What ports does CAPM use?

Document ID : KB000017223
Last Modified Date : 18/09/2018
Show Technical Document Details
Question:

What ports do I need to open for CAPM in my environment?

Environment:
CAPM - all versions
Answer:

Firewall and Connectivity Considerations

For CA Performance Management to work properly in a firewall-protected environment, certain ports must be open.
Open the following ports to allow CA Performance Management communications to function properly. For more information, see Prepare to Install Performance Center.
Note:  Throughout the documentation 8182, 8382, 8582, 61617, 61619, 61621, and 61623 appear as suggested port numbers for secured communications. In the instances where these ports appear, you are free to use any value you want as long as no other processes are using it.
For more information about individual data sources, see the appropriate product documentation.
 
FromToPort [Function]
Performance Center servicesPerformance Center
  • TCP 3306
    Enables communications to the MySQL database (inbound) from the Performance Center services.
  • TCP/HTTP 8481
    Enables communications between the Device Manager and Console services.
  • TCP/HTTPS 8182
    This port is the default port for Performance Center if configured using the HTTPS documentation. For more information, see Configure the Port and Website for HTTPS.
User client computersPerformance Center

If you put the application behind a firewall, and you want customers to access only the user interface, open the following ports to the world:

  • TCP/HTTP 8181
    Enables communications between client computers and the Performance Center server.
  • TCP/HTTP 8381
    Enables communications between client computers and the Performance Center server. Also enables login using the single sign-on authentication component.

For secured communications, use the following ports instead of 8181 and 8381:

User client computersData Aggregator
  • TCP/HTTP 8581
    Allows for OpenAPI access.
    Note: Opening this port exposes the rest of the Data Aggregator services.
  • TCP/HTTPS 8582
    Allows for secure OpenAPI access.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
User client computersProxy Server
  • TCP/HTTP 8581
    Allows for OpenAPI access in a fault tolerant environment.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
  • TCP/HTTP 8581
    Allows for secure OpenAPI access in a fault tolerant environment.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
Proxy ServerData Aggregator
  • TCP/HTTP 8581
    Allows for OpenAPI access in a fault tolerant environment.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
  • TCP/HTTP 8581
    Allows for secure OpenAPI access in a fault tolerant environment.
    Note: Opening this port exposes the Data Aggregator REST services. Open only for clients that require direct access to the Data Aggregator services for administrative and automation purposes.
Data AggregatorPerformance Center
  • TCP/HTTP 8281
    Enables communications between the Event Manager, which is installed automatically with the Performance Center software, and the Data Aggregator. The Data Aggregator initiates communication and pushes data through this port.
  • TCP/HTTP 8381
    Enables communication between the Data Aggregator and Performance Center for direct authentication of OpenAPI queries.

For secured communications, use the following ports:

  • TCP/HTTPS 8382
    If Performance Center is configured to use HTTPS, this port enables secured communication between the Data Aggregator and Performance Center for direct authentication of OpenAPI queries.For more information, see Configure the Port and Website for HTTPS.
Performance CenterData Aggregator
  • TCP/HTTP 8581
    Enables synchronization with CA Performance Management for the Data Aggregator. Performance Center initiates communication and pulls data through this port.

For secured communications, use the following ports:

  • TCP/HTTPS 8582
    If the Data Aggregator is configured to use HTTPS, this port enables secured synchronization with CA Performance Management for the Data Aggregator. Performance Center initiates communication and pulls data through this port. For more information, see Configure the Port and Website for HTTPS.
Performance CenterProxy Server
  • TCP/HTTP 8581
    In a fault tolerant environment, enables synchronization with CA Performance Management for the Data Aggregator. Performance Center initiates communication and pulls data through this port.

For secured communications, use the following ports:

  • TCP/HTTPS 8582
    If the Data Aggregator is configured to use HTTPS, this port enables secured synchronization with CA Performance Management for the Data Aggregator in a fault tolerant environment. Performance Center initiates communication and pulls data through this port. For more information, see Configure the Port and Website for HTTPS.
Performance Center

CA Network Flow Analysis

  • TCP/HTTP 80 
    Enables synchronization with CA Network Flow Analysis to retrieve configuration data.
  • TCP/HTTP 8681
    Enables synchronization with CA Network Flow Analysis to retrieve device data.

CA Network Flow Analysis

Performance Center

  • TCP/HTTP 8281
    Sends events from CA Network Flow Analysis to Performance Center.
Performance Center

CA Application Delivery Analysis

  • TCP/HTTP 80 
    Enables synchronization with CA Application Delivery Analysis to retrieve configuration data.
  • TCP/HTTP 8681
    Enables synchronization with CA Application Delivery Analysis to retrieve device data.

CA Application Delivery Analysis

Performance Center

  • TCP/HTTP 8281
    Sends events from CA Application Delivery Analysis to Performance Center.
Performance CenterCA Business Intelligence
  • TCP/HTTP 8181
    Enables communications between CA Business Intelligence and the Performance Center server.

For secured communications, use the following port instead of 8181:

Data CollectorData Aggregator
  • TCP 8581
    Enables the simplified upgrade for Data Collectors. For more information, see Upgrade the Data Collectors.
  • TCP/AMQ 61616
    Enables only ActiveMQ traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61618
    Enables poll response delivery traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61620
    Enables distributed IREP traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61622
    Enables large data transfers between the Data Collector and Data Aggregator.
    This port also enables the simplified upgrade for Data Collectors. For more information, see Upgrade the Data Collectors.

For secured communications, use the following ports instead of 61616, 61618, 61620, 61622:

Note: The following ports are the default ports for Secure ActiveMQ communication if configured using the AMQ SSL documentation. For more information, see Authenticate and Encrypt ActiveMQ Communication.

  • TCP/AMQ SSL 61617
    Enables only ActiveMQ secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61619
    Enables poll response delivery secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61621
    Enables distributed IREP secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61623
    Enables secured large data transfers between the Data Collector and Data Aggregator.
Data CollectorsDevices
  • UDP 161
    Enables SNMP and ICMP connections to devices.

Note: To enable ping during discovery and reachability checks, ICMP must be enabled on the devices and the network.

Data AggregatorData Repository
  • TCP/UDP 5433
    Enables communication between the Data Aggregator and the Data Repository for Java Database Connectivity.
Data RepositoryData Repository
  • TCP/SSH 22
    Enables Vertica administration tools and backup to run between nodes.
  • TCP/UDP 4803
    Enables spread communication between nodes.
  • TCP/UDP 5433
    Enables communication between the Data Aggregator and the Data Repository for Java Database Connectivity.

Open the following ports for the Vertica database:

  • UDP 4804
  • TCP 5434
  • UDP 6543
Data RepositoryBackup Hosts
  • TCP 50000
    Enables the Data Repository host to access the custom rsync/ssh on the backup hosts.
Data RepositoryDisaster Recovery Hosts
  • TCP 50000
    Enables the Data Repository host to access the custom rsync/ssh on the disaster recovery hosts.

CA Spectrum

Performance Center
  • TCP 8281
    For event integration, enables the CA Spectrum OneClick server to communicate to the Performance Center host.
  • TCP 8481
    Enables the CA Spectrum OneClick server to communicate to the Device Manager.
Performance CenterLDAP
  • TCP 389
    Enables Clear Text communication from the client to the LDAP server.
  • TCP 3268
    If you are using the global catalog for searches, enables communication from the client to the LDAP server.
Performance CenterLDAPS
  • TCP 636
    Enables encrypted and secure communication from the client to the Secure LDAP server.
  • TCP 3269
    If you are using the global catalog for searches, enables communication from the client to the Secure LDAP server.
Consul Servers (the proxy server, active Data Aggregator, inactive Data Aggregator)Consul Servers (the proxy server, active Data Aggregator, inactive Data Aggregator)
  • TCP 8300
    In a fault tolerant environment, enables communication between the proxy server and the Data Aggregators.
  • TCP/UDP 8301
    In a fault tolerant environment, enables LAN communication between the proxy server and the Data Aggregators.
  • TCP 8500
    In a fault tolerant environment, enables communication between the proxy server and the Data Aggregators to the HTTP API.
Additional Information:

https://docops.ca.com/ca-performance-management/3-6/en/installing/review-installation-requirements-and-considerations#ReviewInstallationRequirementsandConsiderations-FirewallandConnectivityConsiderations