Is it really necessary to open so many ports to the master?

Hello all,

the situation is that we use UCS also in the DMZ for nextcloud, Kopano, rocketchat and more. So for security we open not all port to the domain masterserver. So i found these very fine description: Which TCP / UDP ports on the DC master must be accessable by other UCS systems? thanks at this point.

So some questions about the services. I think it is depending on what we use or what we need at specific time, on what ports we should really open to the domain master.

So what to an UCS Slaveserver over SSH?

UDN i think this is Replication right, so this is needed for LDAP Replication, right?

UMC, for what is this needed, maybe that i can update Application directly from the master?

“Stunnel”, this is for saml, but if i have running Nexcloud and Co, yes they use saml, but this feature is working, but port is closed, so it is really needed?

And the last one HTTPS. Don’t also not know for this.

If some whitepaper or documentation for this exist, i will be read this too. So very thanks for help! :slight_smile:

Best Regards