Why does the Data Collector service run on a port not listed in the documentation

Document ID : KB000113022
Last Modified Date : 04/09/2018
Show Technical Document Details
Introduction:
When running a process listing, the Data Collector Java process shows a port that is not listed in the documentation as the one it is using. 

This was noticed during a security assessment of the environment. 
Question:
Why does the Data Collector service run on a port not listed in the documentation? 
Environment:
All supported CA Performance Management releases 
Answer:
  • The DC uses that UDP port to receive poll responses from devices it sends requests to.
  • The DC should only be connecting to the local AMQ service. AMQ should be connecting to the DA's AMQ service.
  • All DA to DC communications are via activemq per documented ports.
  • All outgoing communications for poll requests are sent to the IP:Port per device based on the port set in the SNMP Profile used by the device. Ensure those ports are not blocked in the outgoing direction.
  • All poll responses from the devices will come back to the randomly chosen UDP port set on startup. As a result it doesn't need to allow outgoing requests on the port. 
  • We don't have to allow the random port specifically, as long as whatever port initiates the outgoing request is automatically open to receive the response. 
  • There is no way to hard code or lock the dcmd service daemon port used on start up.
Additional Information:
Documented Port list for CAPM Environment 

https://docops.ca.com/ca-performance-management/3-6/en/installing/review-installation-requirements-and-considerations#ReviewInstallationRequirementsandConsiderations-FirewallandConnectivityConsiderations