Designating Ports and Multicast Addresses

About Ports and Multicast Addresses

While you are creating operating system user accounts and groups, you need to review the set of ports that the SAS servers, third-party servers, and spawners in your system will use by default. If any of these ports are unavailable, select an alternate port and record the new port on the following ports pre-installation checklist Pre-installation Checklist for Ports for SAS.
You need to plan for designating IP multicast addresses for all of the machines in your SAS deployment. Multicasting simplifies the ongoing management and deployment of SAS web applications by providing the flexibility to customize the SAS middle tier and to distribute SAS web components to implement load balancing.

Multicast Address Considerations

Note: By default, multicasting is not used in the typical SAS deployment, and SAS Remote Services is turned off. If you created a custom application that uses SAS Remote Services, you can use multicasting and enable SAS Remote Services.
The SAS Deployment Wizard prompts you to supply a multicast address for inter-machine communication. The wizard provides you with a default multicast address that it generates based on the machine's IP address and the admin-local scope that is recommended in RFC 3171 (IPv4) or RFC 4291 (IPv6).
A multicast group communication protocol is used to communicate among middle-tier SAS applications in a single SAS deployment (the SAS applications connected to the same SAS Metadata Server). The combination of multicast IP address and multicast UDP port should be different for each SAS deployment and different from those used by other multicast applications at your site.
The IP multicast address must be valid for IP multicasting and should be in the range 224.0.0.0 to 239.255.255.255 for IPv4 or have the prefix ff00::/8 for IPv6. Typically, the chosen IP multicast address is in the admin-local scope block, which corresponds to 239/8 for IPv4 and ff14::/8 for IPv6. The sample address provided during configuration by the SAS Deployment Wizard conforms to these standards. The address should be unique to SAS applications for the subnet that they are installed on.
The IP multicast UDP port should be open and usable on any machine on which a middle-tier application is to be installed. This is a UDP port and does not conflict with any previous TCP port definitions such as the SAS Metadata Server. The multicast group communication is intended to be used only within your data center environment. Many sites keep their data center network separated from users via a firewall that will automatically isolate the multicast protocol. Alternatively, the time to live (TTL) parameter can be used to restrict the scope of multicast communication. Your network administrator can suggest a TTL setting to limit the scope of multicast. The TTL option and the authentication token option both have security implications.
The multicast TTL parameter (default = 1, range = 0–255) affects the number of network hops a multicast packet can take before being dropped. This TTL value must be greater than or equal to the highest number of hops between any two servers containing SAS products. In addition, some network router documentation recommends that multicast datagrams with initial TTL=0 are restricted to the same host, multicast datagrams with initial TTL=1 are restricted to the same subnet, and multicast datagrams with initial TTL=32 are restricted to the same site. Consult your network router documentation or your network administrator to determine the correct values for your environment.
Note: Make sure that all of the machines in your SAS 9.4 deployment are members of the same subnet or be sure to set the default TTL value to a number higher than 1. The deployment wizard lets you set the TTL value during SAS 9.4 deployment. For information about how to change this option after deployment, see Administering Multicast Options in SAS Intelligence Platform: Middle-Tier Administration Guide.
Because the multicast protocol conveys credentials, it is protected via encryption. By default, the multicast group communication is protected only with a fixed encryption key that is built into the software. If your middle tier is running in an environment that is not well-isolated from user access, then you might want better protection against eavesdroppers and unauthorized group participants. In this case, choose an authentication token known only to your SAS middle-tier administrative users. The authentication token is a password-like string needed to connect to the multicast group and create a site-specific encryption key.
The deployment wizard default simplifies configuration by using the authentication token that is built into the software. This option is best used in development and other low-security environments. It might also be appropriate in higher-security environments where the multicast group communication is isolated from the user community, either via a firewall or TTL option, and where all data center administrative users and operational users have sufficient security approval.
If your multicast group communication is not within a well-isolated data center environment, or if the security procedures at your site require protection for administrative users and operational users in various roles, you should specify an authentication token that is known only to the administrators of the SAS environment. The same token string must be supplied on each tier in the configuration.
By default, there is a code-level authentication token shared between all SAS middle-tier applications to prevent access to the multicast group from unauthorized listeners. If you choose to use a customized authentication token, use the deployment wizard to enter an authentication token value that meets your organization's security guidelines. The authentication token can be any password-like string. In a multi-tier configuration, a prompt appears on each tier that has an application participating in the SAS multicast group. You must provide the same authentication token string to each tier in the same SAS deployment (that is, each tier associated with the same SAS Metadata Server).

Pre-installation Checklist for Ports for SAS

Use the following pre-installation checklist to see what ports are used for SAS by default and to record the port numbers that you are actually using.
Note: The SAS Deployment Wizard prompts you for this information. You cannot complete the installation without providing it.
The last digit of the default port number reflects the configuration level that you select in the SAS Deployment Wizard. For example, if you select Lev1, the default port for the SAS Metadata Server is 8561. If you select another level, such as Lev2, the wizard changes the default port to 8562.
Note: This checklist is superseded by a more complete and up-to-date checklist that can be found at http://support.sas.com/installcenter/plans. This website also contains a corresponding deployment plan and an architectural diagram. Consult the pre-installation checklist provided by your SAS representative for a complete list of ports that you must designate.
Pre-installation Checklist for Ports
Server or Spawner
Default Port
Data Direction
Actual Port You Are Using
E-mail server
25
Outbound
HTTP server
80 (Windows)
7980 (UNIX)
Inbound and outbound
HTTP server (secure port)
443 (Windows)
8343 (UNIX)
Inbound and outbound
SAS Remote Services
5091
Inbound
SAS OLAP Server
5451
Inbound and outbound
SAS Deployment Agent
5660
Inbound and outbound
Event Broker administration
6051
Inbound
SAS Web Application Server JMX Port
6969
Inbound
SAS Environment Manager
7080
Inbound and outbound
SAS Environment Manager (secured)
7443
Inbound and outbound
SAS/CONNECT server and spawner
7551
Inbound and outbound
SAS Web Report Studio In-Process Scheduling UDP Port 1
7570
Inbound and outbound
SAS Web Report Studio In-Process Scheduling UDP Port 2
7571
Inbound and outbound
SAS Web Report Studio In-Process Scheduling UDP Port 3
7572
Inbound and outbound
Event Broker HTTP
8111
Inbound
Operating System Services scheduler
8451
Inbound
SAS/SHARE server
8551
Inbound
Multicast (UDP port)
8561
Inbound and outbound
SAS Metadata Server
8561
Inbound and outbound
SAS Object Spawner: operator port
8581
Inbound
8591
Inbound
SAS Stored Process Server: bridge connection
8601
Inbound
SAS Stored Process Server: load balancing connection 1 (MultiBridge)
8611
Inbound
SAS Stored Process Server: load balancing connection 2 (MultiBridge)
8621
Inbound
SAS Stored Process Server: load balancing connection 3 (MultiBridge)
8631
Inbound
8701
Inbound
SAS Object Spawner: SAS Pooled Workspace Server port bank 1
8801
Inbound
SAS Object Spawner: SAS Pooled Workspace Server port bank 2
8811
Inbound
SAS Object Spawner: SAS Pooled Workspace Server port bank 3
8821
Inbound
SAS Stored Process Server: load balancing connection 3 (MultiBridge)
8631
Inbound
SAS Web Infrastructure Platform Database Server
9432
Inbound and outbound
SAS LASR Analytic Server Monitor RMI port
9971
Inbound and outbound
SAS High-Performance Analytics environment port
10010
Inbound
SAS High-Performance Computing Management Console server
10020
Inbound
SAS Deployment Tester server
10021
Inbound
SAS Visual Analytics (Autoload)
10031
Inbound
SAS Information Retrieval Studio
10651
Inbound
SAS Information Retrieval Studio
proxy server
10661
Inbound
SAS Information Retrieval Studio
proxy server admin
10671
Inbound
SAS Information Retrieval Studio
proxy server web admin
10681
Inbound
SAS Information Retrieval Studio
pipeline server
10691
Inbound
SAS Information Retrieval Studio
pipeline server admin
10701
Inbound
SAS Information Retrieval Studio
pipeline server web admin
10711
Inbound
SAS Information Retrieval Studio
index builder
10721
Inbound
SAS Information Retrieval Studio
query server
10731
Inbound
SAS Information Retrieval Studio
query statistics server
10741
Inbound
SAS Information Retrieval Studio
query statistics server UDP
10741
Inbound
SAS Information Retrieval Studio
crawler admin
10751
Inbound
SAS Information Retrieval Studio
web query server
10761
Inbound
TCP port for middle-tier cache communications1
0–65535
Inbound and outbound
Hadoop Service on the Name Node
15452
Inbound
Hadoop Service on the Data Node
15453
Inbound
Cache Locator port
41415
Inbound and outbound
Cache Locator membership port range2
(TCP/UDP port range)
1024–65535
Inbound and outbound
Hadoop Data Node address
50010
Inbound
Hadoop Data Node IPC address
50020
Inbound
Hadoop TaskTracker
50060
Inbound
Hadoop Name Node web interface
50070
Inbound
Hadoop Data Node HTTP address
50075
Inbound
Hadoop secondary Name Node
50090
Inbound
Hadoop Name Node backup address
50100
Inbound
Hadoop Name Node backup HTTP address
50105
Inbound
Hadoop Name Node HTTPS address
50470
Inbound
Hadoop Data Node HTTPS address
50475
Inbound
SAS High-Performance Deployment of Hadoop
54310
Inbound
JMS Server Port
61616
Inbound and outbound
1If the default port is set to zero, the operating system selects an available port. Each process on a machine must have its own TCP port. Some operating systems restrict the range of ports usable by non-privileged users, and using restricted port numbers can cause run-time errors in GemFire start-up.
2The range of ephemeral ports available for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system. These ephemeral ports are created from available ports in a system.
Last updated: August 1, 2017