Interoperability & Network
Overview
A comprehensive network strategy is essential before deploying the Data Streamhouse (DSH) Portal. This chapter outlines the interoperability considerations, network requirements, and connectivity patterns necessary for a successful single deployment of the DSH Portal.
While this guide focuses on a single deployment architecture, we strongly recommend a High Availability (HA) setup for production environments to ensure system resilience and continuous operation.

Network Strategy Planning
Before deployment, develop a detailed network strategy that addresses:
Ingress configurations - How external clients will access the DSH Portal
Egress requirements - How the DSH Portal will connect to external systems
Internal communication - Database connections and service dependencies
Security boundaries - Network segmentation and access controls
Authentication services - LDAP/OpenID connectivity
Connectivity Requirements
Ingress
The DSH Portal requires the following ingress configurations:
HTTP(S) port accessibility for web browser connections
WebSocket support for real-time updates and streaming data
Proper proxy configurations if operating behind a load balancer or gateway
Egress
The DSH Portal establishes outbound connections to:
PostgreSQL database for configuration storage
Authentication providers (LDAP/OpenID)
Integration endpoints (Kafka, Kinesis, Schema Registry, etc.)
Port Requirements
DSH Portal Web Interface
8080
HTTP
Configurable
DSH Portal Web Interface (TLS)
8443
HTTPS
With mounted certificate
PostgreSQL
5432
TCP
For configuration storage
LDAP
389
TCP
For authentication
LDAP (TLS)
636
TCP
Secure LDAP
OpenID Connect
443
HTTPS
For authentication
Kafka Brokers
9092
TCP
Plain connection
Kafka Brokers (TLS)
9093
TLS
Secure connection
Kafka Schema Registry
8081
HTTP
For schema management
Kafka Connect
8083
HTTP
For connector management
Amazon Kinesis
443
HTTPS
AWS service
JMX
9010-9020
Varies
Apache Kafka cluster metrics
ARGUS
8080/8443
HTTP(S)
Connection to one or multiple ARGUS instances
Configuration
Environment Variables
The DSH Portal can be configured through environment variables, including:
Web server ports and binding addresses
Database connection details (JDBC URL, credentials)
Proxy settings if required
Log levels and output paths
The exact environment variable names are documented in the installation guide.
Integration Configuration
Connections to external systems such as:
Apache Kafka clusters (+ optional JMX)
Amazon Kinesis
Schema Registry
Kafka Connect
Microsoft Teams
Slack
PagerDuty
Mail (SMTP)
These can be configured through the DSH Portal UI after deployment.
Deployment Considerations
Container Image
The DSH Portal is available as a Docker image containing all required dependencies including:
Java Runtime Environment
Web server components
Required libraries
No additional runtime dependencies need to be installed on the host.
TLS/SSL Configuration
For secure deployments, SSL certificates must be:
Generated or obtained from a trusted Certificate Authority
Mounted to the container or pod
Referenced in the DSH Portal configuration
The exact mounting path depends on the orchestration platform (Kubernetes, OpenShift, etc.).
Health Monitoring
For proper operation with container orchestrators, the DSH Portal exposes the following health endpoints:
/health
- Overall health status/live
- Liveness probe endpoint/ready
- Readiness probe endpoint
Configure your orchestrator to use these endpoints for proper lifecycle management.
Network Topology
As illustrated in the attached diagram, the DSH Portal deployment consists of:
Configuration Layer:
HTTP(S) Port with optional mounted certificate
Database connection (URL and Port)
Optional proxy configuration
Ingress Layer:
HTTP(S) connections from web browsers
WebSocket connections with appropriate proxy headers
Outgoing Connections:
PostgreSQL database for configuration storage
Authentication services (LDAP/OpenID)
Integration endpoints for various services
Security Recommendations
Use TLS for all external connections
Implement proper network segmentation
Apply the principle of least privilege for all connections
Configure proper authentication for all integration endpoints
Regularly review and update network security policies
Example Deployment Architecture
A typical deployment would include:
Ingress controller or load balancer handling external HTTP(S) traffic
DSH Portal container with mounted certificates
Dedicated PostgreSQL instance for configuration storage
Secure connections to authentication providers (optional)
Properly configured firewall rules for integration endpoints
By carefully planning your network strategy before deployment, you can ensure proper operation and minimize security risks in your DSH Portal implementation.
Last updated
Was this helpful?