Manualshelf

Managing your HP servers through firewalls with HP SIM (481364-002, February 2008)

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager 5.x Linux Software
11121314151617181920
15
4
Many CMS outgoing ports are used for discovery.
5
The exact UDP/TCP ports used by DMI are dynamic and vary from system to system, but they tend to be around 32,780 and
higher.
6
Port number is configurable in mx.properties using MX_SOAP_PORT.
7
Port number is configurable in mx.properties using MX_SOAP_SSO_PORT.
8
Port number is configurable in mx.properties using MX_SOAP_HTTP_PORT; port can be enabled/disabled in
globalsettings.props using HTTP_SOAP_PORT_ENABLE with “true” or “false.”
Version Control
This discussion is based on the assumption that the Version Control Repository (VCR) is behind the
firewall with CMS, and likely on the CMS.
Discovering the software available on the managed system requires SNMP over port 161. After
receiving a command to update some component, the system must retrieve the component from the
VCR, which it does using HTTPS over port 2381 to the VCR. To communicate its update status back to
the CMS, the agent uses HTTP over port 280. Additionally, the CMS polls the system for its status
every 15 minutes for up to 2 hours.
Replicate Agent Settings
Replicate Agent Settings require a source system whose configuration is copied and stored at the
CMS for duplicating to other target systems. This function relies on HTTPS traffic via port 2381 and
can operate over the firewall as long as the firewall is configured to pass this traffic.
SSH
SSH is used both locally on the HP SIM central management server and remotely to manage systems
for various tools. Normally, SSH servers listen on TCP port 22. If, for some reason, this must be
changed, the SSH port that HP SIM uses is configurable.
Performance Management
This section is based on the assumption that PMP/PPA is behind the firewall with CMS. Systems must
be discoverable by the CMS using ICMP echo or TCP to port 80.
Table 4 Performance management protocol
CMS Managed
System
Port Protocol
1
Description
In
2
Out In Out ICMP Ping
Y Y 80 TCP System Discovery
1
Y Y 161 SNMP PMP/PPA
Notes:
1
Discovery protocol is configurable between ICMP or TCP and a configurable port; default is 80.
2
The CMS will normally have all managed system ports open, as the CMS is a managed system itself. Firewalls may be
configured to block these ports if the CMS is not to be managed from another system
Vulnerability and Patch Manager (VPM)
This section is based on the assumption that HP VPM is behind the firewall with the CMS.
Table 5 Ports that must be open on the server
CMS Managed
System
Port
Protocol
1
Description