The following diagram illustrates deploying BMC Cloud Lifecycle Management in a secure multi-tier network topology. This restricts each component's open ports and only allows for communication where necessary for product functionality. Majority of the ports are customer defined, but below represents an example using specific set of ports that is documented in the Port mappings.
To enable the below secure deployment, each component will need one separate subnet of network with firewalls setup between each subnet to restrict traffic. You must enable only the ports shown in the following connection and all other ports or connections must be blocked.