What ports does CAPM use?

book

Article ID: 17223

calendar_today

Updated On:

Products

CA Infrastructure Management CA Infrastructure Management CA Performance Management - Usage and Administration

Issue/Introduction



What ports do I need to open for CAPM in my environment?

Environment

CAPM - all versions

Resolution

Firewall and Connectivity Considerations



For CA Performance Management to work properly in a firewall-protected environment, certain ports must be open.



Open the following ports to allow CA Performance Management communications to function properly. For more information, see Prepare to Install Performance Center.



Note:  Throughout the documentation 8182, 8382, 8582, 61617, 61619, 61621, and 61623 appear as suggested port numbers for secured communications. In the instances where these ports appear, you are free to use any value you want as long as no other processes are using it.



For more information about individual data sources, see the appropriate product documentation.
 
From To Port [Function]
Performance Center services Performance Center
  • TCP 3306
    Enables communications to the MySQL database (inbound) from the Performance Center services.
  • TCP/HTTP 8481
    Enables communications between the Device Manager and Console services.
  • TCP/HTTPS 8182
    This port is the default port for Performance Center if configured using the HTTPS documentation. For more information, see Configure the Port and Website for HTTPS.
User client computers Performance Center

If you put the application behind a firewall, and you want customers to access only the user interface, open the following ports to the world:



  • TCP/HTTP 8181
    Enables communications between client computers and the Performance Center server.
  • TCP/HTTP 8381
    Enables communications between client computers and the Performance Center server. Also enables login using the single sign-on authentication component.


For secured communications, use the following ports instead of 8181 and 8381:



User client computers Data Aggregator
  • TCP/HTTP 8581
    Allows for OpenAPI access.
    Note: Opening this port exposes the rest of the Data Aggregator services.
  • TCP/HTTPS 8582
    Allows for secure OpenAPI access.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
User client computers Proxy Server
  • TCP/HTTP 8581
    Allows for OpenAPI access in a fault tolerant environment.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
  • TCP/HTTP 8581
    Allows for secure OpenAPI access in a fault tolerant environment.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
Proxy Server Data Aggregator
  • TCP/HTTP 8581
    Allows for OpenAPI access in a fault tolerant environment.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
  • TCP/HTTP 8581
    Allows for secure OpenAPI access in a fault tolerant environment.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
Data Aggregator Performance Center
  • TCP/HTTP 8281
    Enables communications between the Event Manager, which is installed automatically with the Performance Center software, and the Data Aggregator. The Data Aggregator initiates communication and pushes data through this port.
  • TCP/HTTP 8381
    Enables communication between the Data Aggregator and Performance Center for direct authentication of OpenAPI queries.


For secured communications, use the following ports:



  • TCP/HTTPS 8382
    If Performance Center is configured to use HTTPS, this port enables secured communication between the Data Aggregator and Performance Center for direct authentication of OpenAPI queries.For more information, see Configure the Port and Website for HTTPS.
Performance Center Data Aggregator
  • TCP/HTTP 8581
    Enables synchronization with CA Performance Management for the Data Aggregator. Performance Center initiates communication and pulls data through this port.


For secured communications, use the following ports:



  • TCP/HTTPS 8582
    If the Data Aggregator is configured to use HTTPS, this port enables secured synchronization with CA Performance Management for the Data Aggregator. Performance Center initiates communication and pulls data through this port. For more information, see Configure the Port and Website for HTTPS.
Performance Center Proxy Server
  • TCP/HTTP 8581
    In a fault tolerant environment, enables synchronization with CA Performance Management for the Data Aggregator. Performance Center initiates communication and pulls data through this port.


For secured communications, use the following ports:



  • TCP/HTTPS 8582
    If the Data Aggregator is configured to use HTTPS, this port enables secured synchronization with CA Performance Management for the Data Aggregator in a fault tolerant environment. Performance Center initiates communication and pulls data through this port. For more information, see Configure the Port and Website for HTTPS.
Performance Center

CA Network Flow Analysis


  • TCP/HTTP 80 
    Enables synchronization with CA Network Flow Analysis to retrieve configuration data.
  • TCP/HTTP 8681
    Enables synchronization with CA Network Flow Analysis to retrieve device data.

CA Network Flow Analysis


Performance Center


  • TCP/HTTP 8281
    Sends events from CA Network Flow Analysis to Performance Center.
Performance Center

CA Application Delivery Analysis


  • TCP/HTTP 80 
    Enables synchronization with CA Application Delivery Analysis to retrieve configuration data.
  • TCP/HTTP 8681
    Enables synchronization with CA Application Delivery Analysis to retrieve device data.

CA Application Delivery Analysis


Performance Center


  • TCP/HTTP 8281
    Sends events from CA Application Delivery Analysis to Performance Center.
Performance Center CA Business Intelligence
  • TCP/HTTP 8181
    Enables communications between CA Business Intelligence and the Performance Center server.


For secured communications, use the following port instead of 8181:



Data Collector Data Aggregator
  • TCP 8581
    Enables the simplified upgrade for Data Collectors. For more information, see Upgrade the Data Collectors.
  • TCP/AMQ 61616
    Enables only ActiveMQ traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61618
    Enables poll response delivery traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61620
    Enables distributed IREP traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61622
    Enables large data transfers between the Data Collector and Data Aggregator.
    This port also enables the simplified upgrade for Data Collectors. For more information, see Upgrade the Data Collectors.


For secured communications, use the following ports instead of 61616, 61618, 61620, 61622:



Note: The following ports are the default ports for Secure ActiveMQ communication if configured using the AMQ SSL documentation. For more information, see Authenticate and Encrypt ActiveMQ Communication.



  • TCP/AMQ SSL 61617
    Enables only ActiveMQ secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61619
    Enables poll response delivery secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61621
    Enables distributed IREP secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61623
    Enables secured large data transfers between the Data Collector and Data Aggregator.
Data Collectors Devices
  • UDP 161
    Enables SNMP and ICMP connections to devices.


Note: To enable ping during discovery and reachability checks, ICMP must be enabled on the devices and the network.

Data Aggregator Data Repository
  • TCP/UDP 5433
    Enables communication between the Data Aggregator and the Data Repository for Java Database Connectivity.
Data Repository Data Repository
  • TCP/SSH 22
    Enables Vertica administration tools and backup to run between nodes.
  • TCP/UDP 4803
    Enables spread communication between nodes.
  • TCP/UDP 5433
    Enables communication between the Data Aggregator and the Data Repository for Java Database Connectivity.


Open the following ports for the Vertica database:



  • UDP 4804
  • TCP 5434
  • UDP 6543
Data Repository Backup Hosts
  • TCP 50000
    Enables the Data Repository host to access the custom rsync/ssh on the backup hosts.
Data Repository Disaster Recovery Hosts
  • TCP 50000
    Enables the Data Repository host to access the custom rsync/ssh on the disaster recovery hosts.

CA Spectrum

Performance Center
  • TCP 8281
    For event integration, enables the CA Spectrum OneClick server to communicate to the Performance Center host.
  • TCP 8481
    Enables the CA Spectrum OneClick server to communicate to the Device Manager.
Performance Center LDAP
  • TCP 389
    Enables Clear Text communication from the client to the LDAP server.
  • TCP 3268
    If you are using the global catalog for searches, enables communication from the client to the LDAP server.
Performance Center LDAPS
  • TCP 636
    Enables encrypted and secure communication from the client to the Secure LDAP server.
  • TCP 3269
    If you are using the global catalog for searches, enables communication from the client to the Secure LDAP server.
Consul Servers (the proxy server, active Data Aggregator, inactive Data Aggregator) Consul Servers (the proxy server, active Data Aggregator, inactive Data Aggregator)
  • TCP 8300
    In a fault tolerant environment, enables communication between the proxy server and the Data Aggregators.
  • TCP/UDP 8301
    In a fault tolerant environment, enables LAN communication between the proxy server and the Data Aggregators.
  • TCP 8500
    In a fault tolerant environment, enables communication between the proxy server and the Data Aggregators to the HTTP API.

Additional Information

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-6/review-installation-requirements-and-considerations0.html#concept.dita_669f11a1a7b734ff07869f266794dc77910ebbf3_FirewallandConnectivityConsiderations