Managing your HP servers through firewalls with HP SIM (481364-002, February 2008)

Table 2 How HP agents communicate faults

CMS Managed

System

Port

Protocol

Description

Out In Out

Y Y 162 SNMP SNMP Trap

Y Y 25 SMTP SMTP E-mail

Y Y 50004 HTTPS/HTTP WBEM event receiver (configurable)

Notes:

All ports are for TCP and UDP

The CMS will normally have all managed system ports open, as the CMS is a managed system itself. Firewalls may be

configured to block these ports if the CMS is not to be managed from another system.

Configuration Management

HP web agents on managed systems in a DMZ should first be configured to trust-by-certificate the HP

SIM server. This will authenticate all Version Control (VC) commands and all Replicate Agent Settings

(RAS) commands to the agent as coming from the specified CMS; these commands require HTTPS

over port 2381.

Systems must be discoverable by the CMS. Refer to the “Asset Management” section for more

information. Systems must also be identifiable, which minimally requires HTTP access over port 2301.

Table 3 identifies the protocols used for configuration management when managing through a

firewall.

Note

HP does not recommended enabling management protocols such as SNMP

or DMI on systems outside the firewall or directly connected to the Internet.

Table 3 Summary of protocols used for configuration management

CMS Managed

System

Port

Protocol

Description

Out In Out ICMP Ping

Y Y 22 SSH SSH server (for DTF)

Y Y 161 SNMP SNMP Agent

Y Y 162 SNMP Trap Trap listener

Y 80 HTTP Management processor and other devices;

standard Web server

Y 280 HTTP Web server for HP SIM; Web agent auto-

start port

Y 443 HTTPS Management processor and other devices;

standard Web server

Y 1443 TCP Microsoft SQL Server database

Y Y 2301 HTTP Web agent Web server