Zenoss Core - Remote Collector Firewall Requirements

From Zenoss Wiki
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search

If you're interested in running a distributed (aka remote) collector in your Zenoss Core installation, there are firewall requirements which will need to be opened for everything to function properly. This document is intended to capture those requirements making it easier for you to know what needs to be configured/opened.

The entity on the left is the one initiating the connection, while the entities across the top are what are being connected to.

Users ZenHub/Master/UI Remote Collector
Users N/A HTTP:8080
ZenHub/Master/UI None N/A HTTP:8091*
SSH:22 (With Trusted keys)
Remote Collector None ZeoDB:8100
  • I found that using the distrubuted collectors ZenPack, the render URL is created to the remote collector on port 8091. What's more, clients actually make calls (when clicking on device graphs) to the render URL. IMHO this is a bug, but none the less, the client makes the calls. That requirement can be avoided by using HTTP-8090 to the ZenHub and let it proxy those requests over the persistence ZenHub connection that the collector will open to the ZenHub at startup