Summary

Diagrams and links to tables for all the external communication ports used by Tachyon and locally installed consumer applications. Useful, if needed, for configuring network and device firewalls.

Please refer to Tachyon Architecture for architecture diagrams.

On this page:

Connections diagram

Firewall requirements

The following table lists firewall requirements for a single-server where Tachyon Master Stack and Response Stack are installed on the same server. The table assumes a remote SQL Server hosting TachyonMaster and TachyonResponses databases.Each Tachyon component described in the table has at least one output and/or input. For each Tachyon component with an output there is a matching input.

Firewalls normally protect against incoming traffic from remote devices, however the table below also includes outgoing connections. The table does not include internal communications within the Server.

In addition to but not included in the table are various ports that Tachyon uses to communicate with Microsoft services, including Certificate Services and Active Directory. The Coordinator Workflow service queries AD for email details; the Consumer API query AD for security details.

Port requirements are not provided here for Nomad, Shopping and WakeUp modules of the 1E Client.  Only the ports used by the Tachyon client feature of the 1E Client are listed.

If 1E Nomad module is being used by the Tachyon client on Windows computers, it has additional port requirements of its own, which are not changed by Tachyon.

Additional ports may be required if Tachyon instructions need to connect to non-Tachyon content sources.

There may be additional requirements if the environment has had default security settings changed.

Tachyon Servers

DevicePortProtocolDirectionUsageConfigurable

Tachyon Server (Master Stack)

TCP 443HTTPSIncoming
  • Console browser connections to Tachyon Portal UI
  • Console browser connections to SLA Platform UI

  • Console browser connections to 1E Catalog UI
  • Consumer connections to ActiveEfficiency 
  • Consumer connections to Catalog API 
  • Consumer connections to Consumer API

  • Consumer connections to SLA Operations Provider API

Yes, during installation. In the Website Configuration panel in Tachyon Setup.

See Tachyon Server installer properties: HTTPSIISPORT.

Tachyon Setup installs other components using the same settings as Tachyon Server.

Tachyon Server (Master Stack)

TCP 80HTTPIncoming
  • Console browser connections to SLA Platform UI

  • Console browser connections to 1E Catalog UI
  • Consumer connections to ActiveEfficiency 
  • Consumer connections to Catalog API 

  • Consumer connections to SLA Operations Provider API

Yes, during installation. In the Website Configuration panel in Tachyon Setup.

See Tachyon Server installer properties: HTTPSIISPORT.

Tachyon Setup installs other components using the same settings as Tachyon Server.



Tachyon Server (Response Stack)

TCP 443HTTPSIncoming
  • Tachyon client retrieving content from the Background Channel.

Yes, during installation. In the Website Configuration panel in Tachyon Setup.

See Tachyon Server installer properties: HTTPSIISPORT.

Tachyon Server (Master Stack)

TCP 443HTTPSOutgoing
  • Tachyon Coordinator service contacting the 1E Cloud License Service via Internet connection.
  • 1E Catalog Update service contacting the 1E Cloud Catalog Service via Internet connection.
The port used to connect to the 1E Cloud Services is not configurable.

Tachyon Server (Master Stack)

TCP 6002WebSocket (ws)Incoming Outgoing
  • Integrate Agent service connecting to the Integrate Manager Web API to get connector jobs

Yes, configurable after installation.

Integrate Agent component is not shown on the diagram, and installation on remote systems is not supported.

Tachyon Server (Response Stack)

TCP 4000WebSocketSecure (wss)Incoming
  • Tachyon clients receiving instructions from and sending compressed responses to the Tachyon Switch.

Switch ports are not configurable using the Server installer.

A Switch port can be changed post-installation, by configuring the value in the Port column for the relevant Switch in the SwitchConfiguration table in the Tachyon Master database.

If the Switch port is changed after deploying 1E Clients (with Tachyon features enabled) then the corresponding Switch port must be updated in each Client's configuration file.

Tachyon clients initiate and maintain a WebSocket Secure connection to a Switch, which the Switch uses to communicate back to the Tachyon clients.

Tachyon Server (Master Stack)

TCP 25SMTPOutgoing
  • Tachyon Coordinator service sending two-factor authentication emails.
  • Tachyon Coordinator service sending workflow emails.

Yes.

In this version of Tachyon, SMTP Authentication is not configurable using the Server installer. The default is anonymous authentication. However, it can be changed post-installation. For details of changing the SMTP configuration and disabling email notifications, please refer to Tachyon Server post-installation tasks: Changing the SMTP Host configuration.

Tachyon Server (Master Stack)

TCP 1433TDSOutgoing
  • Tachyon Web Site application pools (Portal, Consumer API) communicating with SQL Server.
  • SLA Platform Web Site application pools (Admin, CoreExternal, Platform) communicating with SQL Server.
  • Tachyon Coordinator service communicating with SQL Server.
  • Catalog services and application pool communicating with SQL Server.
  • 1E Catalog Update service communicating with SQL Server.

Not configurable from Setup.

In the Database Servers panel in Tachyon Setup you can select a SQL Server instance. The instance can be installed using a non-standard port.

However, selecting an instance that uses a non-standard port will not change the port used by the Tachyon Installer, and installation will fail. If you require the use of a non-standard port on a Default SQL Server instance, contact 1E for guidance on a manual workaround.

If using a Named Instance that is set to its default configuration where the server automatically chooses a random port (or if you manually configured the instance to use a fixed port), then the SQL Browser service needs to be enabled to let the Tachyon Server determine the port in use. You will need to open UDP port 1434 used by the SQL Browser.

See Tachyon Server installer properties: SQLSERVER_MASTER.

Tachyon Server (Response Stack)

TCP 1433TDSOutgoing
  • Tachyon Web Site application pools (Core and Core Internal) communicating with SQL Server (mainly uncompressed responses).

Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack).

See Tachyon Server installer properties: SQLSERVER_RESPONSES.

SQL Server (Master Stack)

TCP 1433TDSIncoming
  • Tachyon Web Site application pools (Consumer API, Portal) communicating with SQL Server.
  • Tachyon Coordinator service communicating with SQL Server.
  • Tachyon Web Site application pools (Core) communicating with SQL Server.
  • SLA linked server connections to SLA-BI and Catalog databases.
  • SSAS cube connections to their corresponding SQL databases (BI and Experience).

Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack).

See Tachyon Server installer properties: SQLSERVER_MASTER.

SQL Server (Response Stack)

TCP 1433TDSIncoming
  • Tachyon Web Site application pools (Core and Core Internal) communicating with SQL Server (mainly uncompressed responses).

Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack).

See Tachyon Server installer properties: SQLSERVER_RESPONSES.

SSAS Server (Master Stack)

TCP 1433TDSOutgoing
  • SLA linked server connections to SLA-BI and Catalog databases.
  • SSAS cube connections to their corresponding SQL databases (BI and Experience).
Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack).

Tachyon Server (Master Stack)

TCP 2382/3ADOMDOutgoing
  • SLA-BI linked server connection to the SLA-BI cube.
  • Tachyon Experience connection to the Tachyon Experience cube.
Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack).

SQL Server (Master Stack)

TCP 2382/3ADOMDOutgoing
  • SSAS cube connections to their corresponding SQL databases (BI and Experience).
Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack).

SSAS Server (Master Stack)

TCP 2382/3ADOMDIncoming
  • SLA-BI linked server connection to the SLA-BI cube.
  • Tachyon Experience connection to the Tachyon Experience cube.
  • Third party BI Tools connecting to SSAS cubes.
Not configurable from Setup. See the comments above for the Tachyon Server (Master Stack).

Tachyon clients

Tachyon clients

TCP 4000WebSocket Secure (wss)Outgoing
  • Tachyon client receiving instructions from and sending compressed responses to the Tachyon Switch.

Yes. See Tachyon client settings: SWITCH.

Anything other than port 4000 requires a Tachyon Server with a Switch using the same port number.

Tachyon clients initiate and maintain a WebSocket Secure connection to a Switch, which the Switch uses to communicate back to the Tachyon client.

Tachyon clients

TCP 443HTTPSOutgoing
  • Tachyon client retrieving content from the Background Channel.

Yes, during installation. See Tachyon client settings: BACKGROUNDCHANNELURL.

Browsers

TCP 443HTTPSOutgoing
  • Browsers connection to the Tachyon Portal (Explorer, Settings and other applications).
  • Browsers connection to the SLA Platform UI.
  • Browsers connection to the Consumer API.
Anything other than port 443 requires the port number to be included in the browser URL when connecting to the Tachyon Portal, API or SLA Platform UI.

Browsers

TCP 80HTTPOutgoing
  • Console browser connections to the 1E Catalog UI
Anything other than port 80 requires the port number to be included in the browser URL when connecting to the 1E Catalog UI.