Common Communication Ports and Protocols Used by Cruz Operation Center
1. Introduction
This document is intended to supplement Pre-deployment Recommendations, Guides and Proposals. It identifies The ports and protocols required for management of network devices, servers and operating systems as well as Application Port that are used to support the NMS application itself.
There are several deployment options like “single server” where all components are on one server as well as distributed and HA deployment where one more components are on separate servers or VMs. The Application Port and Protocols section included port required between these distributed components.
Note: If there is a Firewall on the management server, the CruzOC Installation will automatically open the necessary communication ports. You will need to ensure that other firewalls between the management Server are open to allow the necessary communication on the port listed below.
1.1 Network Management - Required Protocols/ Ports
The software requires IP connectivity to the target devices. These are the primary management protocols and ports that are used to discover, manage and monitor most equipment. These communication ports must be open between the Management Server and target equipment. These include:
- CLI –Telnet /SSH (discovery, CLI actions, file management –ports 22,23)
- SNMP (Discovery, Traps, Events, SNMP interface Performance Monitoring) –ports 161,162 for linux 8162,8163
- Syslog –Logs (if required) - Port 514 for Linux 8514
- SCP, FTP,TFTP – File management backup/restore and firmware deploy –port 20,21,22,23
The target devices must have access to the file server. The Mangement Server must also have access to the File server
Traffic Flow: Sflow, Cflow, IPFix etc – default port 9996 - HTTP/HTTPS for direct access to a devices Web UI
1.2 Server and OS Management - Required Protocols/ Ports
Open these communication ports to the NMS server if you intend to manage Operating system such as Windows or Linux.
- Windows OS with Dot net is required to for WMI (Dot net 4.6 or higher recommended)
- WMI – if monitoring windows is required, WMI port/connectivity is required.
WMI ports:
TCP port 135 and a range of dynamic ports:
TCP 49152-65535 (RPC dynamic ports – Windows Vista, 2008 and above)
TCP 1024-65535 (RPC dynamic ports – Windows NT4, Windows 2000,2003
Widows Performance Counter Access: TCP port 445 (SMB, RPC/NP)
- WBEM - if monitoring Linux, solaris, esx or other linux based OS’s, WBEM must be configured on the target and access via WBEM is required.
- Redfish – if BMC /OOB monitoring is required (ie IDRAC, XCC,ILO, CMC) port 443
- Powershell - port 5989/5986
1.3 Application Ports /Protocols
This table includes additional port for communication between software components.
Destination Ports |
Service |
Files |
Notes |
3306 |
Database |
|
... or user-configured database host, if using MySQL server. |
8089, 8162, 8489 [HTTPS], 8082 |
Application server |
|
|
8080, 8443 [HTTPS] |
Web Portal: |
|
|
HTTP/S (Web Client) |
|||
8089, 4 |
oware.webservices.port |
[user.root]\oware\lib\owweb services.properties |
appserver. |
8489, 4, 5, 7 |
org.apache.coyote.tomcat4.CoyoteConnector (Apache) |
[user.root]\oware\jboss-*.*\server\oware\deploy\jbossweb-tomcat41.sar\META-INF\ jboss-service.xml |
app/medserver, jmx console, and web services, including Axis2 |
Other Ports |
|||
n/a5(ICMP) |
ping |
|
MedSrv -> NtwkElement, NtwkElement -> MedSrv, ICMP ping for connection monitoring. |
20, 4, 5, 7 (TCP) |
FTP Data Port |
n/a
Configurable in File Servers portlet editor |
(Internally configurable), “MedSrv -> FTPSrv NtwkElement -> FTPSrv” medserver1 |
21, 4, 5, 7 (TCP) |
FTP Control Port |
n/a |
(Internally Configurable) “MedSrv -> FTPSrv NtwkElement -> FTPSrv” medserver1 |
22, 4, 5, 7 (TCP) |
SSH |
n/a |
MedSrv -> NtwkElement, secure craft access medserver1 |
23, 4, 5, 7 (TCP) |
Telnet |
n/a |
MedSrv -> NtwkElement, non-secure craft access medserver1 |
25, 4,5, 7 (TCP) |
com.dorado.mbeans.OWEmailMBean (mail) |
Configurable in the SMTP configuration editor in the Common Setup Tasks portlet. |
AppSrv -> SmtpRelay, communication channel to email server from Appserver |
69, 4, 5, 7 (UDP) |
TFTP |
n/a |
(Configurable internally), MedSrv -> TFTPSrv
NtwkElement -> TFTPSrvmedserver1 |
161, 4, 5, 7 (UDP) |
com.dorado.media tion.snmp.request.listener.port (SNMP), oware.media tion.snmp.trap.forward ing.source.port |
[user.root]\owareapps\ezmediation\lib\owmediation.properties |
MedSrv -> NtwkElement, SNMP request listener and trap forwarding source medserver1 |
162, 4, 5 (UDP) |
oware.media tion.snmp.trap.forwarding.des tination.port (SNMP) |
[user.root]\owareapps\ezmediation\lib\ezmediation.properties change this property: com.dorado.snmp.trap.listener.binding=0.0.0.0/162 |
NtwkElement -> MedSrv, SNMP trap forwarding destination port, medserver1 |
514, 4, 5 (UDP) |
com.dorado.mediation.syslog.port (syslog) |
To change the syslog port, add com.dorado.mediation.syslog.port=[new port number] to owareapps\installprops\lib\installed.properties |
NtwkElement -> MedSrv (mediation syslog port) medserver1 |
1098, 4, 5, 7 (TCP) |
org.jboss.naming.NamingService (JBOSS) |
[user root]\oware\jboss-*.*\owareconf\jboss-root-service.xml |
AppSrv -> MedSrv MedSrv -> AppSrv user client ->AppSrv user client ->MedSrv, (JBOSS naming service), app/medserver |
1099, 4, 5, 7 (TCP) |
org.jboss.naming.NamingService (JBOSS) |
[user.root]\oware\jboss-*.*\owareconf\jboss-root-service.xml |
MedSrv -> AppSrv, user client -> AppSrv, user client -> MedSrv, (JBOSS naming service & OWARE context server URL), app/medserver |
1099, 2, 4, 5, 7 (TCP) |
OWARE.CONTEXT.SERVER.URL |
[user.root]\oware apps\install props\lib\installed.properties [user.root]\oware apps\install props\medserver\lib\installed.properties |
MedSrv -> AppSrv, user client -> AppSrv. user client -> MedSrv. (JBOSS naming service & OWARE context server URL)
client
medserver1 |
1100-1101 |
org.jboss.ha.jndi.HANamingService, |
[user.root]/oware/jboss-*.*/server/all/deploy/cluster-service.xml |
|
1103, 4, 5 (UDP) |
jnp.reply.discoveryPort (JNP) |
[user.root]\oware\lib\owappserver.properties |
AppSrv -> MedSrv, AppSrv -> user client, (JNP reply discovery port), app/medserver |
1123, 4, 5 (UDP) |
jnp.discoveryPort (JNP) |
[user.root]\oware\lib\owappserver.properties |
MedSrv -> AppSrv, user client -> AppSrv, (JNP discovery port), app/medserver |
1521, 4, 7 (TCP) |
com.dorado.jdbc.database_name.oracle (JDBC) |
[user.root]\oware apps\install props\lib\installed.properties |
AppSrv ->OracleDBSrv, (JDBC database naming [Oracle]) database |
1812, 4, 7 (TCP) |
RADIUS port |
[user.root]\oware\jboss-*.*\server\oware\conf\login-config.xml |
AppSrv -> RADIUS Srv, Appserver (RADIUS client login enabled – optional) |
3306, 4, 7 (TCP) |
com.dorado.jdbc.database_name.mysql |
[user.root]\oware apps\install props\lib\installed.properties |
AppSrv -> MySQLSrv, (JDBC database naming [MySQL]) appserver) |
3100, 4, 5, 7 (TCP) 3200, 4, 5, 7 |
org.jboss.ha.jndi.HANaming Service (JBOSS)
|
[user.root]\oware\jboss-*.*\owareconf\cluster-service.xml |
AppSrv -> AppSrv, user client -> AppSrv AppSrv -> MedSrv MedSrv -> AppSrv user client -> AppSrv user client -> MedSrv (JBOSS HA JNDI HA Naming service [1100 is stub] app/medserver |
3355, 4 - application & mediation servers
8082 - portal |
Direct access |
Override application server port with this property: com.dorado.mediation.socket.relay.listen.port=3355 |
For both, the relay increments from the default until lit can bind to an open port. |
4444 |
org.jboss.invocation.jrmp.server.JRMPInvoker |
[user.root]/oware/jboss-*.*/server/all/conf/jboss-service.xml, RMIObjectPort, jboss:service =invoker,type=jrmp |
|
4445, 4, 5, 7 (TCP) |
org.jboss.invocation.pooled.server.PooledInvoker (JBOSS) |
[user.root]\oware\jboss-*.*\owareconf\jboss–root-service.xml |
AppSrv -> MedSrv MedSrv -> AppSrv user client -> AppSrv user client -> MedSrv, app/medserver |
4446, 4, 5, 7 (TCP) |
org.jboss.invoca tion.jrmp.server.JRMPInvoker (JBOSS) |
[user.root]\oware\jboss-*.*\owareconf\jboss–root-service.xml |
(AppSrv ->AppSrv, AppSrv -> MedSrv, MedSrv -> AppSrv, user client -> AppSrv, user client -> MedSrv) app/medserver |
5988, 5989 |
WBEM Daemon (5989 is the secure port) defaults |
|
You can add ports and daemons in monitored services. These are only the default. WBEM requires one port, and only one, per daemon. |
6500-10, 4, 5, 7 (TCP) |
JBOSS |
Specify such connections in the ezmediation/lib/ezmediation.properties file. |
user client -> MedSrv (user client to mediation server cut-through) |
7800, 2(TCP) |
org.jboss.ha.frame work.server.ClusterPartition (JBOSS) |
[user.root]\oware\conf\cluster-service.xml |
disabled - see UDP for same, (JBOSS HA frame work server cluster partition) TCP only |
8009 (TCP) |
org.mort bay.http.ajp.AJP13Listener |
[user.root]\oware\jboss-*.*\server\oware\deploy\jbossweb-tomcat41.sar\META-INF\ jboss-service.xml |
Obsolete — appserver |
8083 (TCP) |
org.jboss.web.WebService (JBOSS) |
[user.root]\oware\jboss-*.*\owareconf\jboss–root-service.xml |
Used by JBoss web service, appserver |
8093, 4, 5. 7 (TCP) |
org.jboss.mq.il.uil2.UILServerILService |
[user.root]\oware\jboss-*.*\owareconf\uil2-service.xml |
MedSrv -> AppSrv, user client -> AppSrv (JBOSS mq il uil2 UIL Server-IL Server), app/medserver (Jboss JMS) |
8443, 2, 4, 5, 7 |
org.apache.coyote.tomcat4.CoyoteConnector |
[user.root]\oware\jboss-*.*\server\oware\deploy\jbossweb.sar\META-INF\ jboss-service.xml |
user client -> AppSrv (Apache Coyote Tomcat4 Coyote connector), appserver. This is the default HTTPS port for the web portal. |
9001, 4, 6, 7 (UDP) |
mediation.listener.multi cast.intercomm.port |
[user.root]\lib\owmediation listeners.properties |
MedSrv <-> MedSrv (mediation listener multicast intercommunications port) medserver3 |
9996, 6343 (UDP) |
Traffic Flow Analysis |
trafficanalyzer.ocp |
You must configure the router to send flow reports to the OpenManage Network Manager server on UDP port 9996 for Netflow / jFlow and 6343 for sflow by default. |
31310, 4, 6, 7 (TCP) |
JBoss |
|
AppSrv -> AppSrv |
45566, 4, 5 (UDP) |
org.jboss.ha.frame work.server.ClusterPartition |
[user.root]\jboss-*.*\owareconf \cluster-service.xml |
AppSrv -> Multicast, (JBoss HA frame work server cluster partition), UDP only |
54027, 4,7 |
Process Monitor |
[user.root]\oware\lib\pmstar tup.dat |
mgmt client -> AppSrv, mgmt client -> MedSrv (process monitor local client for server stop/start/status) app/medserver |
1 Remote mediation servers or application servers behaving as though they were mediation servers (single host installation). 2 Unused in standard configuration. 3 Client does not connect to medserver on this port. 4 This port is configurable. 5Firewall Impacting 6The most likely deployment scenarios will have all servers co-resident at the same physical location; as such, communications will not traverse through a firewall 7Bidirectional |