External Interfaces, Ports, and Services

External Interfaces, Ports, and Services

A number of Pivotal GemFire processes use either UDP or TCP/IP ports to communicate with other processes or clients.

For example:
  • Pivotal GemFire members can use multicast to locate and communicate with peer members. You specify multicast addresses and multicast ports in your gemfire.properties file or as parameters on the command-line if starting the members using gfsh.
  • GemFire clients connect to a locator to discover cache servers.
  • GemFire clients and servers discover each other on a predefined port (40404 by default) on the localhost.
  • JMX clients (such as gfsh and JConsole) can connect to JMX Managers and other manageable GemFire members on the pre-defined RMI port 1099. You can configure a different port if necessary.
  • Each gateway receiver usually has a port range where it listens for incoming communication.

See Firewalls and Ports for the complete list of ports used by GemFire, their default values, and how to configure them if you do not want to use the default value.

Pivotal GemFire does not have any external interfaces or services that need to be enabled or opened.

Resources That Must Be Protected

Certain GemFire configuration files should be readable and writeable only by the dedicated user who runs GemFire servers.

  • gemfire.properties
  • cache.xml
  • gfsecurity.properties
    Note: A default gfsecurity.properties is not provided in the defaultConfigs directory. If you choose to use this properties file, you must create it manually. See Where to Place Security Settings for more information.

The default location of the gemfire.properties and cache.xml configuration files is the defaultConfigs child directory of the main GemFire installation directory.

Log File Locations

By default, the log files are located in the working directory used when you started the corresponding processes.

For GemFire members (locators and cache servers), you can also specify a custom working directory location when you start each process. See Logging for more details.

The GemFire log files are as follows:

  • locator-name.log: Contains logging information for the locator process.
  • server-name.log: Contains logging information for a cache server process.
  • gfsh-%u_%g.log: Contains logging information of an individual gfsh environment and session.
    Note: By default, gfsh session logging is disabled. To enable gfsh logging, you must set the Java system property -Dgfsh. log-level=desired_log_level. See Configuring the gfsh Environment for more information.

These log files should be readable and writable only by the dedicated user who runs the GemFire servers.

If you contact Pivotal technical support for help with an issue and the support engineer requests that you submit log files to help resolve the problem, Pivotal recommends that you remove all sensitive information from the logs before submitting.

User Accounts Created at Installation

When you install Pivotal GemFire on Red Hat Enterprise Linux (RHEL) using the RPM, a user account is automatically created.

This user has the following characteristics:

  • ID: gemfire
  • Group: pivotal
  • Non-interactive, which means that you cannot directly log in to the RHEL computer as this user. Rather, you must log in as root or user with appropriate sudo privileges and su - gemfire.

The GemFire installation directory is owned by the gemfire user, with group pivotal.

When you install GemFire on Windows or from a *.zip or *.tar.gz file, a user account is not automatically created for you.

Obtaining and Installing Security Updates

New versions of Pivotal GemFire often include important security fixes, so Pivotal recommends you keep up to date with the latest releases.

For details about any security fixes in a particular release, see the Pivotal security page.

To download the latest *.zip or *.tar.gz distributions of the Pivotal GemFire, go to the Pivotal GemFire Download Center. For additional download and installation instructions, see Installing Pivotal GemFire.