HOME - IT Specifications
The following abstracts summarize IT related specifications around HOME. You may refer to them when it comes to preparing your network for operating HOME.
Services and Default Ports
The port numbers below normally will not require any changes, however, there are situations where the port numbers below are already in use for example if you are running your own dhcp server.
List of Default Ports
HOME V4.X
# Internally Used Ports - etcd
#
# NOTE: CHANGES TO ETCD PORTS BELOW ONLY AFFECT THE FIRST/INITAL INSTALLATION
# POST INSTALLATION CHANGES TO PORTS REQUIRE MANUAL INTERVENTION
#
node_one_etcd_client_port: 1379 # Listens for inbound etcd client connections on server one
node_two_etcd_client_port: 2379 # Listens for inbound etcd client connections on server two
node_three_etcd_client_port: 3379 # Listens for inbound etcd client connections on server three
node_one_etcd_peer_port: 1380 # Listens for inbound etcd peer (cluster) connections on server one
node_two_etcd_peer_port: 2380 # Listens for inbound etcd peer (cluster) connections on server two
node_three_etcd_peer_port: 3380 # Listens for inbound etcd peer (cluster) connections on server three
#
# Mandatory External Ports - Home Provided Services
#
node_one_nats_port: 4222 # Listens for inbound NATS Client connections on server one
node_two_nats_port: 4222 # Listens for inbound NATS Client connections on server two
node_three_nats_port: 4222 # Listens for inbound NATS Client connections on server three
home_ui_port: 5000 # Provides access to the HomeUI
bifrost_port: 5100 # The backed API serving data to the HomeUI
stash_port: 8085 # Required to upload License files to the HomeUI
auth_ui_port: 5001 # Provides access to the authentication portal for HomeUI signup & access
kratos_port: 4433 # Allows inbound authentication requests to access HomeUI
#
# Recommended External Ports - Home Control & Monitoring Services
#
portainer_ui_port: 9200 # The UI for Portainer to monitor container statistics
portainer_tunnel_port: 8000 # Port for the portainer agent ssh tunnel
prometheus_port: 9100 # Allows prometheus server to recieve inbound metric data from other system components
syslog_ng_port: 3200 # Allows inbound syslog messages from other system components
promtail_port: 3300 # Allows inbound access to configure and control the log dashboards service
node_exporter_port: 9150 # Allows node exporter to expose an endpoint for prometheus to use
ipmi_exporter_port: 9160
#
# Optional External Ports - Home Provided Services
#
nmos_export_startrange: 45000 # Required when NMOS Export is enabled. The port range for virtual NMOS devices created by the NMOS Exporter
dns_server_port: 53 # The Home DNS service
dhcp_server_port: 67 # The Home DHCP service
radius_auth_port: 1812 # Listens for Radius authentication requests
radius_acct_port: 1813 # Listens for Radius accountability reports
portainer_api_port: 8000 # Allows control of portainer contr via REST API
#
# Optional External Ports - Debug CLIs
#
# Each port below exposes a Web based CLI accessible via HomeUI for microservice observability
#
# These are only required when debugging the system and not
# required for operational use.
#
configservice_debug_port: 9040
dhcp_debug_port: 9042
disco_debug_port: 9043
guardian_debug_port: 9092
hdcore_ravenna_proxy_debug_port: 9050
lcu_ember_client_debug_port: 9052
mike_debug_port: 9051
nova_router_proxy_debug_port: 9049
powercoreproxy_debug_port: 9048
prelude_debug_port: 9094
radius_debug_port: 9041
sentinel_debug_port: 9098
splice_debug_port: 9090
switchservice_debug_port: 9044
thirdpartyproxy_debug_port: 9047
nmos_import_debug_port: 9045
nmos_export_debug_port: 9054
umpire_debug_port: 9046
aegis_debug_port: 9053
qsc_debug_port: 9055
veto_debug_port: 9096
HOME V2.X
# Internal Ports - etcd
# NOTE: CHANGES TO ETCD PORTS BELOW ONLY AFFECT THE FIRST/INITAL INSTALLATION
# POST INSTALLATION CHANGES TO PORTS REQUIRE MANUAL INTERVENTION
node_one_etcd_client_port: 1379
node_two_etcd_client_port: 2379
node_three_etcd_client_port: 3379
node_one_etcd_peer_port: 1380
node_two_etcd_peer_port: 2380
node_three_etcd_peer_port: 3380
# External Ports - Debug CLIs
configservice_debug_port: 9040
dhcp_debug_port: 9042
disco_debug_port: 9043
guardian_debug_port: 9092
hdcore_ravenna_proxy_debug_port: 9050
lcu_ember_client_debug_port: 9052
mike_debug_port: 9051
nova_router_proxy_debug_port: 9049
powercoreproxy_debug_port: 9048
prelude_debug_port: 9094
radius_debug_port: 9041
sentinel_debug_port: 9098
splice_debug_port: 9090
switchservice_debug_port: 9044
thirdpartyproxy_debug_port: 9047
nmos_import_debug_port: 9045
nmos_export_debug_port: 9054
umpire_debug_port: 9046
aegis_debug_port: 9053
qsc_debug_port: 9055
# External Ports - Home Provided Services
node_one_nats_port: 4222
node_two_nats_port: 4222
node_three_nats_port: 4222
home_ui_port: 5000
bifrost_port: 5100
dns_server_port: 53
dhcp_server_port: 67
radius_auth_port: 1812
radius_acct_port: 1813
portainer_api_port: 8000
portainer_ui_port: 9200
prometheus_port: 9100
stash_port: 8085
nmos_export_startrange: 45000
Concurrent Application Usage with HOME
Lawo allows customers to run concurrent applications, such as virus or vulnerability scanners, on HOME host machines, provided these applications do not degrade overall system performance.
HOME’s microservice-based architecture has specific implications for concurrent applications. While the host operating system (Ubuntu Server LTS) of a HOME server may be monitored for vulnerabilities, the microservices running in Docker are access-restricted and read-only. This restriction may influence how concurrent applications interact with the system and should be taken into account when considering the use of 3rd party tools on HOME servers.
Concurrent applications may run freely when a HOME system is idle. However, when HOME is active, 3rd party applications should be used with caution to prevent any impact on operational performance.
It is recommended to monitor system resource consumption closely to ensure that running concurrent applications does not lead to resource exhaustion. Insufficient system resources may compromise the availability of production-related services in HOME. Always assess and manage concurrent workloads to maintain optimal performance and reliability.
The responsibility for installing and running concurrent applications on HOME servers in a way that does not negatively affect HOME’s operability lies solely with the end user. Lawo cannot be held liable for service interruptions caused by third-party applications running on HOME servers.
Prerequisites for Connecting HOME to the Lawo Portal
HOME can be operated with a permanent online connection to the Lawo licensing portal (my.lawo.com). A connected HOME system significantly simplifies the entire credit allocation workflow.
When a HOME system is connected online to the portal, the allocation of credits to the HOME system and return of credits from the HOME system is no longer done via a file transfer, but rather automatically and virtually in the background.
The actual connection between the portal and a HOME system is TLS-protected and encrypted. Individual public and private keys are generated and exchanged for each connection. This is happening with a simple process when the customer initiates the connection (see Lawo Flex - Connect the HOME System(s)).
The following firewall security settings must be provided for the connection:
- Allow HOME System to connect to Lawo Portal via Port 443 outbound
- Allow HOME System to connect to Public DNS, e.g. 8.8.8.8
The DNS connection is required to resolve the following names: