Contents
Connections diagram
Firewall requirements
The following table lists firewall requirements for a single-server where Tachyon Master Stack and Response Stack are installed on the same server. The table assumes a remote SQL Server hosting TachyonMaster and TachyonResponses databases.Each Tachyon component described in the table has at least one output and/or input. For each Tachyon component with an output there is a matching input.
Firewalls normally protect against incoming traffic from remote devices, however the table below also includes outgoing connections. The table does not include internal communications within the Server.
In addition to but not included in the table are various ports that Tachyon uses to communicate with Microsoft services, including Certificate Services and Active Directory. The Coordinator Workflow service queries AD for email details; the Consumer API query AD for security details.
Port requirements are not provided here for Nomad, Shopping and WakeUp modules of the 1E Client. Only the ports used by the Tachyon client feature of the 1E Client are listed.
If 1E Nomad module is being used by the Tachyon client on Windows computers, it has additional port requirements of its own, which are not changed by Tachyon.
Additional ports may be required if Tachyon instructions need to connect to non-Tachyon content sources.
There may be additional requirements if the environment has had default security settings changed.
Tachyon Servers
Device | Port | Protocol | Direction | Usage | Configurable |
---|---|---|---|---|---|
Tachyon Server (Master Stack) | TCP 443 | HTTPS | Incoming |
| Yes, during installation. In the Website Configuration panel in Tachyon Setup. See Tachyon Server installer properties: HTTPSIISPORT. Tachyon Setup installs other components using the same settings as Tachyon Server. |
Tachyon Server (Master Stack) | TCP 80 | HTTP | Incoming |
| Yes, during installation. In the Website Configuration panel in Tachyon Setup. See Tachyon Server installer properties: HTTPSIISPORT. Tachyon Setup installs other components using the same settings as Tachyon Server. |
Tachyon Server (Response Stack) | TCP 443 | HTTPS | Incoming |
| Yes, during installation. In the Website Configuration panel in Tachyon Setup. |
Tachyon Server (Master Stack) | TCP 443 | HTTPS | Outgoing |
| The port used to connect to the 1E Cloud Services is not configurable. |
Tachyon Server (Master Stack) | TCP 6002 | WebSocket (ws) | Incoming Outgoing |
| Yes, configurable after installation. Integrate Agent component is not shown on the diagram, and installation on remote systems is not supported. |
Tachyon Server (Response Stack) | TCP 4000 | WebSocketSecure (wss) | Incoming |
| Switch ports are not configurable using the Server installer. A Switch port can be changed post-installation, by configuring the value in the Port column for the relevant Switch in the SwitchConfiguration table in the Tachyon Master database. If the Switch port is changed after deploying 1E Clients (with Tachyon features enabled) then the corresponding Switch port must be updated in each Client's configuration file. Tachyon clients initiate and maintain a WebSocket Secure connection to a Switch, which the Switch uses to communicate back to the Tachyon clients. |
Tachyon Server (Master Stack) | TCP 25 | SMTP | Outgoing |
| Yes. In this version of Tachyon, SMTP Authentication is not configurable using the Server installer. The default is anonymous authentication. However, it can be changed post-installation. For details of changing the SMTP configuration and disabling email notifications, please refer to Tachyon Server post-installation tasks: Changing the SMTP Host configuration. |
Tachyon Server (Master Stack) | TCP 1433 | TDS | Outgoing |
| Not configurable from Setup. In the Database Servers panel in Tachyon Setup you can select a SQL Server instance. The instance can be installed using a non-standard port. However, selecting an instance that uses a non-standard port will not change the port used by the Tachyon Installer, and installation will fail. If you require the use of a non-standard port on a Default SQL Server instance, contact 1E for guidance on a manual workaround. If using a Named Instance that is set to its default configuration where the server automatically chooses a random port (or if you manually configured the instance to use a fixed port), then the SQL Browser service needs to be enabled to let the Tachyon Server determine the port in use. You will need to open UDP port 1434 used by the SQL Browser. |
Tachyon Server (Response Stack) | TCP 1433 | TDS | Outgoing |
| Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack). See Tachyon Server installer properties: SQLSERVER_RESPONSES. |
SQL Server (Master Stack) | TCP 1433 | TDS | Incoming |
| Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack). |
SQL Server (Response Stack) | TCP 1433 | TDS | Incoming |
| Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack). See Tachyon Server installer properties: SQLSERVER_RESPONSES. |
SSAS Server (Master Stack) | TCP 1433 | TDS | Outgoing |
| Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack). |
Tachyon Server (Master Stack) | TCP 2382/3 | ADOMD | Outgoing |
| Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack). |
SQL Server (Master Stack) | TCP 2382/3 | ADOMD | Outgoing |
| Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack). |
SSAS Server (Master Stack) | TCP 2382/3 | ADOMD | Incoming |
| Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack). |
Tachyon clients
Tachyon clients | TCP 4000 | WebSocket Secure (wss) | Outgoing |
| Yes. See Tachyon client settings: SWITCH. Anything other than port 4000 requires a Tachyon Server with a Switch using the same port number. Tachyon clients initiate and maintain a WebSocket Secure connection to a Switch, which the Switch uses to communicate back to the Tachyon client. |
---|---|---|---|---|---|
Tachyon clients | TCP 443 | HTTPS | Outgoing |
| Yes, during installation. See Tachyon client settings: BACKGROUNDCHANNELURL. |
Browsers | TCP 443 | HTTPS | Outgoing |
| Anything other than port 443 requires the port number to be included in the browser URL when connecting to the Tachyon Portal, API or SLA Platform UI. |
Browsers | TCP 80 | HTTP | Outgoing |
| Anything other than port 80 requires the port number to be included in the browser URL when connecting to the 1E Catalog UI. |