Network Communication
This document describes the network communication of Altair AI Studio.
Network Communication Diagram
This diagram describes the network communication flows of Altair AI Studio. The most common ones are only triggered on user actions by using certain features (e.g. connecting to a project on an AI Hub, connecting to remote data), while some are always happening in the background, or even required. All external and Altair communication flows can be disabled via the Admin Settings.
The diagram contains a legend, depicting the information listed above for each network path in the diagram.
Architecture Description
For details about the architecture in the diagram, please see Architecture.
Network Traffic Breakdown
This section lists all connections (including their URLs) by Altair AI Studio, both incoming and outgoing.
Things of note
- Everything listed here can be blocked or prevented by administrators via the Administration settings.
- Direction denotes who initiated the connection. The actual data flow may be different, but firewalls only care who opened the connection in the first place. Example: Fetching emails would be Outbound - even though you will receive traffic.
- Because Altair AI Studio includes extensions, some extension features will open connections as well (listed below the studio features in the table).
- Extensions (e.g. 3rd party ones) installed via the Marketplace are not listed here!
| Component | Destination | Direction | Port | Protocol | Purpose | Headless | What happens if this is blocked? |
|---|---|---|---|---|---|---|---|
| Altair AI Studio | |||||||
| Operators (Read URL) | ANY_URL |
Outbound | ANY_PORT |
TCP | Read arbitrary data sources from a web service. | YES | - 'Read URL' cannot be used |
| Database Connections | ANY_URL |
Outbound | ANY_PORT |
TCP | Connect to a database. | YES | - Operators ('Read Database', 'Write Database', 'Execute SQL, 'Update Database', 'Stream Database') that use this connection cannot be used - The Import Data dialog cannot be used for this connection |
| Mail (Read) Connections | MAIL_SERVER_READ_URL |
Outbound | MAIL_SERVER_READ_PORT |
TCP | Allow reading emails from a mail server. | YES | - Operators ('Read Documents (Mail)', 'Process Documents from Mail Store') that use this connection cannot be used |
| Mail (Send) Connections | MAIL_SERVER_SEND_URL |
Outbound | MAIL_SERVER_SEND_PORT |
TCP | Allow sending emails via a mail server. | YES | - Operator ('Send Mail') that uses this connection cannot be used |
| Getting Started Dialog | https://redirects.rapidminer.com/news/json/studio/7 (redirecting to Amazon S3) | Outbound | 443 | TCP | News request with pseudonymized identifier. | NO | - Altair cannot track unique Altair AI Studio starts |
| Usage Statistics | http://stats.rapidminer.com/usage-stats/upload/rapidminer | Outbound | 443 | TCP | Send anonymized usage statistics to Altair for improving the product. | NO | - Altair won't receive usage statistics |
| Onboarding/License dialog | https://nexus.rapidminer.com | Outbound | 443 | TCP | Download legacy RapidMiner licenses from the license server. | NO | - Legacy RapidMiner licenses have to be installed manually or Altair Units have to be used for the licensing |
| Marketplace | https://marketplace.rapidminer.com/UpdateServer | Outbound | 443 | TCP | Install updates and extensions. | NO | - No studio in-product updates Extensions have to be installed manually |
| CTAs | https://redirects.rapidminer.com/app/studio/7/cta?version=x.y.z (redirecting to AWS S3, e.g. https://s3.amazonaws.com/rapidminer.cta/studio/xyz.json) https://nexus.rapidminer.com | Outbound | 443 | TCP | Load CTA rules. | NO | - No custom CTAs that can give valuable hints or information for your current task |
| Academy Global Search (since 9.2.1) | https://redirects.rapidminer.com/academy/academy-content/academy-content.[json|timestamp] https://academy.rapidminer.com/* | Outbound | 443 | TCP | Load json and associated timestamp with current academy content for Global Search indexing. can be blocked by Telemetry.EDUCATION. Opens academy links in browser if search result is activated | NO | - If blocked by telemetry, "Academy" category is not available in Global Search - If the redirects are blocked, will register the category but does not show any search results. - If the academy links are blocked, the browser should show this. |
| Altair Units Licensing (only if a local Altair license server has been selected) (since 10.1) | ALTAIR_LICENSE_SERVER_URL |
Outbound | ALTAIR_LICENSE_SERVER_PORT |
TCP | Draw units from a local Altair license server | YES | - Altair units will not be drawn and thus prevent Altair AI Studio startup unless alternative means of licensing are provided |
| Altair Units Licensing (only if managed Altair Units have been selected) (since 10.2) | https://client.hhwu.altair.com https://auth.hhwu.altair.com | Outbound | 443 | TCP | Draw Altair Units from the managed Altair services | YES | - Managed Altair Units will not be drawn and thus prevent Altair AI Studio startup unless alternative means of licensing are provided |
| Interactive Analysis (since 10.2) | localhost | Outbound | 5478 | TCP | Communicate with bundled KnowledgeStudio Server to service as backend for creating Interactive Analyses, e.g. Interactive Decision Trees | NO | - Interactive Analysis feature will not be available |
| Altair AI Studio Bundled Extensions | |||||||
| Cloud Connectivity (AWS S3) | https://s3.amazonaws.com | Outbound | 443 | TCP | Read & Write data from Amazon S3. | YES | - Amazon S3 operators will not work |
| Cloud Connectivity (Microsoft Azure Blob Storage) | https:// |
Outbound | 443 | TCP | Read & Write data from Microsoft Azure Blob Storage. | YES | - Microsoft Azure Blob Storage operators will not work |
| Cloud Connectivity (Microsoft Azure Data Lake) | https:// |
Outbound | 443 | TCP | Read & Write data from Microsoft Azure Data Lake . | YES | - Microsoft Azure Data Lake operators will not work |
| Cloud Connectivity (Google Cloud Storage) | https://storage.googleapis.com | Outbound | 443 | TCP | Read & Write data from Google Cloud Storage. | YES | - Google Cloud Storage operators will not work |
| Cloud Connectivity (Dropbox) | https://api.dropbox.com https://api-content.dropbox.com | Outbound | 443 | TCP | Read & Write data from Dropbox. | YES | - Dropbox operators will not work |
| Cloud Connectivity (Salesforce) | SALESFORCE_URL |
Outbound | SALESFORCE_PORT |
TCP | Read & Write data from Salesforce. | YES | - Salesforce operators will not work |
| Cloud Connectivity (Zapier) | ZAPIER_URL |
Outbound | ZAPIER_PORT |
TCP | Execute Zapier triggers defined on their website. | YES | - Zapier operator will not work |
| Social Media (Twitter) (only up to version 10.0) | https://api.twitter.com | Outbound | 443 | TCP | Use the Twitter API to retrieve tweets and user information. | YES | - Twitter operators will not work |
| Recommender | https://woc.rapidminer.com | Outbound | 443 | TCP | View operator recommendations and parameter statistics. | NO | - Recommender cannot be used |
| Remote Repository | AI_HUB_BASE_URL |
Outbound | AI_HUB_BASE_PORT |
TCP | Connect to AI Hub. | YES | - No running/scheduling of processes on Altair AI Hub from within Altair AI Studio - No access to projects and connections - No direct collaboration with colleagues |
| Remote Repository | AI_HUB_GIT_URL |
Outbound | AI_HUB_GIT_PORT |
TCP | Connect to a project via Git on AI Hub | YES | - No running/scheduling of processes on Altair AI Hub from within Altair AI Studio - No access to projects and connections - No direct collaboration with colleagues |
| Remote Repository | AI_HUB_GIT_LFS_URL |
Outbound | AI_HUB_GIT_LFS_PORT |
TCP | Access files stored in a project via Git LFS (if LFS is enabled) | YES | - Failure to access large data files in projects where Git LFS has been enabled |
| Altair AI Studio Supported Extensions (optional, only relevant if installed from the Marketplace and used) | |||||||
| Mozenda | https://api.mozenda.com | Outbound | 443 | TCP | Web scraping via Mozenda. | YES | - Mozenda operator will not work |
| NoSQL (Cassandra) | CASSANDRA_SERVER_URL |
Outbound | CASSANDRA_SERVER_PORT |
TCP | Read & Write data from a Cassandra database. | YES | - Cassandra operators will not work |
| NoSQL (MongoDB) | MONGODB_SERVER_URL |
Outbound | MONGODB_SERVER_PORT |
TCP | Read & Write data from a MongoDB database. | YES | - MongoDB operators will not work |
| Python | https://repo.anaconda.com https://anaconda.org https://repo.continuum.io https://pypi.python.org https://pypi.org https://conda.anaconda.org https://github.com/rapidminer | Outbound | 443 | TCP | Conda env install | YES | - Interaction with Altair AI Studio / Server from Python code will not work |
| Solr | SOLR_SERVER_URL |
Outbound | SOLR_SERVER_PORT |
TCP | Utilize the Apache Solr search platform. | YES | - Solr operators will not work |
| Splunk | SPLUNK_SERVER_URL |
Outbound | SPLUNK_SERVER_PORT |
TCP | Load Splunk results and access them in RM processes. | YES | - Splunk operators will not work |
| Web | ANY_URL |
Outbound | ANY_PORT |
TCP | Read arbitrary data from any web service or web page. | YES | - Web extension wil not work properly |
| SFTP (SFTP) | SFTP_SERVER_URL |
Outbound | SFTP_SERVER_PORT |
TCP | Read/Write from and to SFTP servers. | YES | - Operators ('Read SFTP', 'Write SFTP') will not work |
Legend
ANY_URL: Any IP or URL that is specified. Mostly the case for operators where potentially any URL can be used as an input source.
ANY_PORT: Any port that is specified. Mostly the case for operators where potentially any port of any URL can be used as an input source.
MAIL_SERVER_READ_URL: The read url of the Mail server.
MAIL_SERVER_READ_PORT: The read port of the Mail server.
MAIL_SERVER_SEND_URL: The send url of the Mail server.
MAIL_SERVER_SEND_PORT: The send port of the Mail server.
ALTAIR_LICENSE_SERVER_URL: The IP or URL of the local Altair license server.
ALTAIR_LICENSE_SERVER_PORT: The port of the local Altair license server.
AI_HUB_BASE_URL: The IP or URL where the Altair AI Hub main component is located.
AI_HUB_BASE_PORT: The port of the AI Hub main component.
AI_HUB_GIT_URL: The IP or URL where the Git server of AI Hub is located.
AI_HUB_GIT_PORT: The git server port of the AI Hub.
AI_HUB_GIT_LFS_URL: The IP or URL where the Git lfs server of AI Hub is located.
AI_HUB_GIT_LFS_PORT: The git lfs server port of the AI Hub.
SALESFORCE_URL: The URL of the Salesforce endpoint. Defaults to https://login.salesforce.com.
SALESFORCE_PORT: The port of the Salesforce endpoint. Defaults to 443.
ZAPIER_URL: The URL of the Zapier endpoint.
ZAPIER_PORT: The port of the Zapier endpoint. Defaults to 443.
CASSANDRA_SERVER_URL: The IP or URL where the Cassandra server is located.
CASSANDRA_SERVER_PORT: The port of the Cassandra server.
MONGODB_SERVER_URL: The IP or URL where the MongoDB server is located.
MONGODB_SERVER_PORT: The port of the MongoDB server.
SOLR_SERVER_URL: The IP or URL where the Solr server is located.
SOLR_SERVER_PORT: The port of the Solr server.
SPLUNK_SERVER_URL: The IP or URL where the Splunk server is located.
SPLUNK_SERVER_PORT: The port of the Splunk server.
SFTP_SERVER_URL: The url of SFTP server.
SFTP_SERVER_PORT: The port of the SFTP server.