Manualshelf

Managing HP servers through firewalls with Insight Management 7.2

ManualsBrandsHP ManualsSoftwareInsight Software
11121314151617181920
White paper| HP Insight Management 7.2
20 | March 2013
CMS
Managed
system
Port
Protocol
1
Description
Y Y 52000 HTTP ESA
Y Y 52001 HTTPS ESA
Y
3
Y 411 HTTP IBM Director agent
Y
3
Y 1311 HTTPS Server administrator
Y
3
2069 HTTP OSEM
Y
3
Y 3202 HTTPS Storage NAS
Y
3
Y 3257 HTTPS Rack & Power
Manager
Y
3
Y 4095 HTTP CommandView ESL
Y
3
Y 4096 HTTP CommandView SDM
Y
3
Y 8000 HTTP HP web JetAdmin
Y
3
Y 8008 HTTP Default home page
Y
3
Y 8443 HTTPS HP web JetAdmin
Y
3
Y 9990 HTTP HPOSM Service
Application
Y
3
Y 9991 HTTP OSM Event Viewer
Outbound (out) Request or response sent from a server is called outbound.
Inbound (in) Request or response received by a server is called inbound.
1
All ports are for TCP (except ICMP and SNMP).
2
The CMS normally has all managed system ports open because the CMS is a managed system
itself. Firewalls can be configured to block these ports if the CMS is not to be managed from
another system.
3
Many CMS outgoing ports are used for discovery.
4
RMI port is used within the CMS for inter-process communication. Connections from outside the
CMS are not accepted, and firewalls may block this port.
5
The exact UDP/TCP ports used by DMI are dynamic and vary from system to system, but they
tend to be around 32,780 and higher.
6
50000 port number is configurable in server.xml (see Appendix B: Modifying default ports).
7
50004 port number is configurable in globalsettings.props (see Appendix B: Modifying
default ports).
Version control
This discussion is based on the assumption that the Version Control Repository is behind the
firewall with CMS, and likely on the CMS.
Discovering the software available on the managed system requires SNMP over port 161. After
receiving a command to update some component, the system must retrieve the component from
the VCR, which it does using HTTPS over port 2381 to the VCR. To communicate its update status
back to the CMS, the agent uses HTTP over port 280. Additionally, the CMS polls the system for its
status every 15 minutes for up to 2 hours.
Replicate Agent Settings
Replicate Agent Settings require a source system whose configuration is copied and stored on the
CMS for duplicating to other target systems. This function relies on HTTPS traffic through port
2381 and can operate over the firewall as long as the firewall is configured to pass this traffic.