• Your PEN testers found that there is unencrypted communication on (Jetty) port 58083
  
  
• This is the topology service. How can I encrypt such communication?

All supported releases of Watch4net|M&R

Port 58083 is just internal port for Web service gateway to communicate with Topology Service. However, in all-in-one deployments, where secure communication between components is not required, this could be used instead of 48443 by both TMS, or the frontend.

However, in case of distributed setup:

1). Frontend web application will communicate with Topology Service (TS) running on Primary Backend on port 48443.

2). Topology Mapping Service(TMS)service running on Collector will send data to Topology Service running on Backend Host on port 48443.

3). Document for reference:

4). Hence internal ports (58083 here) designed for IPC communication within the same host can be protected from external access by configuring firewall rules accordingly.