Red Hat Training

A Red Hat training course is available for Red Hat Satellite

2.3. Additional Requirements

The following additional requirements must be met before the Satellite Proxy installation can be considered complete:
Full Access
Client systems need full network access to the Satellite Proxy services and ports.
Firewall Rules
Red Hat strongly recommends setting up a firewall between the Satellite Proxy and the Internet. However, depending on your Satellite Proxy implementation, you need to open several TCP ports in this firewall:

Table 2.1. Ports to Open on the Satellite Proxy

Port Direction Reason
80 Outbound The Satellite Proxy uses this port to reach your Satellite URL.
80 Inbound Client requests arrive using either HTTP or HTTPS.
443 Inbound Client requests arrive using either HTTP or HTTPS.
443 Outbound The Satellite Proxy uses this port to reach the Satellite URL.
5222 Inbound Allows osad client connections to the jabberd daemon on the Satellite Proxy when using Red Hat Network Push technology.
5269 Inbound and Outbound If the Satellite Proxy is connected a Satellite Server, this port must be open to allow server-to-server connections using jabberd for Red Hat Network Push Technology.
Synchronized System Times
Time sensitivity is a significant factor when connecting to a Web server running SSL (Secure Sockets Layer); it is imperative the time settings on the clients and server are close together so that the SSL certificate does not expire before or during use. It is recommended that Network Time Protocol (NTP) be used to synchronize the clocks.
Fully Qualified Domain Name (FQDN)
The system upon which the Satellite Proxy is installed must resolve its own FQDN properly.
Distribution Locations
Because the Satellite Proxy forwards virtually all local HTTP requests to Red Hat Satellite, take care in putting files destined for distribution (such as in a kickstart installation tree) in the non-forwarding location on the Satellite Proxy: /var/www/html/pub/. Files placed in this directory can be downloaded directly from the Satellite Proxy. This can be especially useful for distributing GPG keys or establishing installation trees for kickstart files.
Bandwidth
Network bandwith is important for communication among Satellites, Proxies, and Clients. To accomodate high volume traffic, Red Hat recommends a high bandwidth on a network capable of delivering packages to many systems and clients. As a guide, Red Hat provides a set of estimates for package transfer from one system to another over various speeds.

Table 2.2. Bandwidth estimates
Single Package (10Mb)
Minor Release (750Mb)
Major Release (6Gb)
256Kbps
5 Mins 27 Secs
6 Hrs 49 Mins 36 Secs
2 Days 7 Hrs 55 Mins
512Kbps
2 Mins 43.84 Secs
3 Hrs 24 Mins 48 Secs
1 Day 3 Hrs 57 Mins
T1 (1.5Mbps)
54.33 Secs
1 Hr 7 Mins 54.78 Secs
9 Hrs 16 Mins 20.57 Secs
10Mbps
8.39 Secs
10 Mins 29.15 Secs
1 Hr 25 Mins 53.96 Secs
100Mbps
0.84 Secs
1 Min 2.91 Secs
8 Mins 35.4 Secs
1000Mbps
0.08 Secs
6.29 Secs
51.54 Secs
Red Hat recommends at least a 100Mbps network speed for minor and major releases. This avoids timeouts for transfers longer than 10 minutes. All speeds are relative to your network setup.
Red Hat recommends that the system running the code should not be publicly available. Only system administrators should have shell access to these machines. All unnecessary services should be disabled. Use ntsysv or chkconfig to disable services.