<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Network Considerations | Socrata</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="description" content=""> <meta name="author" content=""> <!-- Le Bootstrap--> <link href="//netdna.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet"> <!-- Font Awesome by Dave Gandy - http://fontawesome.io/ --> <link href="//netdna.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.css" rel="stylesheet"/> <!-- Featherlight Lightbox --> <link href="//cdn.rawgit.com/noelboss/featherlight/1.3.4/release/featherlight.min.css" rel="stylesheet"/> <!-- Google Web Fonts --> <link href="//fonts.googleapis.com/css?family=Ubuntu:bold" rel="stylesheet" type="text/css"/> <link href="//fonts.googleapis.com/css?family=Nobile" rel="stylesheet" type="text/css"/> <link href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.1.0/styles/default.min.css" rel="stylesheet"/> <!-- hljs highlighting --> <!-- CSS customizations --> <link href="/datasync/common/css/common.css" rel="stylesheet"/> <link href="/datasync/common/css/murphy.css" rel="stylesheet"/> <link href="/datasync/css/local.css" rel="stylesheet"/> <!-- HTML5 shim, for IE6-8 support of HTML5 elements --> <!--[if lt IE 9]> <script src="//html5shim.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <!-- Require.js is either the best thing to ever happen to me or my worst enemy --> <script src="/datasync/common/js/require.js"></script> <script> // Load common code and custom includes requirejs(['/datasync/common/js/common.js'], function(common) { var rel_require = function(script) { if(script.match(/^\/[^\/]/)) { script = '/datasync' + script; } requirejs([script]); }; // Site scripts // Page scripts }); </script> <!-- Browser Icons --> <link rel="apple-touch-icon-precomposed" sizes="144x144" href="/datasync/common/ico/apple-touch-icon-144-precomposed.png"/> <link rel="apple-touch-icon-precomposed" sizes="114x114" href="/datasync/common/ico/apple-touch-icon-114-precomposed.png"/> <link rel="apple-touch-icon-precomposed" sizes="72x72" href="/datasync/common/ico/apple-touch-icon-72-precomposed.png"/> <link rel="shortcut icon" href="/datasync/common/ico/favicon.png"/> <!-- Blog RSS --> <link type="application/atom+xml" rel="alternate" href="https://dev.socrata.com/feed.xml" title="Socrata Developer Blog"> </head> <body class="dev homepage network-considerations"> <!-- Path: "resources/network-considerations.md" --> <!-- URL: "/resources/network-considerations.html" --> <!-- Header Nav --> <div class="navbar navbar-inverse navbar-fixed-top dev" role="navigation"> <!-- Current Site --> <div class="navbar-header"> <!-- Collapse Button --> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#nav-collapse"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand dev" href="/datasync/"><i class="fa fa-refresh"></i> Socrata DataSync</a> </div> <div class="collapse navbar-collapse" id="nav-collapse"> <!-- Right side nav --> <form class="navbar-form navbar-right visible-lg" action="/datasync/search.html" method="GET" role="search"> <div class="form-group"> <input name="q" class="form-control search" type="text" placeholder="Search"> </div> </form> <!-- Nav elements --> <ul class="nav navbar-nav"> <li id="socrata-status" style="display: none"> <button type="button" class="btn" data-toggle="popover" data-placement="bottom" data-html="true"></button> </li> <li class="dropdown "> <ul class="dropdown-menu"> <li><a href="/datasync/">Getting Started</a></li> <li class="nav-header dropdown-header">General Guides</li> <li><a href="/datasync/guides/quick-start.html">Quick Start (GUI)</a></li> <li><a href="/datasync/guides/setup-standard-job.html">Setup a Standard Job (GUI)</a></li> <li><a href="/datasync/guides/setup-standard-job-headless.html">Setup a Standard Job (Headlessly)</a></li> <li><a href="/datasync/guides/setup-port-job.html">Setup a Port Job (GUI)</a></li> <li><a href="/datasync/guides/setup-port-job-headless.html">Setup a Port Job (Headlessly)</a></li> <li><a href="/datasync/guides/setup-gis-job.html">Setup a GIS Job (GUI)</a></li> <li><a href="/datasync/guides/setup-gis-job-headless.html">Setup a GIS Job (Headlessly)</a></li> <li class="nav-header dropdown-header">Additional Resources</li> <li><a href="/datasync/resources/control-config.html">Control File Config</a></li> <li><a href="/datasync/resources/preferences-config.html">Preferences Config</a></li> <li><a href="/datasync/resources/schedule-job.html">Scheduling a Job</a></li> <li><a href="/datasync/resources/checking-log.html">Checking Logs</a></li> <li><a href="/datasync/resources/faq-common-problems.html">FAQ / Common Problems</a></li> <li><a href="/datasync/resources/network-considerations.html">Network Considerations</a></li> <li><a href="/datasync/resources/conditions-restrictions.html">Data Conditions &amp; Restrictions</a></li> <li><a href="/datasync/resources/using-map-fields-dialog.html">Using the Map Fields Dialog</a></li> <li class="nav-header dropdown-header">Developer Guides</li> <li><a href="/datasync/guides/datasync-library-sdk.html">DataSync Library/SDK (Java)</a></li> <li><a href="/datasync/guides/compiling-on-windows-eclipse.html">Compiling on Windows (with Eclipse)</a></li> <li><a href="/datasync/guides/compiling-with-maven.html">Compiling with Maven</a></li> </ul> </li> </ul> </div><!--/.nav-collapse --> </div> <div class="container-fluid content"> <h1 id="title">Network Considerations</h1> <div class="row with-sidebar"> <div class="col-md-3 hidden-phone"> <div class="well sidebar-nav"> <ul class="nav nav-list sidebar "> <li><a href="/datasync/">Getting Started</a></li> <li class="nav-header dropdown-header">General Guides</li> <li><a href="/datasync/guides/quick-start.html">Quick Start (GUI)</a></li> <li><a href="/datasync/guides/setup-standard-job.html">Setup a Standard Job (GUI)</a></li> <li><a href="/datasync/guides/setup-standard-job-headless.html">Setup a Standard Job (Headlessly)</a></li> <li><a href="/datasync/guides/setup-port-job.html">Setup a Port Job (GUI)</a></li> <li><a href="/datasync/guides/setup-port-job-headless.html">Setup a Port Job (Headlessly)</a></li> <li><a href="/datasync/guides/setup-gis-job.html">Setup a GIS Job (GUI)</a></li> <li><a href="/datasync/guides/setup-gis-job-headless.html">Setup a GIS Job (Headlessly)</a></li> <li class="nav-header dropdown-header">Additional Resources</li> <li><a href="/datasync/resources/control-config.html">Control File Config</a></li> <li><a href="/datasync/resources/preferences-config.html">Preferences Config</a></li> <li><a href="/datasync/resources/schedule-job.html">Scheduling a Job</a></li> <li><a href="/datasync/resources/checking-log.html">Checking Logs</a></li> <li><a href="/datasync/resources/faq-common-problems.html">FAQ / Common Problems</a></li> <li><a href="/datasync/resources/network-considerations.html">Network Considerations</a></li> <li><a href="/datasync/resources/conditions-restrictions.html">Data Conditions &amp; Restrictions</a></li> <li><a href="/datasync/resources/using-map-fields-dialog.html">Using the Map Fields Dialog</a></li> <li class="nav-header dropdown-header">Developer Guides</li> <li><a href="/datasync/guides/datasync-library-sdk.html">DataSync Library/SDK (Java)</a></li> <li><a href="/datasync/guides/compiling-on-windows-eclipse.html">Compiling on Windows (with Eclipse)</a></li> <li><a href="/datasync/guides/compiling-with-maven.html">Compiling with Maven</a></li> </ul> </div><!--/.well --> </div><!--/span--> <div class="col-md-9"> <p>DataSync requires various network permissions depending on the upload method you choose. When using the latest upload methods (HTTP rather than FTP or SODA2) the standard ports 80 and 443 will be used. Although we strongly recommend using the HTTP methods, if you are using DataSync’s FTP methods, ports 22222 and 3131-3141 need to be open, in addition to ports 80 and 443. If you have configured <a href="/datasync/resources/preferences-config.html#error-notification-auto-email-setup">email notifications</a>, the SMTP and SSL ports need to be open.</p> <p>NOTE: Because network setups can vary wildly, this does not attempt to be a definitive guide, but does hope to give you some guidance if DataSync doesn’t work out of the box because of networking issues.</p> <ul> <li><a href="#behind-a-firewall">Behind a Firewall?</a></li> <li><a href="#behind-a-proxy-server">Behind a Proxy Server?</a></li> <li><a href="#using-an-outdated-java">Using an Outdated Java?</a></li> <li><a href="#certificate-validation-issues">Certificate Validation Issues?</a></li> <li><a href="#still-stuck">Still Stuck?</a></li> </ul> <h3 id="behind-a-firewall">Behind a Firewall?</h3> <p>Firewalls can block both incoming and outgoing traffic and can be configured to block particular ports, domains, programs and/or types of traffic.</p> <p>Per port access, as noted above, DataSync requires usage of ports 80 (for http) and 443 (for https). If you are using FTP methods, port 22222 (for control connection) and ports 3131 to 3141 (for data transferral) are also required. If you have configured <a href="/datasync/resources/preferences-config.html#error-notification-auto-email-setup">email notifications</a>, the SMTP and SSL ports need to be open.</p> <p>Per domain access, if using HTTP or Soda2 methods, DataSync communicates exclusively with the domain you provide in your <a href="/datasync/resources/preferences-config.html">configuration</a>. If using FTP methods, DataSync will also need to reach Socrata’s ftp server. If you are using email notification, DataSync makes requests to the domain for the outgoing mail server. These domains should be white-listed according to your firewall’s rules.</p> <p>Per program restrictions and in particular if using the Windows Firewall, you will need to allow DataSync to communicate through the Windows Firewall. Be aware that you may need to do this for each network (home, work, public) that you use.</p> <p>Per traffic types, DataSync has different request characteristics depending on which upload method you’ve chosen.</p> <ul> <li>If using the HTTP method, DataSync uses an ssync algorithm to reduce the amount of data that needs to be sent to only the changes made since the last update. This data is chunked currently to 4MB blocks.</li> <li>If using the Soda2 method, DataSync will attempt to transfer the entire file to publish in one chunk. This can create a long-lived connection which some firewalls do not allow. <a href="/datasync/resources/preferences-config.html#chunking-configuration">Chunking can be configured</a> using the Soda2 method though.</li> <li>If using the FTP method, DataSync will compress the file to publish and attempt to transfer it in a single chunk. This can create a long-lived connection which some firewalls do not allow.</li> </ul> <h3 id="behind-a-proxy-server">Behind a Proxy Server?</h3> <p>Proxy servers intercept network traffic and can be configured in numerous ways to allow/block, inspect and encrypt/decrypt traffic, among other things. As such, everything in the <a href="#behind-a-firewall">“Behind a Firewall”</a> section may apply. Because DataSync sends ssl requests, the proxy server must be set up to correctly handle encrypted traffic, i.e. that it is a “transparent proxy” - ask your IT deparment to confirm this.</p> <p>DataSync must be configured to route its requests through the proxy. At minimum, <a href="/datasync/resources/preferences-config.html">this configuration</a> requires the hostname and port and if the proxy server is authenticated, your proxy username and password as well.</p> <p><strong>NOTICE:</strong> DataSync has proxy support only for the HTTP methods; FTP and Soda2 methods cannot currently work behind a proxy.</p> <h3 id="using-an-outdated-java">Using an Outdated Java?</h3> <p>Some networks will not allow Java programs to run if the version is outdated, particularly if the older version presents a security risk. You or your IT department will need to update to the most recent Java.</p> <h3 id="certificate-validation-issues">Certificate Validation Issues?</h3> <p>If you receive a SunCertPathBuilderException, there are two typical causes:</p> <ol> <li>Java is out-of-date and as a result is failing to validate the SSL certificate. To correct this issue you must update Java JDK or JRE on the machine running DataSync.</li> <li>Java does not approve of one of the certificates in the chain between your machine and the domain you’re trying to upload to. The solution is to add the necessary certificates into Java’s trusted certificate store. The steps to do this are:</li> </ol> <ul> <li>Get the certificate chain. <ul> <li>Find where Java’s keytool is located. <ul> <li>On Windows, this is likely at “C:\Program Files\Java\jre7\bin”)</li> <li>On Mac OS X, this is likely at “/Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/bin/”</li> </ul> </li> <li> <p>Run the following, removing the proxy options if you are not behind a proxy server. You can remove the ‘-rfc’ option to get additional information about each certificate in the chain.</p> <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> keytool -J-Dhttps.proxyHost=&lt;PROXY_HOST&gt; -J-Dhttps.proxyPort=&lt;PROXY_PORT&gt; -printcert -rfc -sslserver &lt;DOMAIN&gt;:443 </code></pre></div> </div> </li> </ul> </li> <li><strong>Validate any certificates you plan to add with your IT department !!!!</strong>. It is a security risk to add unknown certificates.</li> <li>Copy the cert you need to add inclusively from —–BEGIN CERTIFICATE—– to —–END CERTIFICATE—– into a file <code class="language-plaintext highlighter-rouge">&lt;FILENAME&gt;</code>.cer</li> <li> <p>Run the following, using your keystore password if that has been set up or the default password ‘changeit’ otherwise.</p> <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> keytool -import -keystore cacerts -file &lt;FILENAME&gt;.cer </code></pre></div> </div> </li> </ul> <h3 id="still-stuck">Still Stuck?</h3> <p>If you are still stuck after reading this page becasue of networking problems, please contact Socrata support and provide the following information:</p> <ul> <li>Whether you can browse the internet in a browser.</li> <li>Whether you can browse to the domain you provided in your <a href="/datasync/resources/preferences-config.html">configuration</a> in a browser.</li> <li>Whether DataSync can run at all - even if it produces errors.</li> <li>Assuming DataSync can run, a screenshot or text file of the errors that DataSync gives.</li> <li>If possible, a wireshark trace. You will need to download <a href="https://www.wireshark.org/">wireshark</a> and <a href="http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/">capture all network traffic</a> while attempting to run your DataSync job.</li> </ul> <div class="related-pages"></div> </div><!--/span--> </div><!--/row--> <footer class="muted"> <hr /> <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/deed.en_US"> <img alt="Creative Commons License" src="https://licensebuttons.net/l/by-nc-sa/3.0/80x15.png" /> </a> Licensed by <a xmlns:cc="http://creativecommons.org/ns#" href="http://www.socrata.com" property="cc:attributionName" rel="cc:attributionURL">Socrata</a> under <a rel="license" href="http://creativecommons.org/licenses/by-nc-sa/3.0/deed.en_US">CC BY-NC-SA 3.0</a>. Learn how <a href="/datasync/contributing.html">you can contribute!</a> </footer> </div> <!-- /container --> </body> </html>