×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Infrastructure Management 11.3 ... Administering Infrastructure Management Administering the Infrastructure Management environment How Infrastructure Management interfaces interact with firewalls

Managing TCP IP port restrictions

Port restrictions affect the administration console because it uses a JAVA communications protocol called RMI (Remote Method Invocation). The Administration Console connects to Infrastructure Management Server using one of the following methods:

  • The client first tries to contact the server on TCP port 1099. If the connection is successful, the client and server randomly negotiate a free port between 10000 and 65000, and then reconnect on that port (the connection on port 1099 is closed). This direct connection is the most efficient form of RMI communication. If a wide range of ports is not available, this first connection method cannot be used. 

  • If the first method fails, the client builds a URL to the server's host and port and uses an HTTP POST request on that URL, sending the information to the server's method skeleton as the body of the POST. This method is slower than the direct TCP connection because the HTTP encapsulation adds overhead to the client's RMI requests.

    Note

    This method requires that Apache proxy is activated on Infrastructure Management Server.

  • If the second method also fails, the client builds URLs to the server's HTTP port, using a CGI script that forwards the posted RMI request to the server. This is the slowest technique because the CGI wrapper adds considerable overhead in addition to the HTTP encapsulation.

Methods 2 and 3 are noticeably slower than the direct TCP method of remote invocation. If the Administration Console operations seem sluggish, the first test you must try is to attempt a direct connection on port 1099 by running the following command:

telnet Infrastructure Management Server.mycompany.com  1099

Warning

The following workaround involves some security risk and might not always work. For more information, see Sunsolve Infodoc 18370.

Under special circumstances, it is possible to avoid the sluggishness of methods 2 and 3. This workaround, if permissible, requires you to launch the pw admin command from the server and direct the xwindow output across the firewall to the user's computer. This can be accomplished by setting the DISPLAY variable to point to the IP address of the user's console ("setenv DISPLAY 123.45.67.89:0.0") and punching holes through the firewall for TCP ports 6000-6004 and UDP ports 177 and 32798.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Panna Hegde on Jul 28, 2016
firewalls administration infra_management ports concept

Comments

Log in or register to comment.

How Infrastructure Management interfaces interact with firewalls
Configuring for use with a NAT firewall
© Copyright 2013 - 2019 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.