What ports does CAPM use?

Document ID : KB000017223
Last Modified Date : 24/07/2018
Show Technical Document Details
Question:

What ports do I need to open for CAPM in my environment?

Environment:
CAPM - all versions
Answer:

Firewall and Connectivity Considerations

For CA Performance Management to work properly in a firewall-protected environment, certain ports must be open.

Open the following ports to allow CA Performance Management communications to function properly. For more information, see Prepare to Install Performance Center.

Note: Throughout the documentation 8182, 8382, 61617, 61619, 61621, and 61623 appear as suggested port numbers for secured communications. In the instances where these ports appear, you are free to use any value you want as long as no other processes are using it.

For more information about individual data sources, see the appropriate product documentation.

From

To

Port [Function]

Performance Center services

Performance Center

  • TCP 3306
    Enables communications to the MySQL database (inbound) from the Performance Center services.
  • TCP/HTTP 8481
    Enables communications between the Device Manager and Console services.

User client computers

Performance Center

If you put the application behind a firewall, and you want customers to access only the user interface, open the following ports to the world:

  • TCP/HTTP 8181
    Enables communications between client computers and the Performance Center server.
  • TCP/HTTP 8381
    Enables communications between client computers and the Performance Center server. Also enables login using the single sign-on authentication component.

For secured communications, use the following ports instead of 8181 and 8381:

This port is the default port for Single Sign-On if configured using the HTTPS documentation. For more information, see Configure the Port and Website for HTTPS.

User client computers

Data Aggregator

  • TCP/HTTP 8581
    Allows for OpenAPI access.
    Note: Opening this port exposes the rest of the Data Aggregator services.

Data Aggregator

Performance Center

  • TCP/HTTP 8281
    Enables communications between the Event Manager, which is installed automatically with the Performance Center software, and the Data Aggregator. The Data Aggregator initiates communication and pushes data through this port.
  • TCP/HTTP 8381
    Enables communication between the Data Aggregator and Performance Center for direct authentication of OpenAPI queries.
  • TCP/HTTP 8581
    Enables synchronization with CA Performance Management for the Data Aggregator, Performance Center initiates communication and pulls data through this port.

For secured communications, use the following port instead of 8381:

Performance Center

CA Network Flow Analysis

  • TCP/HTTP 80 
    Enables synchronization with CA Network Flow Analysis to retrieve configuration data.
  • TCP/HTTP 8681
    Enables synchronization with CA Network Flow Analysis to retrieve device data.

Performance Center

CA Application Delivery Analysis

  • TCP/HTTP 80 
    Enables synchronization with CA Application Delivery Analysis to retrieve configuration data.
  • TCP/HTTP 8681
    Enables synchronization with CA Application Delivery Analysis to retrieve device data.

Performance Center

CA Business Intelligence

  • TCP/HTTP 8181
    Enables communications between CA Business Intelligence and the Performance Center server.

For secured communications, use the following port instead of 8181:

Data Collector

Data Aggregator

  • TCP 8581
    Enables the simplified upgrade for Data Collectors. For more information, see Upgrade the Data Collectors.
  • TCP/AMQ 61616
    Enables only ActiveMQ traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61618
    Enables poll response delivery traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61620
    Enables distributed IREP traffic between the Data Collector and Data Aggregator.
  • TCP/AMQ 61622
    Enables large data transfers between the Data Collector and Data Aggregator.
    This port also enables the simplified upgrade for Data Collectors. For more information, see Upgrade the Data Collectors.

For secured communications, use the following ports instead of 61616, 61618, 61620, 61622:

Note: The following ports are the default ports for Secure ActiveMQ communication if configured using the AMQ SSL documentation. For more information, see Authenticate and Encrypt ActiveMQ Communication.

  • TCP/AMQ SSL 61617
    Enables only ActiveMQ secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61619
    Enables poll response delivery secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61621
    Enables distributed IREP secured communications between the Data Collector and Data Aggregator.
  • TCP/AMQ SSL 61623
    Enables secured large data transfers between the Data Collector and Data Aggregator.

Data Collectors

Devices

  • UDP 161
    Enables SNMP connections to devices.

Data Aggregator

Data Repository

  • TCP 5433
    Enables communication between the Data Aggregator and the Data Repository for Java Database Connectivity.

Data Repository

Data Repository

  • TCP/SSH 22
    Enables Vertica administration tools and backup to run between nodes.
  • TCP/UDP 4803
    Enables spread communication between nodes.
  • TCP 5433
    Enables communication between the Data Aggregator and the Data Repository for Java Database Connectivity.

Open the following ports for the Vertica database:

  • UDP 4804
  • TCP 5434
  • TCP 6543
TCP 50000 needs to be open on any firewalls so that the Data Repository host can access the custom rsync/ssh port 50000 on the backup host.

CA Spectrum

Performance Center

  • TCP 8281
    For event integration, enables the CA Spectrum OneClick server to communicate to the Performance Center host.

Performance Center

LDAP

  • TCP 389
    Enables Clear Text communication from the client to the LDAP server.
  • TCP 3268
    If you are using the global catalog for searches, enables communication from the client to the LDAP server.

Performance Center

LDAPS

  • TCP 636
    Enables encrypted and secure communication from the client to the Secure LDAP server.
  • TCP 3269
    If you are using the global catalog for searches, enables communication from the client to the Secure LDAP server.

Consul Servers (the proxy server, active Data Aggregator, inactive Data Aggregator)

Consul Servers (the proxy server, active Data Aggregator, inactive Data Aggregator)

  • TCP 8300
    In a fault tolerant environment, enables communication between the proxy server and the Data Aggregators.
  • TCP/UDP 8301
    In a fault tolerant environment, enables LAN communication between the proxy server and the Data Aggregators.
  • TCP 8500
    In a fault tolerant environment, enables communication between the proxy server and the Data Aggregators to the HTTP API.

 

 

Additional Information: