Ports and Protocols for Symantec Management Platform 7.0

Article:DOC1892  |  Created: 2009-08-27  |  Updated: 2011-01-12  |  Article URL http://www.symantec.com/docs/DOC1892
Article Type
Documentation


Description



Introduction

Notification Server

Connection Profiles and Pluggable Protocols Architecture

Event Console

Software Management Framework

Task Server

Network Discovery

Monitor Solution

Symantec Workflow

Symantec Installation Manager

Introduction

This document provides consolidated information regarding the ports and protocols used by Symantec Management Platform (SMP) version 7.x.

Notification Server

Notification Server ports

Component Port Protocol Is this port configurable?

NS

1024-65536

Default = 52028

TCP/IP Yes

NS

1024-65536

Default = 52029

TCP/IP

Multicast

Yes

Agent

80

HTTP Yes

Package multicast port

TCP/IP port 52030 by default, but can be configured to use a different port.

Altiris Agent Installation

Notification Server uses standard MS ports to connect to the workstation from the Notification Server to copy over the bootstrap and then HTTP from the workstation to the Notification Server to download the agent.

Initial connection Notification Server to client

  • UDP 138 (NETLOGON)
  • TCP 445 (MS DS/CIFS/SMB)

Initial connection Client to Notification Server (after Service Starts)

  • TCP 80 (HTTP) client download
  • ICMP Type 8 (PING) package server speed check

Ports used by Win32 Altiris Agent after installation

HTTP Client / Server communications, such as policy updates and posting events:

The Agent establishes a connection to server port TCP 80 for HTTP and server port TCP 443 for SSL. This port is configurable by the user, however, and can be set to any free port.

Downloading packages from the Notification Server or Package Servers:

Clients can download via HTTP (see above for port assignment) or via SMB connection. SMB uses MS standard NETBIOS ports UDB (135, 137, 139), TCP (135, 139). For SMB over TCP (CIFS), port UDP & TCP 445 is required.

Wake on LAN and Power Management:

By default, this is port 52028, or 52029 for multicast. Can be configured to use a different port.

Hierarchy and Replication

Hierarchy uses the ports that individual Notification Servers have been set up and configured to use.

By default, IIS is set to use port 80. However, it can be configured to use any of the supported range port numbers, and Notification Server can use any port that has been set in IIS.

By default, HTTPS uses port 443.

To join Notification Servers in a hierarchy, you must correctly enter the port numbers or HTTPS prefix inside the Add Hierarchy Node Wizard. In Step 1 of the wizard, in the URL field, you enter either HTTPS or the IIS port.

For example, to add a child node called HN-NSX8605.testdom01.lab using port 30000, enter http://HN-NSX8605.testdom01.lab:30000/Altiris/Console in the URL field. This means that your child Notification is configured to use port 30000, and you are instructing the local Notification Server to connect to it for hierarchy communications using that port.

To add a child node called HN-NSX8605.testdom01.lab using HTTPS, enter https://HN-NSX8605.testdom01.lab/Altiris/Console in the URL field.

Notification Servers within the hierarchy may not all use the same HTTP port for communication. As long as the hierarchy connection is configured correctly inside the Add Hierarchy Node Wizard, they will all work correctly.

Accessing the Altiris Console using a Remote Computer

When using a remote console, Notification Server uses HTTP (port 80) to connect to the server and download the client application / admin console content.

Agent for UNIX, Linux, and Mac

Notification Server uses SSH to connect to the client computer to copy over the bootstrap and then HTTP or HTTPS from the client computer to the Notification Server to download the agent.

Initial connection Notification Server to UNIX, Linux or Mac client
  • TCP 22 (SSH, configurable)
Initial connection Client to Notification Server (after Service Starts)
  • TCP 80 (HTTP), 443 (HTTPS) or other custom port depending on Notification Server configuration for Agent download
Connection Client to Package Server
  • ICMP Type 8 (PING) package server speed check
  • TCP 80 (HTTP), 443 (HTTPS) or other custom port depending on Package Server configuration for package download

Further communication with Notification Server uses configurable ports specified in the policies (defaults are standard HTTP, HTTPS, or FTP ports).

The 7.0 Unix Agent uses the same multicast and TCP settings as the Win32 Altiris Agent which can be configured from the Symantec Management Console. The defaults are:

  • TCP/IP Port 52028
  • Multicast Address: 224.0.255.135
  • Multicast Port: 52029

Ports used by Altiris Agent for UNIX, Linux, and Mac

Component Protocol Direction Port Connections Is configurable?

Notification Server

TCP

Inbound

80 (HTTP)

or

443 (HTTPS)

From client computers Yes, depends on the port used by the website the Notification Server is residing on

UNIX, Linux or Mac client computer

TCP

Outbound

Destination port 80 (HTTP)

or

443 (HTTPS)

To the Notification Server Yes, depends on the port used by the website the Notification Server is residing on

UNIX, Linux or Mac client computer

TCP

Outbound

Destination port 80 (HTTP)

or

443 (HTTPS)

To Package Servers Yes, depends on the ports used by the website the Package Server Agent is integrated with

UNIX, Linux or Mac client computer

TCP

Outbound

Source ports 1024 and above

To the Notification Server and Package Servers No, the ports randomly selected when connection is established

UNIX, Linux or Mac client computer

TCP

Inbound

22 (SSH)

Push install from the Notification Server Yes, depends on the port used by SSHD

UNIX, Linux or Mac client computer

TCP

Inbound

52028

Tickle / Power Management messages Yes, in the SM Console

UNIX, Linux or Mac client computer

UDP

Inbound

52029

Tickle / Power Management messages Yes, in the SM Console

Connection Profiles and Pluggable Protocols Architecture

Connection Profiles and Pluggable Protocols Architecture use the following ports and protocols.

Component Port Protocol Is this port configurable?

Connection Profiles and PPA

16993/16994 AMT/AMT Secure No

Connection Profiles and PPA

None ASF Not applicable

Connection Profiles and PPA

443 EMC Yes

Connection Profiles and PPA

80 HTTP No

Connection Profiles and PPA

None ICMP Not applicable

Connection Profiles and PPA

623 IPMI Yes

Connection Profiles and PPA

161 SNMP V1 V2 No

Connection Profiles and PPA

162 SNMP Trap Sender No

Connection Profiles and PPA

80/443 VMWare/VMWare Secure Yes

Connection Profiles and PPA

None WMI Not applicable

Connection Profiles and PPA

623/664 WS-MAN/WS-MAN Secure Yes

Event Console

Event Console uses the following ports and protocols.

Component Port Protocol Is this port configurable?

Alert Port

8500 TCP/IP Yes, in the Global Settings Item configuration XML

Receiver Refresh Port

8502 TCP/IP Yes, in the Global Settings Item configuration XML

Engine Refresh Port

8503 TCP/IP Yes, in the Global Settings Item configuration XML

Software Management Framework

Software Management Framework works through the Altiris Agent. There is no difference from that of the Win32 Altiris Agent ports.

Task Server

Component Protocol Direction Port Connections Is configurable?

Tickle Server (Altiris Object Host Service (atrshost.exe))

TCP

Inbound 50123 From task servers Yes, Altiris.ClientTask.TickleService.config

Task Server (Altiris Object Host Service (atrshost.exe))

TCP

Inbound 50124 From client task agents Yes, Altiris.ClientTask.Server.config

Task Server (IIS or Altiris HTTP Server)

TCP

Inbound

80 (HTTP)

443 (HTTPS)

From client task agents Yes, either through IIS, or with Altiris HTTP; use the Altiris.Http.config file

Task Server (Altiris Object Host Service (atrshost.exe))

TCP

Local Only

50121

50122

Task server web talking to task server process Yes, Altiris.ClientTask.Remoting.config

Network Discovery

Network Discovery uses the ports as configured through the Connection Profiles and Pluggable Protocols Architecture

Monitor Solution

Monitor Solution listens on port 1011 by default. This is configurable and can be changed by the user in the Agent Configuration settings.

Monitor Solution also monitors specified ports associated with common applications. This is configured using agentless or agent-based Port metrics.

Symantec Workflow

Component Port Protocol Is configurable?/Other information

Workflow Server

80 TCP/IP Yes. IIS uses port 80 to serve forms and Process Manager, but this can be changed.

Server Extensions

11434 TCP/IP Yes. Server extensions listens on 11434 for publishing requests from designers.

Workflow internal web server

11080

TCP/IP Yes. The web server uses port 11080 to serve pages.

Server Extensions configuration

21

25

FTP and SMTP No

Symantec Installation Manager

SIM uses port TCP 80 for HTTP and port TCP 443 for SSL.

SIM uses ports to download files only. It does not open any ports.

SIM accesses the following URLs. Your firewall should allow these URLs in order to use SIM properly.

 

  • http://www.solutionsam.com
  • http://www.symantec.com/about/profile/policies/privacy.jsp
  • http://lindon.extranet.altiris.com/eval_license_broker/get_licenses.asmx

 


Legacy ID



48796


Article URL http://www.symantec.com/docs/DOC1892


Terms of use for this information are found in Legal Notices