Network ports
This topic provides high-level information about port numbers, protocol of port numbers, and communication details (unidirectional or bidirectional) that you can consider while planning for Remedy deployment.
Portmapper
A portmapper functions as a directory of services and the ports on which those services are running. Processes can opt to register or not register their location with a portmapper. A common reason for not registering with a portmapper is security.
If a Remedy AR System server is registered with a portmapper, your clients do not need to know what port the server is listening on because the clients can identify the port by using the portmapper and direct API calls to the appropriate TCP port. If a server is not registered with a portmapper, you must assign a TCP port number to that server. If you do not specify a port, the operating system searches for an open port and assigns it whenever the AR System server starts. As a result, the AR System clients will not know how to connect to the AR System server as the port will be different every time the AR System server is restarted.
Registering with a portmapper and assigning TCP port numbers are not mutually exclusive options. You can do both. If you specify a particular port for a server and register the server with a portmapper. Clients within the firewall do not need to be configured to access the specified port number.
If the AR System server is not registered with a portmapper:
- Client processes must be able to identify the port to communicate on to contact the server.
- The client/server interaction still requires the use of RPC when specific ports are used.
Windows and portmapper services
A portmapper service is provided with AR System server for Windows, as many Windows platforms do not have a portmapper service. If you already have a portmapper, you can register AR System with your existing portmapper service. If you do not have a portmapper, you can specify that the AR System Portmapper service needs to be started and used as the portmapper for the system.
AR System does not include a portmapper service for Linux, as all Linux operating systems include a portmapper as a standard feature.
Default port numbers
The port number for each application must be unique. No application can use a port number that is already assigned to another application. The installer automatically selects the port numbers for the different components during installation. For Remedy Mid Tier, installer prompts to enter a port number. You can specify any available port.
The following default port numbers are assigned during Remedy AR System installation:
Module | Port usage description | Default Port Number |
---|---|---|
Email Engine | RMI | 1100 - 1149 |
Flashboards | RMI | 1150 - 1199 |
armonitor | Default port used by AR System server for armonitor processes. You can configure this port by updating the <installfolder>/bin/ARMonitor.properties file. In the ARMonitor.properties file, you can configure port 7300 with com.bmc.arsys.armonitor.notificationPort component name | 7319 7300 |
Mid Tier | Standard Apache Tomcat ports |
|
Mid Tier | ServletExec | 8888 (admin) |
C Plug-in server | TCP port | Uses portmapper. If you are not using portmapper, you can specify the port number by editing the Plugin-Port option on the AR System Configuration Generic UI form. You must restart the server after specifying the port. |
Java plug-in | TCP port | 9999 |
Carte (Pentaho) server port (for Atrium Integrator | TCP | 20000 - 20050 |
FTS Java plug-in server | TCP | 9977 - 9998 |
Java virtual machine | JMX port Used for managing the Java virtual machine to connect using jconsole, jvisualvm, etc. You can configure this port using the Administrator console or updating the Jmx-port setting in Centralized Configuration | 61500 |
Server group cache clustering | EhCache peer listener port You can configure this port using the Administrator console or updating the Peer-listener-port setting in Centralized Configuration. | 40001 |
Server group communication | Peer Remote Object Port Defines the remote object port number where all ehcache instances from different servers communicate with each other. Port on which the remote objects bound in the registry receive calls for ehcache. | 40002 |
JMS broker | JMS broker port Used to start the JMS broker that is used for messaging. You can configure this port using the Administrator console or updating the default-messaging-Port setting in Centralized Configuration. | 61617 |
Shutting down the Remedy AR System server | Shutdown port Used to gracefully shutdown the Remedy AR System server shutdown server. You can configure this port updating the Shutdown-port setting in the Centralized Configuration file. Important While this is technically possible, we do not recommend you to change this setting. | 10001 |
Jetty servlet container for REST API | Jetty servlet container for REST API Port used for Jetty servlet container which now runs with in the Serverj process. You can configure this port by updating the port setting in the <installfolder>\ jetty\etc\jetty-http.xml file. | 8008 |
Important
Before proceeding to the Remedy AR System server installation, ensure that none of the AR System processes, such as Carte (Pentaho), FTS, and Plugin Server are started externally. This is because the required ports might be blocked in such a case.
The AR System server does not have any default ports. You can specify a port number for the AR System server by using the AR System Administration Console. For more information, see Setting ports and RPC numbers in the Remedy AR System documentation.
The following diagram shows the Remedy ITSM Suite components and the network ports they use.
BMC Atrium Core ports
The following table lists the default port number for all BMC Atrium Core features. The port numbers are configurable to any other port number.
Component | Default port number |
---|---|
NE Plug-in port | 9555 |
BMC Atrium Plug-in port | 9556 |
Tomcat HTTP port | Blank |
Tomcat HTTPS port | Blank |
Note
If you are using a preinstalled Tomcat server, the Tomcat HTTP Port and the Tomcat HTTPS Port fields are populated with the default port numbers. You cannot change the value of these fields.
Database ports
The following table lists the default third-party port numbers that are used by the Remedy products to communicate with the database server. The port numbers are configurable to any other port number.
Component | Default port number |
---|---|
MS SQL Server | 1433 |
Oracle server | 1521 |
PopstgreSQL | 5432 |
Encryption information
The following table shows which communications strings you can encrypt between the various components. HTTPS ports are web-based communications using SSL to encrypt, and TCP ports are all other ports whose port numbers are configurable and use DES encryption out of the box. These can be configured within the AR Server configuration settings on the Encryption tab. Set the New Encryption Settings - Security Policy option to Required, and set Data Key Details - Algorithm Options to DES. DES encryption can also be upgraded to use more advanced encryption algorithms via the Performance (128 bit) and Premium (256 bit) upgrade packages.
Application or component | AR System server | Remedy Mid Tier |
---|---|---|
Remedy Mid Tier | DES | |
Atrium Web Services | DES | |
Clients | HTTPS |
Firewall ports
BMC Service Support products that are based on the Remedy AR System platform — Remedy ITSM, BMC Service Request Management, BMC Service Level Management, and BMC Knowledge Management — need three ports to open during firewall configuration. Remedy AR System does not use a port range to work. The required ports are:
- A port for the Remedy AR System server to enable connectivity with the Remedy clients
- A port for the Plugin server, which enables access to any plugin that you want to load on the Remedy AR System environment, such as:
- Web services plugin (to enable web services in the Remedy environment)
- AREA LDAP (for external authentication if you want to authenticate Remedy users from your Microsoft Windows Active Directory)
- An outbound port for Remedy Alert, which the server will use when sending alerts
The portmapper of Remedy AR System uses UDP port – 111. If you do not specify a specific TCP port (TCD-Specific-Port), the system uses UDP to connect to portmapper to find where the Remedy AR System server is running. The ar.conf file (the AR Server configuration file) contains a setting, Register-With-Portmapper, to enable portmapper. You can use this setting to prevent the Remedy AR System server from registering with portmapper. You use this feature in conjunction with setting specific ports to enable you to run servers on computers that do not have portmapper. Valid values are T and F. The default is T (register with portmapper).
The Remedy AR System server port can use any port greater than 1024. Clients must be configured with the server port number to enable server access without the use of portmapper. When servers are configured to run on specific TCP ports, the clients must be configured to match.
The AR Plugin server port and the Alert Outbound Port must be greater than 1024. For detailed firewall configuration requirements for Remedy AR System, see Configuring firewalls with AR system servers in the Remedy AR system documentation.
Comments
Log in or register to comment.