For small environment most of the components can be deployed on a single node and client configure to send events directly to the Nybble server.
On medium size environment, it's recommended to deploy a complete separate Kafka cluster of brokers for the data pipeline. This will ensure availablity and queuing of data in case of issue on Nybble server.
An Elasticsearch cluster can also be deployed to allow faster searches and high-availability too.
In case of cluster deployment, some ports need to be open between Nybble server and other components. The list below contains network ports used for communication, note that some of them will be used probably only locally (Redis for example).
Kafka data port.
Kafka data port with secure communication port.
Zookeeper and Kafka communication port.
Redis port for MISP and DNS cache.
Default Flink Web Frontend port.
Flink Job Manager RPC port.
Elasticsearch RESTful API port.
Elasticsearch cluster communication port.
Default Kibana WebUI port.
Default MISP Restful API port.
Default TheHive API port.