Why does the Data Collector service run on a port not listed in the documentation
Article ID: 113022
Updated On:
Products
CA Infrastructure Management
CA Performance Management - Usage and Administration
Issue/Introduction
When running a process listing, the Data Collector Java process shows a port that is not listed in the documentation as the one it is using.
This was noticed during a security assessment of the environment.
Why does the Data Collector service run on a port not listed in the documentation?
This was noticed during a security assessment of the environment.
Why does the Data Collector service run on a port not listed in the documentation?
Environment
All supported CA Performance Management releases
Resolution
- The DC uses that UDP port to receive poll responses from devices it sends requests to.
- The DC should only be connecting to the local AMQ service. AMQ should be connecting to the DA's AMQ service.
- All DA to DC communications are via activemq per documented ports.
- All outgoing communications for poll requests are sent to the IP:Port per device based on the port set in the SNMP Profile used by the device. Ensure those ports are not blocked in the outgoing direction.
- All poll responses from the devices will come back to the randomly chosen UDP port set on startup. As a result it doesn't need to allow outgoing requests on the port.
- We don't have to allow the random port specifically, as long as whatever port initiates the outgoing request is automatically open to receive the response.
- There is no way to hard code or lock the dcmd service daemon port used on start up.
Feedback
Yes
No
Powered by
