Why does the Data Collector service run on a port not listed in the documentation
Article ID: 113022
CA Infrastructure ManagementCA Performance Management - Usage and Administration
When running a process listing, the Data Collector Java process shows a port that is not listed in the documentation as the one it is using.
This was noticed during a security assessment of the environment.
Why does the Data Collector service run on a port not listed in the documentation?
All supported CA Performance Management releases
The DC uses that UDP port to receive poll responses from devices it sends requests to.
The DC should only be connecting to the local AMQ service. AMQ should be connecting to the DA's AMQ service.
All DA to DC communications are via activemq per documented ports.
All outgoing communications for poll requests are sent to the IP:Port per device based on the port set in the SNMP Profile used by the device. Ensure those ports are not blocked in the outgoing direction.
All poll responses from the devices will come back to the randomly chosen UDP port set on startup. As a result it doesn't need to allow outgoing requests on the port.
We don't have to allow the random port specifically, as long as whatever port initiates the outgoing request is automatically open to receive the response.
There is no way to hard code or lock the dcmd service daemon port used on start up.