Network ports

This topic provides high-level information about port numbers, protocol of port numbers, and communication details (unidirectional or bidirectional) that you can consider while planning for Remedy deployment. 

Portmapper

A portmapper functions as a directory of services and the ports on which those services are running. Processes can opt to register or not register their location with a portmapper. A common reason for not registering with a portmapper is security.

If a Remedy AR System server is registered with a portmapper, your clients do not need to know what port the server is listening on because the clients can identify the port by using the portmapper and direct API calls to the appropriate TCP port. If a server is not registered with a portmapper, you must assign a TCP port number to that server. If you do not specify a port, the operating system searches for an open port and assigns it whenever the AR System server starts. As a result, the AR System clients will not know how to connect to the AR System server as the port will be different every time the AR System server is restarted.

Registering with a portmapper and assigning TCP port numbers are not mutually exclusive options. You can do both. If you specify a particular port for a server and register the server with a portmapper. Clients within the firewall do not need to be configured to access the specified port number.

If the AR System server is not registered with a portmapper:

• Client processes must be able to identify the port to communicate on to contact the server. 
• The client/server interaction still requires the use of RPC when specific ports are used.

Windows and portmapper services

A portmapper service is provided with AR System server for Windows, as many Windows platforms do not have a portmapper service. If you already have a portmapper, you can register AR System with your existing portmapper service. If you do not have a portmapper, you can specify that the AR System Portmapper service needs to be started and used as the portmapper for the system. 

AR System does not include a portmapper service for Linux, as all Linux operating systems include a portmapper as a standard feature.

Default port numbers

The port number for each application must be unique. No application can use a port number that is already assigned to another application. The installer automatically selects the port numbers for the different components during installation. For Remedy Mid Tier, installer prompts to enter a port number. You can specify any available port.

The following default port numbers are assigned during Remedy AR System installation:

The AR System server does not have any default ports. You can specify a port number for the AR System server by using the AR System Administration Console. For more information, see Setting ports and RPC numbers in the Remedy AR System documentation.

The following diagram shows the Remedy ITSM Suite components and the network ports they use.

BMC Atrium Core ports

The following table lists the default port number for all BMC Atrium Core features. The port numbers are configurable to any other port number.

Database ports

The following table lists the default third-party port numbers that are used by the Remedy products to communicate with the database server. The port numbers are configurable to any other port number.

Encryption information

The following table shows which communications strings you can encrypt between the various components. HTTPS ports are web-based communications using SSL to encrypt, and TCP ports are all other ports whose port numbers are configurable and use DES encryption out of the box. These can be configured within the AR Server configuration settings on the Encryption tab. Set the New Encryption Settings - Security Policy option to Required, and set Data Key Details - Algorithm Options to DES. DES encryption can also be upgraded to use more advanced encryption algorithms via the Performance (128 bit) and Premium (256 bit) upgrade packages.

Firewall ports

BMC Service Support products that are based on the Remedy AR System platform — Remedy ITSM, BMC Service Request Management, BMC Service Level Management, and BMC Knowledge Management — need three ports to open during firewall configuration. Remedy AR System does not use a port range to work. The required ports are:

• A port for the Remedy AR System server to enable connectivity with the Remedy clients
• A port for the Plugin server, which enables access to any plugin that you want to load on the Remedy AR System environment, such as:
  • Web services plugin (to enable web services in the Remedy environment)
  • AREA LDAP (for external authentication if you want to authenticate Remedy users from your Microsoft Windows Active Directory)
• An outbound port for Remedy Alert, which the server will use when sending alerts

The portmapper of Remedy AR System uses UDP port – 111. If you do not specify a specific TCP port (TCD-Specific-Port), the system uses UDP to connect to portmapper to find where the Remedy AR System server is running. The ar.conf file (the AR Server configuration file) contains a setting, Register-With-Portmapper, to enable portmapper. You can use this setting to prevent the Remedy AR System server from registering with portmapper. You use this feature in conjunction with setting specific ports to enable you to run servers on computers that do not have portmapper. Valid values are T and F. The default is T (register with portmapper).

The Remedy AR System server port can use any port greater than 1024. Clients must be configured with the server port number to enable server access without the use of portmapper. When servers are configured to run on specific TCP ports, the clients must be configured to match.

The AR Plugin server port  and the Alert Outbound Port must be greater than 1024. For detailed firewall configuration requirements for Remedy AR System, see Configuring firewalls with AR system servers in the Remedy AR system documentation.