Process Automation - Ports used by its components
Article ID: 11554
Updated On:
Products
Issue/Introduction
What Ports are used by Process Automation and its components?
Environment
Process Automation 4.3.0 and above
Resolution
This Document is composed of tables that describe in detail the port usage of the various CA Process Automation components. These tables apply to Process Automation version 4.2 SP2 and 4.3. The list is comprehensive and contain duplication in order to provide a complete picture for each component.
Ports Used by CA EEM
The following tables provide an overview of the ports that are used for communications from and to CA Embedded Entitlements Manager (CA EEM).
Communications from CA EEM
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| CA EEM | Any | CA EEM | 509 | TCP | CA EEM Configuration | Used by CA EEM iTechPoz when CA EEM is configured as an HA cluster. |
| CA EEM | Any | CA EEM | 1684 | TCP | CA EEM Configuration | Used by CA EEM iTechPoz Router when CA EEM is configured as an HA cluster (CA EEM 8.4 only) |
| CA EEM | Any | CA EEM | 5250 | TCP | CA EEM Configuration | Used by CA EEM iGateway when CA EEM is configured as an HA cluster. |
Communications to CA EEM
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| CA EEM | Any | CA EEM | 509 | TCP | CA EEM Configuration | Used by CA EEM iTechPoz when CA EEM is configured as an HA cluster. |
| CA EEM | Any | CA EEM | 1684 | TCP | CA EEM Configuration | Used by CA EEM iTechPoz Router when CA EEM is configured as an HA cluster (CA EEM 8.4 only) |
| CA EEM | Any | CA EEM | 5250 | TCP | CA EEM Configuration | Used by CA EEM iGateway when CA EEM is configured as an HA cluster. |
| Orchestrator | Any | CA EEM | 5250 | TCP | CA EEM Configuration | Used to validate credentials and permissions (authentication and authorization). |
| Web Browser (CA EEM Administrator) | Any | CA EEM | 5250 | TCP | CA EEM Configuration | Web Browser accessing the CA EEM UI |
Ports Used by the Load Balancer
The following tables provide an overview of the ports that are used for communications from and to the configured load balancer. Supported load balancers include NGINX, Apache, and F5.
Communications from the Load Balancer
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Load Balancer | Any | Orchestrator | 80 | HTTP | Oasisconfig.properties | Load Balancer talks to Orchestrator on this port. |
| Load Balancer | Any | Orchestrator | 443 | HTTPS | Oasisconfig.properties | Load Balancer talks to secure Orchestrators on this port. |
| Load Balancer | Any | Orchestrator | 8080 | HTTP | Oasisconfig.properties | Load Balancer talks to Orchestrator on this port. |
| Load Balancer | Any | Orchestrator | 8443 | HTTPS | Oasisconfig.properties | Load Balancer talks to secure Orchestrator on this port. |
| Load Balancer | Any | Orchestrator | 8009 | TCP/AJP | Oasisconfig.properties |
Load Balancer - AJP connector port between Load Balancer and Orchestrator. This port does not apply to NGINX. |
| Load Balancer | Any | Orchestrator | 7000 | HTTP | node0-config.xml | CA Process Automation Catalyst REST API port |
| Load Balancer | Any | Orchestrator | 7443 | HTTP | node0-config.xml | CA Process Automation Catalyst REST API secure port |
Communications to the Load Balancer
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Catalyst REST client | Any | Load Balancer | 7000 | HTTP |
Apache: httpd-proxy.conf NGINX: pam-rest.conf F5: iRules config |
CA Process Automation Catalyst container port |
| Catalyst REST client | Any | Load Balancer | 7443 | HTTPS |
Apache: httpd-proxy.conf NGINX: pam-rest.conf F5: iRules config |
CA Process Automation Catalyst container secure port |
| Agent | Any | Load Balancer | 80 | HTTP |
Apache: httpd.conf NGINX: pam-server.conf F5: iRules Config |
Load Balancer port for basic communication |
| Agent | Any | Load Balancer | 443 | HTTPS |
Apache: httpd-ssl.conf NGINX: secure-pam-server.conf F5: iRules config |
Load Balancer port for secure communication |
|
Web Browser |
Any | Load Balancer | 80 | TCP |
Apache: httpd.conf NGINX: pam-server.conf F5: iRules Config |
Load Balancer port for basic communication |
|
Web Browser |
Any | Load Balancer | 443 | TCP |
Apache: httpd.conf NGINX: secure-pam-server.conf F5: iRules |
Load Balancer port for secure communication |
| Web Services (SOAP) Client | Any | Load Balancer | 80 | TCP |
Apache: httpd.conf NGINX: pam-server.conf F5: iRules Config |
Load Balancer port for basic communication |
| Web Services (SOAP) Client | Any | Load Balancer | 443 | TCP |
Apache: httpd.conf NGINX: secure-pam-server.conf F5: iRules |
Load Balancer port for secure communication |
Ports Used by an Orchestrator
The following tables provide an overview of the ports that are used for communications, specifically:
- Communication from an Orchestrator to another component in a CA Process Automation system
- Communication between Orchestrators
- Communication to an Orchestrator from another component in a CA Process Automation system
Communications from an Orchestrator to another Orchestrator
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Orchestrator | Any | CA EEM | 5250 | TCP | CA EEM Configuration | Used to validate credentials and permissions (authentication and authorization) |
| Orchestrator | Any | Agent | 7003 | HTTP/HTTPS | Specified during the agent installation or re-installation | Deprecated Agent listens on this deprecated port when using the old mode of communication with Orchestrators |
| Orchestrator | Any |
Microsoft SQL Database Server |
1433 | TCP | Microsoft SQL Configured | The database port can be changed in the database server installation. Default Value: 1433 |
| Orchestrator | Any | MySQL Database Server | 3306 | TCP | MySQL Configured | The database port can be changed in the database server installation. Default Value: 3306 |
| Orchestrator | Any | Oracle Database Server | 1521 | TCP | Oracle Configured |
The database port can be changed during Create Listener; 1521 is the default value for the Oracle Listener port. The database instance can be associated with a different listener. Refer the Oracle Configuration. |
Communications between Domain Orchestrator and Non-Domain Orchestrator
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Orchestrator | Any | Non-Domain Orchestrator | 7001 | HTTP/HTTPS | OasisConfig.properties | Ports that are used for communication between Orchestrators |
| Non-Domain Orchestrator | Any | Domain Orchestrator | 8080 | TCP | OasisConfig.properties | Basic Orchestrator to Orchestrator Communication |
| Non-Domain Orchestrator | Any |
Domain Orchestrator |
8443 | TCP | OasisConfig.properties | Secure Orchestrator to Orchestrator Communication |
| Non-Domain Orchestrator | Any | Domain Orchestrator | 80 | TCP | OasisConfig.properties | Basic Orchestrator to Orchestrator Communication |
| Non-Domain Orchestrator | Any | Domain Orchestrator | 443 | TCP | OasisConfig.properties |
Secure Orchestrator to Orchestrator Communication |
| Orchestrator | Any | Orchestrator | 1090 | TCP | OasisConfig.properties | JBoss Reporting port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 1098 | TCP | OasisConfig.properties | JBoss RMI port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 1099 | TCP | OasisConfig.properties | JBoss JNDI port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 1100 | TCP | OasisConfig.properties | JBoss: HA_Java Naming and Directory Interface is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 1101 | TCP | OasisConfig.properties | JBoss: HA_Java Remote Method Invocation is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 1102 | UDP | OasisConfig.properties | JBoss: JNDI Autodiscovery service is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 3873 | TCP | OasisConfig.properties | JBoss: EJB3 Remoting Connector is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 4444 | TCP | OasisConfig.properties | JBoss RMI Server port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 4445 | TCP | OasisConfig.properties | JBoss Pooled Invoker port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 4446 | TCP | OasisConfig.properties | JBoss HA Pooled Invoker port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 4447 | TCP | OasisConfig.properties | JBoss HA-RMI Server port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 4448 | TCP | OasisConfig.properties | JBoss HA Pooled Invoker port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 4457 | TCP | OasisConfig.properties | JBoss Messaging port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 4712 | TCP | OasisConfig.properties | JBoss Transaction Status Recovery Manager port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 4713 | TCP | OasisConfig.properties | JBoss Transaction Status Manager port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 7600 | TCP | OasisConfig.properties | JBoss clustering port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 7900 | TCP | OasisConfig.properties | JBoss clustering port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 7901 | TCP | OasisConfig.properties | JBoss clustering port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 8083 | TCP | OasisConfig.properties | JBoss RMI Webservice port is used only between Orchestrators |
| Orchestrator | Any | Orchestrator | 61618 | TCP | OasisConfig.properties | ActiveMQ messaging subsystem |
CA Process Automation uses JBoss 5.1, which listens on a random set of dynamic ports in the range (49152-65535). The dynamic ports are required for various features, including cluster node communication. Consider that CA Process Automation cannot communicate on these ports. Then, functionality may be severely limited (for example, processes may become stuck).
We recommend that nothing should be placed between cluster nodes that could block communication. Consider that a firewall is required. Then, we recommend that you open all TCP ports in both directions between the cluster nodes for the java.exe process. Here, the java.exe process should be associated with CA Process Automation.
Communications to a Clustered Orchestrator from another Component
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Load Balancer | Any | Orchestrator | 8080 | HTTP | Oasisconfig.properties | Load Balancer talks to Orchestrator on this port. |
| Load Balancer | Any | Orchestrator | 8443 | HTTPS | Oasisconfig.properties | Load Balancer talks to secure Orchestrators on this port. |
| Load Balancer | Any | Orchestrator | 7000 | HTTP | node0-config.xml | CA Process Automation Catalyst REST API port |
| Load Balancer | Any | Orchestrator | 7443 | HTTPS | node0-config.xml | CA Process Automation Catalyst REST API secure port |
| Load Balancer | Any | Orchestrator | 8009 | TCP/AJP | OasisConfig.properties |
Load Balancer - AJP connector port between Load Balancer and Orchestrator. This port does not apply to NGINX. |
| Agent | Any | Orchestrator | 8080 | HTTP | OasisConfig.properties | Deprecated communications only |
| Agent | Any | Orchestrator | 8443 | HTTPS | OasisConfig.properties | Deprecated communications only |
| Agent | Any | Orchestrator | 7001 | HTTP/HTTPS | OasisConfig.properties | Deprecated port |
Communications to a Non-Clustered Orchestrator from another Component
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Orchestrator | Any | Agent | 80 | HTTP | Jetty | web-socket connection that is established by agents |
| Orchestrator | Any |
Orchestrator |
443 | HTTPS | Jetty | web-socket connection that is established by orchestrator |
| Agent | Any | Orchestrator | 8080 | HTTP | Oasisconfig.properties | Deprecated communications only |
| Agent | Any | Orchestrator | 8443 | HTTPS | Oasisconfig.properties | Deprecated communications only |
| Agent | Any | Orchestrator | 80 | HTTP | Oasisconfig.properties | Basic Server Port |
| Agent | Any | Orchestrator | 443 | HTTPS | Oasisconfig.properties | Secure Server Port |
| Agent | Any | Orchestrator | 7001 | HTTP/HTTPS | OasisConfig.properties | Deprecated port |
|
Web Browser |
Any | Orchestrator | 8080 | HTTP | OasisConfig.properties | Browser talks to Orchestrator on this port with basic communication |
|
Web Browser |
Any | Orchestrator | 8443 | HTTPS | OasisConfig.properties | Browser talks to secure Orchestrators on this port |
| Web Services (SOAP) client |
Any | Orchestrator | 8080 | HTTP | OasisConfig.properties | Orchestrator SOAP API server |
| Web Services (SOAP) client |
Any | Orchestrator | 8443 | HTTPS | OasisConfig.properties | Orchestrator SOAP API server (secure) |
Ports Used by Orchestrator for web-socket Communication
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Domain Orchestrator | Any | Agent | 443 | HTTPS | Jetty | web-socket connection that is established by agents |
| Domain Orchestrator | Any | Agent | 80 | HTTP | Jetty | web-socket connection that is established by agents |
| Clustered Node | Any | Agent | 443 | HTTPS | Jetty | web-socket connection that is established by agents |
| Clustered Node | Any | Agent | 80 | HTTP | Jetty | web-socket connection that is established by agents |
| Additional Orchestrator | Any | Agent | 443 | HTTPS | Jetty | web-socket connection that is established by agents |
| Additional Orchestrator | Any | Agent | 80 | HTTP | Jetty | web-socket connection that is established by agents |
Ports Used by an Agent
The following tables provide an overview of the ports that are used for communications from and to a CA Process Automation agent.
Communications from an Agent
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Agent | Any | Orchestrator | 8080 | HTTP | Oasisconfig.properties | Deprecated communications only |
| Agent | Any | Orchestrator | 8443 | HTTPS | Oasisconfig.properties | Deprecated communications only |
| Agent | Any | Load Balancer | 80 | HTTP |
Apache: httpd.conf NGINX: pam-server.conf F5: iRules Config |
Load Balancer port for basic communication |
| Agent | Any | Load Balancer | 443 | HTTPS |
Apache: httpd-ssl.conf NGINX: secure-pam-server.conf F5: iRules Config |
Load Balancer port for secure communication |
| Agent | Any | Orchestrator | 7001 | HTTP/HTTPS | OasisConfig.properties | Deprecated Server Port |
|
Agent |
Any | Orchestrator | 80 | HTTP | OasisConfig.properties | Basic Server Port |
|
Agent |
Any | Orchestrator | 443 | HTTPS | OasisConfig.properties | Secure Server Port |
| Agent | Any | Target Remote Host | 22 | TCP | Standard SSH port | Used for SSH communication with a proxy touchpoint or host group |
Communications to an Agent
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Orchestrator | Any | Agent | 7003 | HTTP/HTTPS | Agent Installation script | Agent formerly listened on this deprecated port for communication with Orchestrators |
Ports Used by Database Servers
The following table provides an overview of the ports that are used for communications to a Database server.
Communications to a Database Server
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
| Orchestrator | Any |
Microsoft SQL Database Server |
1433 | TCP | Microsoft SQL Configured |
You can change the database port in the database server installation. Default Value: 1433 |
| Orchestrator | Any |
MySQL Database Server |
3306 | TCP | MySQL Configured |
You can change the database port in the database server installation. Default Value: 3306 |
| Orchestrator | Any |
Oracle Database Server |
1521 | TCP |
Oracle Configured Listener |
You can change the database port during Create Listener; 1521 is the default value for the Oracle Listener port. The database instance can be associated with a different listener. Refer the Oracle Configuration. |
Ports Used by web clients
The following tables provide an overview of the ports that are used for communications from the web clients.
Communications from web clients
| From | Port | To | Default Listening Port | Protocol | Configuration | Description |
|---|---|---|---|---|---|---|
|
Web Browser |
Any | CA EEM | 5250 | TCP | CA EEM configuration | Web Browser accessing the CA EEM UI |
| Web Browser ( CA Process Automation Web UI user) |
Any | Load Balancer | 80 | TCP |
Apache: httpd.conf NGINX: pam-server.conf F5: iRules Config |
Load Balancer port for basic communication |
| Web Browser ( CA Process Automation Web UI user) |
Any | Load Balancer | 443 | TCP |
Apache: httpd.conf NGINX: secure-pam-server.conf F5: iRules |
Load Balancer port for secure communication |
| Web Services (SOAP) client |
Any | Load Balancer | 80 | TCP |
Apache: httpd.conf NGINX: pam-server.conf F5: iRules Config |
Load Balancer port for basic communication |
| Web Services (SOAP) client |
Any | Load Balancer | 443 | TCP |
Apache: httpd.conf NGINX: secure-pam-server.conf F5: iRules |
Load Balancer port for secure communication |
|
Catalyst REST client |
Any | Load Balancer | 7000 | HTTP |
Apache: httpd-proxy.conf NGINX: pam-rest.conf F5: iRules config |
CA Process Automation Catalyst container port |
|
Catalyst REST client |
Any | Load Balancer | 7443 | HTTPS |
Apache: httpd-proxy.conf NGINX: pam-rest.conf F5: iRules config |
CA Process Automation Catalyst container secure port |
| Web Browser (CA Process Automation Web UI user) |
Any | Orchestrator | 8080 | HTTP | OasisConfig.properties | Browsers talk to Orchestrator on this port with basic communication |
| Web Browser (CA Process Automation Web UI user) |
Any | Orchestrator | 8443 | HTTPS | OasisConfig.properties | Browsers talk to secure Orchestrator on this port |
Feedback
