9866, 8998, and 9867 | BI Server | ||
EMR | 8030, 8031, 8032, 8033, 9083, 8188, 18080, 8050, 8051, 8020, 10020, 19888, 10033, 8188, 9870, 10200, 10000, 10002, 9866, 9867 | BI Server | ||
Databricks | 443 | BI Server |
When TLS is configured, use:
Kyvos web portal TLS one way authentication connector port: 8443
Kyvos web portal TLS two-way authentication connector port:8444
Kyvos Manager TLS port:Â 9443
TLS + Mutual Authentication port: 9444Â
When SSL is configured, use:
Kyvos Manager Server HTTPS port: 10443
AWS EMR Services portsÂ
When troubleshooting between the EMR master and Worker node in AWS, use:Â
Component | Port Number | Service description |
---|---|---|
HDFSÂ | 9870Â | Namenode Web UI |
9864 | DataNode Web UI | |
Hive | 10002 | HiveServer2 Web UI |
15002 | LLAP daemon Web UI | |
YARNÂ | 19888 | JobHistory Server Web UI |
10033 | JobHistory Server Admin Web UI | |
20888 | Application Timeline Server HTTPS Web UI (Yes) | |
8190 | Application Timeline Server HTTPS Web UI (No) | |
18080 | Spark HistoryServer UIÂ | |
18480Â | Spark HistoryServer UIÂ (SSL) |
TCP Ports for No-Spark Kubernetes Deployments
For all inbound rules, the source Security Group should be attached to the BI server, such as eks-cluster-sg-kyvosEks-{STACK-NAME}-random number.
TCP Port Number | Component |
---|---|
6903 | Security Group |
2181 | Web Server Security Group |
2181 | BI Server Security Group |
45460 | BI Server Security Group |
6803 | BI Server Security Group |
Copyright Kyvos, Inc. All rights reserved.