Page History

...

1. The hub must allow TCP traffic from remote sites to reach its own SHRINE port (the default is TCP port 6443). From the perspective of the hub, traffic coming from downstream sites is considered inbound. Each site will initiate its own TCP connection to the hub, and - once the connection has been established - the hub and the site will use that single TCP connection to exchange all SHRINE-related application data. Both the hub and the remote site will maintain that single connection for as along as SHRINE is running on both ends. The hub does not use any other TCP connection to communicate with the site. The hub administrator needs to exercise caution when configuring network access control, so that the integrity and security of the hub can be maintained.
2. If the hub administrators intend for users to access the hub directly then they must grant user access to the hub's SHRINE application (the default is TCP port 6443).
3. If the network is using external message-oriented-middleware system (AWS SQS or Kafka) the downstream hub site must allow TCP access initiating from the hub's tomcat to that system.
4. If the hub is hosting an external message-oriented-middleware system (Kafka) the hub must allow TCP access initiating from the hub's or any downstream node's tomcat to that system.

...