How Network Access Control is Determined by the Host Region
Oracle Big Data Cloud Service provides different ways to control network access to a cluster, depending on what kind of region it’s in.
The region that hosts a service instance is selected or assigned when the service instance is created. It can be either of the following:
-
An Oracle Cloud Infrastructure region, which contains one or more availability domains. Each availability domain contains one or more data centers. See Regions and Availability Domains.
-
An Oracle Cloud Infrastructure Classic region, which contains one or more data centers that are not part of an availability domain. See About Oracle Data Regions.
In either case, network access is controlled by a firewall that uses the Linux iptables utility to filter network traffic. The firewall can be configured to accept or deny network requests from specified clients for services at specified ports.
In a new cluster, all ports on all nodes are closed by default, except port 22 (for SSH access), which is open on all nodes. You must open any other ports by using one of the following methods, depending on your region:
-
If your service is hosted in data center in an availability domain, you can control access on any port. You can manage the configuration by using
bdacli firewall
commands at a command prompt or by using graphical tools in Oracle Big Data Manager. See:-
Controlling Network Access for Services in Availability Domains
-
Configuring the Firewall Through Oracle Big Data Manager in Using Oracle Big Data Manager.
-
-
If your service is hosted in a data center that isn’t part of an availability domain, you can control incoming access on three ports only:
22
(SSH),7183
(Cloudera Manager) and8888
(Hue and Oracle Big Data Manager). See Controlling Network Access for Services That Are Not in Availability Domains.