What Ports does CA Process Automation and its components use?

Document ID : KB000011554
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

What Ports are used by Process Automation and its components?

Answer:

This Document is composed of tables that describe in detail the port usage of the various CA Process Automation components. These tables apply to Process Automation version 4.2 SP2 and 4.3.  The list is comprehensive and contain duplication in order to provide a complete picture for each component.

 

 

Ports Used by CA EEM

The following tables provide an overview of the ports that are used for communications from and to CA Embedded Entitlements Manager (CA EEM).

 

Communications from CA EEM

FromPortToDefault Listening PortProtocolConfigurationDescription
CA EEMAnyCA EEM509TCPCA EEM ConfigurationUsed by CA EEM iTechPoz when CA EEM is configured as an HA cluster.
CA EEMAnyCA EEM1684TCPCA EEM ConfigurationUsed by CA EEM iTechPoz Router when CA EEM is configured as an HA cluster (CA EEM 8.4 only)
CA EEMAnyCA EEM5250TCPCA EEM ConfigurationUsed by CA EEM iGateway when CA EEM is configured as an HA cluster.

 

 

Communications to CA EEM

FromPortToDefault Listening PortProtocolConfigurationDescription
CA EEMAnyCA EEM509TCPCA EEM ConfigurationUsed by CA EEM iTechPoz when CA EEM is configured as an HA cluster.
CA EEMAnyCA EEM1684TCPCA EEM ConfigurationUsed by CA EEM iTechPoz Router when CA EEM is configured as an HA cluster (CA EEM 8.4 only)
CA EEMAnyCA EEM5250TCPCA EEM ConfigurationUsed by CA EEM iGateway when CA EEM is configured as an HA cluster.
OrchestratorAnyCA EEM5250TCPCA EEM ConfigurationUsed to validate credentials and permissions (authentication and authorization).
Web Browser (CA EEM Administrator)AnyCA EEM5250TCPCA EEM ConfigurationWeb Browser accessing the CA EEM UI

 

Ports Used by the Load Balancer

The following tables provide an overview of the ports that are used for communications from and to the configured load balancer. Supported load balancers include NGINX, Apache, and F5.

 

 

Communications from the Load Balancer

FromPortToDefault Listening PortProtocolConfigurationDescription
Load BalancerAnyOrchestrator80HTTPOasisconfig.propertiesLoad Balancer talks to Orchestrator on this port.
Load BalancerAnyOrchestrator443HTTPSOasisconfig.propertiesLoad Balancer talks to secure Orchestrators on this port.
Load BalancerAnyOrchestrator8080HTTPOasisconfig.propertiesLoad Balancer talks to Orchestrator on this port.
Load BalancerAnyOrchestrator8443HTTPSOasisconfig.propertiesLoad Balancer talks to secure Orchestrator on this port.
Load BalancerAnyOrchestrator8009TCP/AJPOasisconfig.properties

Load Balancer - AJP connector port between Load Balancer and Orchestrator.

This port does not apply to NGINX.

Load BalancerAnyOrchestrator7000HTTPnode0-config.xmlCA Process Automation Catalyst REST API port
Load BalancerAnyOrchestrator7443HTTPnode0-config.xmlCA Process Automation Catalyst REST API secure port

 

 

Communications to the Load Balancer

FromPortToDefault Listening PortProtocolConfigurationDescription
Catalyst REST clientAnyLoad Balancer7000HTTP

Apache: httpd-proxy.conf

NGINX: pam-rest.conf

F5: iRules config

CA Process Automation Catalyst container port
Catalyst REST clientAnyLoad Balancer7443HTTPS

Apache: httpd-proxy.conf

NGINX: pam-rest.conf

F5: iRules config

CA Process Automation Catalyst container secure port
AgentAnyLoad Balancer80HTTP

Apache: httpd.conf

NGINX: pam-server.conf

F5: iRules Config

Load Balancer port for basic communication
AgentAnyLoad Balancer443HTTPS

Apache: httpd-ssl.conf

NGINX: secure-pam-server.conf

F5: iRules config

Load Balancer port for secure communication

Web Browser
(CA Process Automation Web UI user)

AnyLoad Balancer80TCP

Apache: httpd.conf

NGINX: pam-server.conf

F5: iRules Config

Load Balancer port for basic communication

Web Browser
(CA Process Automation Web UI user)

AnyLoad Balancer443TCP

Apache: httpd.conf

NGINX: secure-pam-server.conf

F5: iRules

Load Balancer port for secure communication
Web Services (SOAP) ClientAnyLoad Balancer80TCP

Apache: httpd.conf

NGINX: pam-server.conf

F5: iRules Config

Load Balancer port for basic communication
Web Services (SOAP) ClientAnyLoad Balancer443TCP

Apache: httpd.conf

NGINX: secure-pam-server.conf

F5: iRules

Load Balancer port for secure communication

 

 

Ports Used by an Orchestrator

The following tables provide an overview of the ports that are used for communications, specifically:

  • Communication from an Orchestrator to another component in a CA Process Automation system
  • Communication between Orchestrators
  • Communication to an Orchestrator from another component in a CA Process Automation system

 

 

Communications from an Orchestrator to another Orchestrator

FromPortToDefault Listening PortProtocolConfigurationDescription
OrchestratorAnyCA EEM5250TCPCA EEM ConfigurationUsed to validate credentials and permissions (authentication and authorization)
OrchestratorAnyAgent7003HTTP/HTTPSSpecified during the agent installation or re-installationDeprecated
Agent listens on this deprecated port when using the old mode of communication with Orchestrators
OrchestratorAny

Microsoft

SQL

Database Server

1433TCPMicrosoft SQL ConfiguredThe database port can be changed in the database server installation.
Default Value: 1433
OrchestratorAnyMySQL Database Server3306TCPMySQL ConfiguredThe database port can be changed in the database server installation.
Default Value: 3306
OrchestratorAnyOracle Database Server1521TCPOracle Configured

The database port can be changed during Create Listener; 1521 is the default value for the Oracle Listener port. The database instance can be associated with a different listener. Refer the Oracle Configuration.

 

Communications between Domain Orchestrator and Non-Domain Orchestrator

FromPortToDefault Listening PortProtocolConfigurationDescription
OrchestratorAnyNon-Domain Orchestrator7001HTTP/HTTPSOasisConfig.propertiesPorts that are used for communication between Orchestrators
Non-Domain OrchestratorAnyDomain Orchestrator8080TCPOasisConfig.propertiesBasic Orchestrator to Orchestrator Communication
Non-Domain OrchestratorAny

Domain Orchestrator

8443TCPOasisConfig.propertiesSecure Orchestrator to Orchestrator Communication
Non-Domain OrchestratorAnyDomain Orchestrator80TCPOasisConfig.propertiesBasic Orchestrator to Orchestrator Communication
Non-Domain OrchestratorAnyDomain Orchestrator443TCPOasisConfig.properties

Secure Orchestrator to Orchestrator Communication

OrchestratorAnyOrchestrator1090TCPOasisConfig.propertiesJBoss Reporting port is used only between Orchestrators
OrchestratorAnyOrchestrator1098TCPOasisConfig.propertiesJBoss RMI port is used only between Orchestrators
OrchestratorAnyOrchestrator1099TCPOasisConfig.propertiesJBoss JNDI port is used only between Orchestrators
OrchestratorAnyOrchestrator1100TCPOasisConfig.propertiesJBoss: HA_Java Naming and Directory Interface is used only between Orchestrators
OrchestratorAnyOrchestrator1101TCPOasisConfig.propertiesJBoss: HA_Java Remote Method Invocation is used only between Orchestrators
OrchestratorAnyOrchestrator1102UDPOasisConfig.propertiesJBoss: JNDI Autodiscovery service is used only between Orchestrators
OrchestratorAnyOrchestrator3873TCPOasisConfig.propertiesJBoss: EJB3 Remoting Connector is used only between Orchestrators
OrchestratorAnyOrchestrator4444TCPOasisConfig.propertiesJBoss RMI Server port is used only between Orchestrators
OrchestratorAnyOrchestrator4445TCPOasisConfig.propertiesJBoss Pooled Invoker port is used only between Orchestrators
OrchestratorAnyOrchestrator4446TCPOasisConfig.propertiesJBoss HA Pooled Invoker port is used only between Orchestrators
OrchestratorAnyOrchestrator4447TCPOasisConfig.propertiesJBoss HA-RMI Server port is used only between Orchestrators
OrchestratorAnyOrchestrator4448TCPOasisConfig.propertiesJBoss HA Pooled Invoker port is used only between Orchestrators
OrchestratorAnyOrchestrator4457TCPOasisConfig.propertiesJBoss Messaging port is used only between Orchestrators
OrchestratorAnyOrchestrator4712TCPOasisConfig.propertiesJBoss Transaction Status Recovery Manager port is used only between Orchestrators
OrchestratorAnyOrchestrator4713TCPOasisConfig.propertiesJBoss Transaction Status Manager port is used only between Orchestrators
OrchestratorAnyOrchestrator7600TCPOasisConfig.propertiesJBoss clustering port is used only between Orchestrators
OrchestratorAnyOrchestrator7900TCPOasisConfig.propertiesJBoss clustering port is used only between Orchestrators
OrchestratorAnyOrchestrator7901TCPOasisConfig.propertiesJBoss clustering port is used only between Orchestrators
OrchestratorAnyOrchestrator8083TCPOasisConfig.propertiesJBoss RMI Webservice port is used only between Orchestrators
OrchestratorAnyOrchestrator61618TCPOasisConfig.propertiesActiveMQ messaging subsystem

CA Process Automation uses JBoss 5.1, which listens on a random set of dynamic ports in the range (49152-65535). The dynamic ports are required for various features, including cluster node communication. Consider that CA Process Automation cannot communicate on these ports. Then, functionality may be severely limited (for example, processes may become stuck).

We recommend that nothing should be placed between cluster nodes that could block communication. Consider that a firewall is required. Then, we recommend that you open all TCP ports in both directions between the cluster nodes for the java.exe process. Here, the java.exe process should be associated with CA Process Automation.

 

 

 

Communications to a Clustered Orchestrator from another Component

FromPortToDefault Listening PortProtocolConfigurationDescription
Load BalancerAnyOrchestrator8080HTTPOasisconfig.propertiesLoad Balancer talks to Orchestrator on this port.
Load BalancerAnyOrchestrator8443HTTPSOasisconfig.propertiesLoad Balancer talks to secure Orchestrators on this port.
Load BalancerAnyOrchestrator7000HTTPnode0-config.xmlCA Process Automation Catalyst REST API port
Load BalancerAnyOrchestrator7443HTTPSnode0-config.xmlCA Process Automation Catalyst REST API secure port
Load BalancerAnyOrchestrator8009TCP/AJPOasisConfig.properties

Load Balancer - AJP connector port between Load Balancer and Orchestrator. This port does not apply to NGINX.

AgentAnyOrchestrator8080HTTPOasisConfig.propertiesDeprecated communications only
AgentAnyOrchestrator8443HTTPSOasisConfig.propertiesDeprecated communications only
AgentAnyOrchestrator7001HTTP/HTTPSOasisConfig.propertiesDeprecated port

 

 

 

Communications to a Non-Clustered Orchestrator from another Component

FromPortToDefault Listening PortProtocolConfigurationDescription
OrchestratorAnyAgent80HTTPJettyweb-socket connection that is established by agents
OrchestratorAny

Orchestrator

443HTTPSJettyweb-socket connection that is established by orchestrator
AgentAnyOrchestrator8080HTTPOasisconfig.propertiesDeprecated communications only
AgentAnyOrchestrator8443HTTPSOasisconfig.propertiesDeprecated communications only
AgentAnyOrchestrator80HTTPOasisconfig.propertiesBasic Server Port
AgentAnyOrchestrator443HTTPSOasisconfig.propertiesSecure Server Port
AgentAnyOrchestrator7001HTTP/HTTPSOasisConfig.propertiesDeprecated port

Web Browser
(CA Process Automation web UI user)

AnyOrchestrator8080HTTPOasisConfig.propertiesBrowser talks to Orchestrator on this port with basic communication

Web Browser
( CA Process Automation web UI user)

AnyOrchestrator8443HTTPSOasisConfig.propertiesBrowser talks to secure Orchestrators on this port
Web Services
(SOAP) client 
AnyOrchestrator8080HTTPOasisConfig.propertiesOrchestrator SOAP API server
Web Services
(SOAP) client 
AnyOrchestrator8443HTTPSOasisConfig.propertiesOrchestrator SOAP API server (secure)

 


Ports Used by Orchestrator for web-socket Communication

FromPortToDefault Listening PortProtocolConfigurationDescription
Domain OrchestratorAnyAgent443HTTPSJettyweb-socket connection that is established by agents
Domain OrchestratorAnyAgent80HTTPJettyweb-socket connection that is established by agents
Clustered NodeAnyAgent443HTTPSJettyweb-socket connection that is established by agents
Clustered NodeAnyAgent80HTTPJettyweb-socket connection that is established by agents
Additional OrchestratorAnyAgent443HTTPSJettyweb-socket connection that is established by agents
Additional OrchestratorAnyAgent80HTTPJettyweb-socket connection that is established by agents

 


Ports Used by an Agent

The following tables provide an overview of the ports that are used for communications from and to a CA Process Automation agent.

 

Communications from an Agent

FromPortToDefault Listening PortProtocolConfigurationDescription
AgentAnyOrchestrator8080HTTPOasisconfig.propertiesDeprecated communications only
AgentAnyOrchestrator8443HTTPSOasisconfig.propertiesDeprecated communications only
AgentAnyLoad Balancer80HTTP

Apache: httpd.conf

NGINX: pam-server.conf

F5: iRules Config

Load Balancer port for basic communication
AgentAnyLoad Balancer443HTTPS

Apache: httpd-ssl.conf

NGINX: secure-pam-server.conf

F5: iRules Config

Load Balancer port for secure communication
AgentAnyOrchestrator7001HTTP/HTTPSOasisConfig.propertiesDeprecated Server Port

Agent

AnyOrchestrator80HTTPOasisConfig.propertiesBasic Server Port

Agent

AnyOrchestrator443HTTPSOasisConfig.propertiesSecure Server Port
AgentAnyTarget Remote Host22TCPStandard SSH portUsed for SSH communication with a proxy touchpoint or host group

 

 

Communications to an Agent

FromPortToDefault Listening PortProtocolConfigurationDescription
OrchestratorAnyAgent7003HTTP/HTTPSAgent Installation scriptAgent formerly listened on this deprecated port for communication with Orchestrators

 

 

Ports Used by Database Servers

The following table provides an overview of the ports that are used for communications to a Database server.

Communications to a Database Server

FromPortToDefault Listening PortProtocolConfigurationDescription
OrchestratorAny

Microsoft

SQL

Database Server

1433TCPMicrosoft SQL Configured

You can change the database port in the database server installation.

Default Value: 1433

OrchestratorAny

MySQL

Database Server

3306TCPMySQL Configured

You can change the database port in the database server installation.

Default Value: 3306

OrchestratorAny

Oracle

Database Server

1521TCP

Oracle Configured Listener

You can change the database port during Create Listener; 1521 is the default value for the Oracle Listener port. The database instance can be associated with a different listener. Refer the Oracle Configuration.

 

 

Ports Used by web clients

The following tables provide an overview of the ports that are used for communications from the web clients.

Communications from web clients

FromPortToDefault Listening PortProtocolConfigurationDescription

Web Browser
(CA EEM Administrator) 

AnyCA EEM5250TCPCA EEM configurationWeb Browser accessing the CA EEM UI
Web Browser
( CA Process Automation
Web UI user)
AnyLoad Balancer80TCP

Apache: httpd.conf

NGINX: pam-server.conf

F5: iRules Config

Load Balancer port for basic communication
Web Browser
( CA Process Automation
Web UI user)
AnyLoad Balancer443TCP

Apache: httpd.conf

NGINX: secure-pam-server.conf

F5: iRules

Load Balancer port for secure communication
Web Services
(SOAP) client 
AnyLoad Balancer80TCP

Apache: httpd.conf

NGINX: pam-server.conf

F5: iRules Config

Load Balancer port for basic communication
Web Services
(SOAP) client 
AnyLoad Balancer443TCP

Apache: httpd.conf

NGINX: secure-pam-server.conf

F5: iRules

Load Balancer port for secure communication

Catalyst REST client

AnyLoad Balancer7000HTTP

Apache: httpd-proxy.conf

NGINX: pam-rest.conf

F5: iRules config

CA Process Automation Catalyst container port

Catalyst REST client

AnyLoad Balancer7443HTTPS

Apache: httpd-proxy.conf

NGINX: pam-rest.conf

F5: iRules config

CA Process Automation Catalyst container secure port
Web Browser
(CA Process Automation
Web UI user)
AnyOrchestrator8080HTTPOasisConfig.propertiesBrowsers talk to Orchestrator on this port with basic communication
Web Browser
(CA Process Automation
Web UI user)
AnyOrchestrator8443HTTPSOasisConfig.propertiesBrowsers talk to secure Orchestrator on this port