I am planning to use the deployment server functionality of splunk 4.2 . I am trying to in down all the firewall rules and direction that will be required to make all the components of splunk work.
is the deployment server a push from server to client, or are there client to server initiated communications (call home, checkups)? Do these use the same 8089 (or configured) port that a distributed search head and indexer would use to communicate ?
what about the master license server? What ports does it use to transfer/poll for licensing information? What is the direction of that network flow ? (pull from master or push from slave?)