Show Table of Contents
2.4. Additional Requirements
The following additional requirements must be met before the Satellite Proxy installation can be considered complete:
- Full Access
- Client systems need full network access to the Satellite Proxy services and ports.
- Firewall Rules
- Red Hat strongly recommends setting up a firewall between the Satellite Proxy and the Internet. However, depending on your Satellite Proxy implementation, you need to open several TCP ports in this firewall:
Table 2.1. Ports to Open on the Satellite Proxy
Port Direction Reason 80 Outbound The Satellite Proxy uses this port to reach your Satellite URL. 80 Inbound Client requests arrive using either HTTP or HTTPS. 443 Inbound Client requests arrive using either HTTP or HTTPS. 443 Outbound The Satellite Proxy uses this port to reach the Satellite URL. 4545 Outbound If your Satellite Proxy is connected to a Satellite Server, Monitoring makes connections to rhnmdrunning on client systems through this TCP port, if Monitoring is enabled and probes are configured to registered systems.5222 Inbound Allows osadclient connections to thejabberddaemon on the Satellite Proxy when using Red Hat Network Push technology.5269 Outbound If the Satellite Proxy is connected a Satellite Server, this port must be open to allow server-to-server connections using jabberdfor Red Hat Network Push Technology. - Synchronized System Times
- Time sensitivity is a significant factor when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative the time settings on the clients and server are close together so that the SSL certificate does not expire before or during use. It is recommended that Network Time Protocol (NTP) be used to synchronize the clocks.
- Fully Qualified Domain Name (FQDN)
- The system upon which the Satellite Proxy is installed must resolve its own FQDN properly.
- Backups of Login Information
- It is imperative that customers keep track of all primary login information. For Satellite Proxy, this includes user names and passwords for the Organization Administrator account and SSL certificate generation. Red Hat strongly recommends this information be copied onto two separate back-up disks (CD/DVD/removable hard drives), printed out on paper, and stored in a safe place.
- Distribution Locations
- Because the Satellite Proxy forwards virtually all local HTTP requests to the central Red Hat Network servers, take care in putting files destined for distribution (such as in a kickstart installation tree) in the non-forwarding location on the Satellite Proxy:
/var/www/html/pub/. Files placed in this directory can be downloaded directly from the Satellite Proxy. This can be especially useful for distributing GPG keys or establishing installation trees for kickstart files.
Red Hat recommends that the system running the code should not be publicly available. Only system administrators should have shell access to these machines. All unnecessary services should be disabled. Use
ntsysv or chkconfig to disable services.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.