×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation applies to the 8.1 version of Remedy IT Service Management Suite, which is in "End of Version Support." You will not be able to leave comments.

To view the latest version, select the version from the Product version menu.
Remedy IT Service Management Suite 8.1 ... Planning Deployment architecture Secure deployment

Firewall considerations

Firewalls are an excellent way to provide choke points where only specific traffic types are allowed to pass. If only the ports specifically needed to complete your organization's transactions are open, it will be much harder for a malicious person to penetrate your organization's network defenses. There are many different kinds of firewalls on the market, each with their own advantages and disadvantages. It is not within the scope of this documentation to discuss them nor to make a recommendation. Talk to your organization's security administrators to determine the best way to secure BMC Remedy ITSM applications with firewalls.

This topic provides high-level information about port numbers, protocol of port numbers, and communication details (unidirectional or bidirectional) that you can consider for firewall configuration. For detailed information about these topics, see the installation or configuration topics for the specific BMC products that you are installing. For more information about specific ports, see Port information.

Note

BMC does not recommend placing a firewall between the BMC Remedy AR System servers and the database. The extra processing time that a firewall takes to analyze each packet causes a delay. This delay, with the additional unnecessary network hop, creates a transaction response time that will be deemed unacceptable to most users.

BMC Service Support products that are based on the BMC Remedy AR System platform — BMC Remedy ITSM, BMC Service Request Management, BMC Service Level Management, and BMC Knowledge Management — need three ports to open during firewall configuration. BMC Remedy AR System does not use a port range to work. The required ports are:

  • A port for the BMC Remedy AR System server to enable connectivity with the BMC Remedy clients
  • A port for the Plug-in server, which enables access to any plug-in that you want to load on the BMC Remedy AR System environment, such as:
    • Web services plug-in (to enable web services in the BMC Remedy environment)
    • AREA LDAP (for external authentication if you want to authenticate BMC Remedy users from your Microsoft Windows Active Directory)
  • An outbound port for BMC Remedy Alert, which the server will use when sending alerts

The portmapper of BMC Remedy AR System uses UDP port – 111. If you do not specify a specific TCP port (TCD-Specific-Port), the system uses UDP to connect to portmapper to find where the BMC Remedy AR System server is running. The ar.conf file (the AR Server configuration file) contains a setting, Register-With-Portmapper, to enable portmapper. You can use this setting to prevent the BMC Remedy AR System server from registering with portmapper. You use this feature in conjunction with setting specific ports to enable you to run servers on computers that do not have portmapper. Valid values are T and F. The default is T (register with portmapper).

The BMC Remedy AR System server port can use any port greater than 1024. Clients must be configured with the server port number to enable server access without the use of portmapper. For information about configuring clients, see Configuring clients for AR System servers.

The AR Plug-in server port cannot be the same as the AR System server port and can be any other port greater than 1024. The Alert Outbound Port must also be greater than 1024. For detailed firewall configuration requirements for BMC Remedy AR System, see Configuring firewalls with AR System servers.

The following illustration shows the port communication details of BMC Remedy platform products and the integration mechanism with the Service Assurance and Service Automation products.

Port communication

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Last modified by Bruce Cane on Oct 30, 2012
concept deployment best_practices security

Comments

Log in or register to comment.

Secure deployment
Port information
© Copyright 1996 - 2018 BMC Software, Inc. © Copyright 1996 - 2018 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.