Use the information below to configure OS Services for IAP.
Configure the following services to start on boot.
- NTPD - Provides synchronization of time across all the systems. This is important to keep consistency in audit trails and logging.
- NSCD - This service is a name server caching daemon. Best practice dictates that frequently accessed hosts should be configured in the
/etc/hostsfile (example: MongoDB server). The name server caching daemon helps improve operational performance of the platform by caching DNS lookups for a configurable period, as opposed to performing a separate DNS lookup request for each transaction the system needs to perform. This should be used in environments where hosts file configuration is not feasible or allowed.
Configure host firewall protection services, e.g. IP Tables, to protect incoming traffic wherever feasible.
The following list of open ports may be different for your environment. These ports are required. Please see your system administrator or network security officer.
- Allow established connections.
- Allow all packets on the loopback
interfaceAllowSSH, TCP port 22, from the management network. - Allow DNS, UDP port 53, from configured DNS servers.
- Allow NTP, UDP port 123, from configured NTP servers.
- Allow MongoDB, TCP port 27017, from IAP servers.
- Allow IAP HTTPS, default is TCP port 3443, from the northbound network.