Categories

Versions

Network Communication

This document describes the network communication of Altair AI Studio.

Network Communication Diagram

This diagram describes the network communication flows of Altair AI Studio. The most common ones are only triggered on user actions by using certain features (e.g. connecting to a project on an AI Hub, connecting to remote data), while some are always happening in the background, or even required. All external and Altair communication flows can be disabled via the Admin Settings.

The diagram contains a legend, depicting the information listed above for each network path in the diagram.

img/network-communication-diagram-ai-studio.png

Architecture Description

For details about the architecture in the diagram, please see Architecture.

Network Traffic Breakdown

This section lists all connections (including their URLs) by Altair AI Studio, both incoming and outgoing.

Things of note

  • Everything listed here can be blocked or prevented by administrators via the Administration settings.
  • Direction denotes who initiated the connection. The actual data flow may be different, but firewalls only care who opened the connection in the first place. Example: Fetching emails would be Outbound - even though you will receive traffic.
  • Because Altair AI Studio includes extensions, some extension features will open connections as well (listed below the studio features in the table).
  • Extensions (e.g. 3rd party ones) installed via the Marketplace are not listed here!
Component Destination Direction Port Protocol Purpose Headless What happens if this is blocked?
Altair AI Studio
Operators (Read URL) ANY_URL Outbound ANY_PORT TCP Read arbitrary data sources from a web service. YES - 'Read URL' cannot be used
Database Connections ANY_URL Outbound ANY_PORT TCP Connect to a database. YES - Operators ('Read Database', 'Write Database', 'Execute SQL, 'Update Database', 'Stream Database') that use this connection cannot be used
- The Import Data dialog cannot be used for this connection
Mail (Read) Connections MAIL_SERVER_READ_URL Outbound MAIL_SERVER_READ_PORT TCP Allow reading emails from a mail server. YES - Operators ('Read Documents (Mail)', 'Process Documents from Mail Store') that use this connection cannot be used
Mail (Send) Connections MAIL_SERVER_SEND_URL Outbound MAIL_SERVER_SEND_PORT TCP Allow sending emails via a mail server. YES - Operator ('Send Mail') that uses this connection cannot be used
Getting Started Dialog https://redirects.rapidminer.com/news/json/studio/7 (redirecting to Amazon S3) Outbound 443 TCP News request with pseudonymized identifier. NO - Altair cannot track unique Altair AI Studio starts
Usage Statistics http://stats.rapidminer.com/usage-stats/upload/rapidminer Outbound 443 TCP Send anonymized usage statistics to Altair for improving the product. NO - Altair won't receive usage statistics
Onboarding/License dialog https://nexus.rapidminer.com Outbound 443 TCP Download legacy RapidMiner licenses from the license server. NO - Legacy RapidMiner licenses have to be installed manually or Altair Units have to be used for the licensing
Marketplace https://marketplace.rapidminer.com/UpdateServer Outbound 443 TCP Install updates and extensions. NO - No studio in-product updates Extensions have to be installed manually
CTAs https://redirects.rapidminer.com/app/studio/7/cta?version=x.y.z (redirecting to AWS S3, e.g. https://s3.amazonaws.com/rapidminer.cta/studio/xyz.json) https://nexus.rapidminer.com Outbound 443 TCP Load CTA rules. NO - No custom CTAs that can give valuable hints or information for your current task
Academy Global Search (since 9.2.1) https://redirects.rapidminer.com/academy/academy-content/academy-content.[json|timestamp] https://academy.rapidminer.com/* Outbound 443 TCP Load json and associated timestamp with current academy content for Global Search indexing. can be blocked by Telemetry.EDUCATION. Opens academy links in browser if search result is activated NO - If blocked by telemetry, "Academy" category is not available in Global Search
- If the redirects are blocked, will register the category but does not show any search results.
- If the academy links are blocked, the browser should show this.
Altair Units Licensing (only if a local Altair license server has been selected) (since 10.1) ALTAIR_LICENSE_SERVER_URL Outbound ALTAIR_LICENSE_SERVER_PORT TCP Draw units from a local Altair license server YES - Altair units will not be drawn and thus prevent Altair AI Studio startup unless alternative means of licensing are provided
Altair Units Licensing (only if managed Altair Units have been selected) (since 10.2) https://client.hhwu.altair.com https://auth.hhwu.altair.com Outbound 443 TCP Draw Altair Units from the managed Altair services YES - Managed Altair Units will not be drawn and thus prevent Altair AI Studio startup unless alternative means of licensing are provided
Interactive Analysis (since 10.2) localhost Outbound 5478 TCP Communicate with bundled KnowledgeStudio Server to service as backend for creating Interactive Analyses, e.g. Interactive Decision Trees NO - Interactive Analysis feature will not be available
Altair AI Studio Bundled Extensions
Cloud Connectivity (AWS S3) https://s3.amazonaws.com Outbound 443 TCP Read & Write data from Amazon S3. YES - Amazon S3 operators will not work
Cloud Connectivity (Microsoft Azure Blob Storage) https://.blob.core.windows.net Outbound 443 TCP Read & Write data from Microsoft Azure Blob Storage. YES - Microsoft Azure Blob Storage operators will not work
Cloud Connectivity (Microsoft Azure Data Lake) https://.blob.core.windows.net Outbound 443 TCP Read & Write data from Microsoft Azure Data Lake . YES - Microsoft Azure Data Lake operators will not work
Cloud Connectivity (Google Cloud Storage) https://storage.googleapis.com Outbound 443 TCP Read & Write data from Google Cloud Storage. YES - Google Cloud Storage operators will not work
Cloud Connectivity (Dropbox) https://api.dropbox.com https://api-content.dropbox.com Outbound 443 TCP Read & Write data from Dropbox. YES - Dropbox operators will not work
Cloud Connectivity (Salesforce) SALESFORCE_URL Outbound SALESFORCE_PORT TCP Read & Write data from Salesforce. YES - Salesforce operators will not work
Cloud Connectivity (Zapier) ZAPIER_URL Outbound ZAPIER_PORT TCP Execute Zapier triggers defined on their website. YES - Zapier operator will not work
Social Media (Twitter) (only up to version 10.0) https://api.twitter.com Outbound 443 TCP Use the Twitter API to retrieve tweets and user information. YES - Twitter operators will not work
Recommender https://woc.rapidminer.com Outbound 443 TCP View operator recommendations and parameter statistics. NO - Recommender cannot be used
Remote Repository AI_HUB_BASE_URL Outbound AI_HUB_BASE_PORT TCP Connect to AI Hub. YES - No running/scheduling of processes on Altair AI Hub from within Altair AI Studio
- No access to projects and connections
- No direct collaboration with colleagues
Remote Repository AI_HUB_GIT_URL Outbound AI_HUB_GIT_PORT TCP Connect to a project via Git on AI Hub YES - No running/scheduling of processes on Altair AI Hub from within Altair AI Studio
- No access to projects and connections
- No direct collaboration with colleagues
Remote Repository AI_HUB_GIT_LFS_URL Outbound AI_HUB_GIT_LFS_PORT TCP Access files stored in a project via Git LFS (if LFS is enabled) YES - Failure to access large data files in projects where Git LFS has been enabled
Altair AI Studio Supported Extensions (optional, only relevant if installed from the Marketplace and used)
Mozenda https://api.mozenda.com Outbound 443 TCP Web scraping via Mozenda. YES - Mozenda operator will not work
NoSQL (Cassandra) CASSANDRA_SERVER_URL Outbound CASSANDRA_SERVER_PORT TCP Read & Write data from a Cassandra database. YES - Cassandra operators will not work
NoSQL (MongoDB) MONGODB_SERVER_URL Outbound MONGODB_SERVER_PORT TCP Read & Write data from a MongoDB database. YES - MongoDB operators will not work
Python https://repo.anaconda.com https://anaconda.org https://repo.continuum.io https://pypi.python.org https://pypi.org https://conda.anaconda.org https://github.com/rapidminer Outbound 443 TCP Conda env install YES - Interaction with Altair AI Studio / Server from Python code will not work
Solr SOLR_SERVER_URL Outbound SOLR_SERVER_PORT TCP Utilize the Apache Solr search platform. YES - Solr operators will not work
Splunk SPLUNK_SERVER_URL Outbound SPLUNK_SERVER_PORT TCP Load Splunk results and access them in RM processes. YES - Splunk operators will not work
Web ANY_URL Outbound ANY_PORT TCP Read arbitrary data from any web service or web page. YES - Web extension wil not work properly
SFTP (SFTP) SFTP_SERVER_URL Outbound SFTP_SERVER_PORT TCP Read/Write from and to SFTP servers. YES - Operators ('Read SFTP', 'Write SFTP') will not work

Legend

ANY_URL: Any IP or URL that is specified. Mostly the case for operators where potentially any URL can be used as an input source.
ANY_PORT: Any port that is specified. Mostly the case for operators where potentially any port of any URL can be used as an input source. MAIL_SERVER_READ_URL: The read url of the Mail server. MAIL_SERVER_READ_PORT: The read port of the Mail server. MAIL_SERVER_SEND_URL: The send url of the Mail server. MAIL_SERVER_SEND_PORT: The send port of the Mail server.

ALTAIR_LICENSE_SERVER_URL: The IP or URL of the local Altair license server.
ALTAIR_LICENSE_SERVER_PORT: The port of the local Altair license server.

AI_HUB_BASE_URL: The IP or URL where the Altair AI Hub main component is located.
AI_HUB_BASE_PORT: The port of the AI Hub main component.
AI_HUB_GIT_URL: The IP or URL where the Git server of AI Hub is located.
AI_HUB_GIT_PORT: The git server port of the AI Hub.
AI_HUB_GIT_LFS_URL: The IP or URL where the Git lfs server of AI Hub is located.
AI_HUB_GIT_LFS_PORT: The git lfs server port of the AI Hub.

SALESFORCE_URL: The URL of the Salesforce endpoint. Defaults to https://login.salesforce.com.
SALESFORCE_PORT: The port of the Salesforce endpoint. Defaults to 443.
ZAPIER_URL: The URL of the Zapier endpoint.
ZAPIER_PORT: The port of the Zapier endpoint. Defaults to 443.
CASSANDRA_SERVER_URL: The IP or URL where the Cassandra server is located.
CASSANDRA_SERVER_PORT: The port of the Cassandra server.
MONGODB_SERVER_URL: The IP or URL where the MongoDB server is located.
MONGODB_SERVER_PORT: The port of the MongoDB server.
SOLR_SERVER_URL: The IP or URL where the Solr server is located.
SOLR_SERVER_PORT: The port of the Solr server.
SPLUNK_SERVER_URL: The IP or URL where the Splunk server is located.
SPLUNK_SERVER_PORT: The port of the Splunk server. SFTP_SERVER_URL: The url of SFTP server. SFTP_SERVER_PORT: The port of the SFTP server.