search cancel

Why does the Data Collector service run on a port not listed in the documentation

book

Article ID: 113022

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration

Issue/Introduction

When running a process listing, the Data Collector Java process shows a port that is not listed in the documentation as the one it is using. 

This was noticed during a security assessment of the environment. 

Why does the Data Collector service run on a port not listed in the documentation? 

Environment

All supported CA Performance Management releases 

Resolution

  • The DC uses that UDP port to receive poll responses from devices it sends requests to.
  • The DC should only be connecting to the local AMQ service. AMQ should be connecting to the DA's AMQ service.
  • All DA to DC communications are via activemq per documented ports.
  • All outgoing communications for poll requests are sent to the IP:Port per device based on the port set in the SNMP Profile used by the device. Ensure those ports are not blocked in the outgoing direction.
  • All poll responses from the devices will come back to the randomly chosen UDP port set on startup. As a result it doesn't need to allow outgoing requests on the port. 
  • We don't have to allow the random port specifically, as long as whatever port initiates the outgoing request is automatically open to receive the response. 
  • There is no way to hard code or lock the dcmd service daemon port used on start up.

Additional Information

Documented Port list for CAPM Environment 

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-6/review-installation-requirements-and-considerations0.html#concept.dita_669f11a1a7b734ff07869f266794dc77910ebbf3_FirewallandConnectivityConsiderations