Configuring firewall access
Firewalls protect valuable data from public access. If your data sources reside behind a firewall for protection, and you are not using Satellite Link or Secure Gateway for connections, then you must configure the firewall to allow the IP addresses for Cloud Pak for Data as a Service and also for individual services. Otherwise, Cloud Pak for Data as a Service is denied access to the data sources.
To allow Cloud Pak for Data as a Service access to private data sources, you configure inbound firewall rules using the security mechanisms for your firewall. Inbound firewall rules are not required for connections that use either a Satellite Link or Secure Gateway, as both establish a link by performing an outbound connection.
All services in Cloud Pak for Data as a Service actively use WebSockets for the proper functioning of the user interface and APIs. Any firewall between the user and the Cloud Pak for Data as a Service domain must allow HTTPUpgrade. If Cloud Pak for Data as a Service is installed behind a firewall, traffic for the wss:// protocol must be enabled.
Configuring inbound access rules for firewalls
If data sources reside behind a firewall, then inbound access rules are required for Cloud Pak for Data as a Service. Inbound firewall rules protect the network against incoming traffic from the internet. The following scenarios require inbound access rules through a firewall:
- Firewall access for Cloud Pak for Data as a Service
- Firewall access for DataStage
- Firewall access for Cloud Object Storage
- Firewall access for AWS Redshift
- Firewall access for Watson Studio
- Firewall access for Watson Machine Learning
- Firewall access for Spark
Parent topic: Setting up the platform for administrators