Skip to content

docs(deployment): ports and protocols #294

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
bwendlandt-intel wants to merge 1 commit into from
Closed

docs(deployment): ports and protocols #294

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions docs/Deployment/apigateway.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
--8<-- "References/abbreviations.md"

Open AMT uses Kong as its open-source API gateway. Kong provides an entry point for external clients, anything not a part of the microservice system, and a comprehensive suite of plugins for various scenarios. Various alternatives exist such as [Azure API Gateway](https://learn.microsoft.com/en-us/azure/architecture/microservices/design/gateway) or [Amazon API Gateway](https://aws.amazon.com/api-gateway/).

Details on which ports must be exposed and what protocols are used are found below.

## Protocols

### Open AMT Services Protocols

| Service | Protocol | Description |
| --------------- | --------- | ------------------------------------------------------------------------------------ |
| Sample Web UI | HTTPS | Front-end Webserver |
| MPS | HTTPS | REST API calls |
| | WSS | Redirection (KVM/SOL) sessions with AMT devices |
| MPS Router | HTTPS | |
| RPS | HTTPS | REST API calls |
| | WSS | Device Activation, Configuration, and Maintenance over Websocket connection with RPC |

## Ports

### Open AMT Ports

#### Microservices

| Service | Port | Description | Existing Kong Routes |
| --------------- | ----- | -------------------------------------------------------------------------------------- | --------------------------------------- |
| Sample Web UI | 80 | Serve the Sample Web UI to the browser | `/` |
| MPS | 3000 | Redirection and REST API calls | `/mps`, `/mps/login/api/v1/authorize` |
| | 4433 | CIRA connection with AMT devices | N/A |
| MPS Router | 8003 | Routing calls to correct MPS instances. Relay for MPS Websocket connections | `/mps`, `/mps/ws/relay/(.*)` |
| RPS | 8080 | Device Activation, Configuration, and Maintenance over Websocket connection with RPC | `/activate` |
| | 8081 | REST API calls (e.g. CIRA Configs, Domains, Profiles) | `/rps` |

#### Client

| Service | Port | Description |
| -------------------------- | ------ | --------------------------------------------------------------------------------------------------------------------- |
| Intel AMT HTTP | 16992 | Used for WS-Man messages to and from Intel AMT. Port is open over the network only when Intel AMT is configured or during configuration. It is always open locally. |
| Intel AMT HTTPS | 16993 | Used for WS-Man messages to and from Intel AMT when TLS is enabled. |
| Intel AMT Redirection/TCP | 16994 | Used for redirection traffic (SOL, Storage Redirection, and KVM using Intel AMT authentication). |
| Intel AMT Redirection/TLS | 16994 | Used for redirection traffic (SOL, Storage Redirection, and KVM using Intel AMT authentication) when TLS is enabled. |

### Reference Services Ports

The following are ports used by the default reference solutions used by Open AMT. These may vary or change based on custom implementations of Open AMT.

| Service | Port |
| --------------- | ----- |
| Postgres | 5432 |
| Vault | 8200 |
| Kong | 8443 |
| Mosquitto | 8883 |
4 changes: 2 additions & 2 deletions docs/Deployment/overview.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ To deploy the Open AMT Cloud Toolkit to a production environment, replace defaul
## Database Selection
The Docker-based PostgreSQL* image used in `docker-compose.yml` provides enough functionality for proof-of-concept creation and development. However, to enable the toolkit for production, leverage a managed database instance offered by a public cloud provider or a database hosted by your internal IT.

Regardless of the deployment scenario (i.e., a VM, Kubernetes, Docker Swarm, a native environment), managing state in your cluster comes with a higher risk of data loss than that of a managed database instance.
Regardless of the deployment scenario (e.g. a VM, Kubernetes, Docker Swarm, or a native environment), managing state in your cluster comes with a higher risk of data loss than that of a managed database instance.

### Default Component

Expand Down Expand Up @@ -58,6 +58,6 @@ The toolkit uses Kong as its open source API gateway. Kong provides an entry poi
### Example Replacements

- [Azure API Gateway](https://docs.microsoft.com/en-us/azure/architecture/microservices/design/gateway)
- [Amazon API Gateway](https://docs.microsoft.com/en-us/azure/architecture/microservices/design/gateway)
- [Amazon API Gateway](https://aws.amazon.com/api-gateway/)
- [Google Cloud Endpoints](https://cloud.google.com/endpoints)
- [Tyk](https://tyk.io/)
1 change: 1 addition & 0 deletions mkdocs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ nav:
- Troubleshooting: Reference/troubleshooting.md
- Deployment:
- Overview: Deployment/overview.md
- API Gateway: Deployment/apigateway.md
- Database Replacement: Deployment/database.md
- Secrets Management: Deployment/secrets.md
- Upgrade Toolkit Version: Deployment/upgradeVersion.md
Expand Down