TrueSight Server Automation ports
The following sections list the ports used by the various components of TrueSight Server Automation:
Overview
These ports are required for a basic TrueSight Server Automation installation. Your firewall must allow communication through these ports for the associated components to function.
To define port numbers that differ from the defaults, use the TrueSight Server Automation Application Server console (the blasadmin utility) or use the TrueSight Server Automation Console (the Infrastructure Management window). For information about changing port numbers using the TrueSight Server Automation Console or the blasadmin utility, see Configuring-communication-ports.
Client ports
The following table lists the TCP/UDP ports used by the TrueSight Server Automation clients.
Port | Protocol | From | To | Notes |
|---|---|---|---|---|
9840 (base + 40)1 | TCP | RCP (Client UI) | Application Server | Required port. This port is used for the TrueSight Server Automation Console and blcred utility to authenticate against the Application server. |
9841 (base + 41)1 | TCP | RCP (Client UI) | Application Server | Required port. This port is used by the TrueSight Server Automation Console and blcli to communicate with the Application after successful authentication against the Authentication Service. |
9842 (base + 42)1 | TCP | NSH | NSH Proxy | This port is used by the NSH client to connect to the Application Server, when the Application Server is configured to run the NSH Proxy service. For more information about the NSH proxy, see Setting-up-a-Network-Shell-proxy-server. |
1 Default ports, as noted above are added on top of the base port when an Application Server instance is created. For example, if the base port is 9900, then the authsvc port is 9940, appsvc port is 9941, and NSH proxy svc port is 9942. If you add another Application Server instance on an existing Application Server host, you must select a different base port range. For example, the default Application Server instance uses a base port of 9800 and when you add another instance, you can select 9900 as the base port for the new instance to avoid conflict with the existing instance. Arbitrary port assignments can be made in all cases.
Application Server ports
The following table lists the TCP/UDP ports used by the TrueSight Server Automation application server.
Port | Protocol | From | To | Notes |
|---|---|---|---|---|
25 | SMTP (TCP) | Application Server | Mail Server | SMTP |
161 | SNMP (UDP) | Application Server | SNMP | |
162 | SNMP (UDP) | Application Server | SNMPTRAP | |
1080 | TCP | SOCKS client | SOCKS proxy | SOCKS proxy protocol |
1433 | MS--SQL (TCP) | Application Server | SQL Server DB | Communication with the default SQL Server instance |
1521 | TNS (TCP) | Application Server | Oracle DB | Communication with the Oracle database |
9700 | JMX (TCP) | Application Server | Application Server | Default RMI registry port used for JMX communication to the Application Server Launcher. In order to perform Application Server Launcher operations, each Application Server host must have access to this port on every other Application Server host. |
9701 | TCP | Application Server | Application Server | Default communications port used for Application Server communication with the Application Server Launcher. The traffic type is incoming messages. Each managed Application Server uses this port to notify the Application Server Launcher that the Application Server is up and in a ready state. This communication is all local traffic for this port. |
9702 | TCP | Application Server | Application Server | Default RMI execution port used for JMX communication to the Application Server Launcher. In order to perform Application Server Launcher operations, each Application Server host must have access to this port on every other Application Server host. |
9836 (base + 36)1 | TCP | Application Server | Application Server | Required port. Listening port for traffic between Application Servers that cooperate by distributing jobs to each other |
9838 (base + 38)1 | TCP | Application Server | Jconsole or JMXCLI | Required port. JMX listener for Application Server |
9850-9899 (MinPort-MaxPort) | TCP | Application Server | Application Server | RMI communication ports. The MinPort-MaxPort range is configurable, with 9850-9899 being the default for a single Application Server. |
9843 | HTTPS | Web client | Application Server | Web services port |
1 Application Server ports are normally configured from a base port, with 9800 being the default base port. A second Application Server on the same host will typically have a base port of 9900, and so on. Arbitrary port assignments can be made in all cases.
Provisioning server ports
The following table lists the TCP/UDP ports used by TrueSight Server Automation in provisioning.
Port | Protocol | From | To | Notes |
|---|---|---|---|---|
671 | DHCP (UDP) | PXE client | DHCP service | (Windows and Linux provisioning) For PXE discovery and image transfer. |
68 | DHCP (UDP) | DHCP | PXE client | (Windows and Linux provisioning) BOOTP/DHCP port — A bare metal server listens on this port to receive the dynamic IP it has requested from the DHCP server. The server uses this IP to configure itself and access the network. Extended DHCP response to an initial extended DHCP request. |
69 | TFTP (TCP/UDP) | PXE client | TFTP Server | (Windows and Linux provisioning) Port used in provisioning for PXE discovery. The port on which the TFTP server listens. The bare metal target server downloads the initial boot image (the WinPE or gentoo image) over this port. |
80 | HTTP (TCP) | PXE client | PXE server | (Linux provisioning) Used for provisioning data store. |
445 | SMB (TCP) | PXE client | PXE server | (Windows provisioning) Used for provisioning data store. |
1433 | MS-SQL (TCP) | PXE server | SQL Server DB | (Windows and Linux provisioning) The PXE/TFTP server communicates directly to the database server over this port to determine which boot image to provide to the bare metal target server. |
1521 | TNS (TCP) | PXE server | Oracle DB | Port that the database listens on. Typically, port 1521 is for an Oracle database. |
4011 | DHCP (UDP) | PXE client | PXE server | (Windows and Linux provisioning) The PXE server listens on this port for DHCPREQUESTS from bare metal target servers when they boot for the first time. When both the PXE service and the DHCP service reside on the same server, both services cannot listen on the same port. In that case, this port is effectively the proxy DHCP. |
4750 | RSCD (TCP) | Application Server | RSCD agent | (Windows and Linux provisioning) Port used to communicate to the RSCD agent on a managed target server after it is provisioned. |
9831 | TCP | Provisioning Client | Application Server | Required port. By default, the Application Server uses this port for SSL communication. |
1 The PXE server binds to port 67, a port that the DHCP server normally uses. However, PXE clients broadcast a DHCPDISCOVER packet with PXE-specific information to port 67. This communication enables the PXE server running on that port to identify the PXE client and initiate the provisioning process. For this reason, provisioning uses the same ports as the DHCP server.
RSCD Agent ports
The following table lists the TCP/UDP ports used by the TrueSight Server Automation RSCD Agents.
Port | Protocol | From | To | Notes |
|---|---|---|---|---|
4750+ | TCP | Application Server | RSCD Agent (Managed Server) | Default port for all communication from application server to agent |
Smart Agent (Managed Server) | RSCD Agent (Managed Server) | If you want to use the Smart Agent Tunnel feature, open this port on localhost to establish the communication between the Smart Agent and RCSD Agent. Smart Agent Tunnel feature enables the Smart Agent to connect to RSCD Agent running on the same host using port 4750. Therefore, you must allow TCP packets to port 4750 from the localhost. A sample Linux iptables configuration for port 4750 looks like the following: iptables -A INPUT -p tcp -s localhost -d localhost --dport 4750 -j ACCEPT | ||
139 | TCP | Application Server | Target Windows Server | netbios port for Agent Installer Job (smb1) |
445 | TCP | Application Server | Target Windows Server | microsoft-ds port for Agent Installer Job (smb2) |
445 | TCP | Application Server | Target Windows Server | psexec helper |
22* | TCP | Application Server | Target UNIX Server | ssh, scp port for Agent Installer Job (file copy and command execution) |
23* | TCP | Application Server | Target UNIX Server | telnet port for Agent Installer Job (command execution) |
20,21* | UDP | Application Server | Target UNIX Server | ftp port for Agent Installer Job (file copy) |
139 | TCP | Windows RSCD Agent / Managed Server | CIFS/SMB Share | for AGENT_MOUNT deploy types |
445 | TCP | Windows RSCD Agent / Managed Server | CIFS/SMB Share | for AGENT_MOUNT deploy types |
NFS ports | TCP/UDP | RSCD Agent / Managed Server | NFS Share | for AGENT_MOUNT deploy types |
+ The RSCD Agent is registered with port 5750 with IANA, but the default port is 4750 (listed as ssad in most UNIX /etc/services files).
* For the UNIX agent installer, use either ssh or ftp/telnet to run the agent installer. Only the ports for the specific method of install need to be open.
Smart Hub ports
The following table lists the ports used for communication with the Smart Hub.
Port | Protocol | From | To | Notes |
|---|---|---|---|---|
443 | TCP | Application Server and Smart Agents | Smart Hub | Default port for communication from the Application Server to Smart Hub. |
6379 | TCP | Smart Hub | Redis Server | Default port for communication from the Smart Hub to Redis Server. This communication is local communication. |
1080 | TCP | Application Server and Smart Agents | Smart Hub Gateway | Default port for communication from the Application Server to Smart Hub Gateway. |
Remote facility ports
The following table lists the TCP/UDP ports used by TrueSight Server Automation for remote facility communications (SOCKS, Repeater).
Port | Protocol | From | To | Notes |
|---|---|---|---|---|
4750 | RSCD (TCP) | Application Server | RSCD Agent | Primary communication channel from the Application Server to each managed host. |
External Authentication ports
The following table lists the TCP/UDP ports used in the communication with external authentication sources.
Port | Protocol | Authentication Type | From | To | Notes |
|---|---|---|---|---|---|
88 | TCP & UDP | ADK, Domain Authentication | Application Server (and client system for ADK) | Windows Domain Controller/KDC | For ADK, because a Kerberos ticket is required, the client system must also be able to access the Domain Controller/KDC. |
389 | TLS/TCP | LDAP (LDAP + Start TLS) | Application Server | LDAP Server | |
80/443 | HTTP/HTTPS (TCP) | PKI | Application Server | OCSP server | Application Server needs access to the OCSP responder if OCSP is enabled. |
5500 | UDP | RSA | Application Server | RSA Server |
Live Reporting ports
The following table lists the ports used in Live Reporting.
Port | Protocol | From | To | Notes |
|---|---|---|---|---|
1434 | UDP | Live Reporting Server | SQL Server database | Communication with the SQL Server database when a named instance is used. |
8443 | HTTPS | Live Reporting Server | Live Reporting Server | Communication with the Yellowfin web server. |