Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Tomcat in Symantec

  • 1.  Tomcat in Symantec

    Posted Nov 08, 2011 02:00 PM

    Hello All,

     

    I have done some reading about Symantec port's and functions. In that SEPM using IIS and TOMCAT. I just wants to know what role TOMCAT playing in Symantec?. In that article TOMCAT uses port 9090 and 8443 but TOMCAT default port is 8005. I get bit confused. Can anyone explain abouth this?.



  • 2.  RE: Tomcat in Symantec

    Posted Nov 08, 2011 02:34 PM

    Apache Tomcat (or Jakarta Tomcat or simply Tomcat) is an open source servlet container and provides a "pure Java" HTTP web server environment for Java code to run as you know Sepm is a java based application tomcat plays major role in SEP and SEPM manager with various functionality

    example Communication of clients , login to Sepm console etc



  • 3.  RE: Tomcat in Symantec

    Posted Nov 08, 2011 02:39 PM

    Apache Tomcat is used in version 12.1 which IIS was used in version 11.0



  • 4.  RE: Tomcat in Symantec

    Posted Nov 08, 2011 03:40 PM

    In 12.1, IIS (which drove Home, Monitors and Reports) was replaced with Apache Webserver. Apache Tomcat is used for the Policies, Clients and Admin tabs.

    sandra



  • 5.  RE: Tomcat in Symantec

    Posted Nov 08, 2011 11:03 PM

    Which port TOMCAT is using..? 8443 or 8005



  • 6.  RE: Tomcat in Symantec

    Broadcom Employee
    Posted Nov 08, 2011 11:18 PM

    check this link, it gioves the information

    http://www.symantec.com/business/support/index?page=content&id=TECH163787



  • 7.  RE: Tomcat in Symantec

    Posted Nov 09, 2011 02:22 AM

    8005 is a TOMCAT Shutdown port whereas 8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.



  • 8.  RE: Tomcat in Symantec

    Posted Nov 09, 2011 05:01 AM

    The SEP 11 SEPM uses both IIS and Tomcat (each is responsible for 3 of the tabs seen in SEPM).

    All 6 SEPM tabs in SEP 12.1 now use Tomcat.  IIS is no longer used with SEP 12.1.

    Be aware that Tomcat is also used by some other Symantec products.  A common example: LiveUpdate Administrator 2.x. (LUA 2.x)  I very strongly recommend against having more than one Tomcat running on a single server because they will be contesting for the same limited resources (JVM, etc).  A SEPM and LUA 2.x should never be installed on the same box.

    Hope this helps!



  • 9.  RE: Tomcat in Symantec
    Best Answer

    Posted Nov 09, 2011 08:34 AM

     

    The following table lists ports and processes associated with Symantec Endpoint Protection version 11.0, 12.0 and 12.1:

    Communication Ports

     

    Port Number

    Port Type

    Initiated by

    Listening Process

    Description

    80, 8014

    TCP

    SEP Clients

    svchost.exe (IIS)
    httpd.exe (Apache)

    Communication between the SEPM manager and SEP clients and Enforcers. (8014 in MR3 and later builds, 80 in older).
    The 11.x product line uses IIS. The 12.x product line uses Apache.

    8445

    TCP

    Reporting Console

    httpd.exe (Apache)

    Added in 12.1.x. HTTPS reporting console

    443

    TCP

    SEP Clients

    svchost.exe (IIS)
    httpd.exe (Apache)

    Optional secured HTTPS communication between a SEPM manager and SEP clients and Enforcers.

    1433

    TCP

    SEPM manager

    sqlservr.exe

    Communication between a SEPM manager and a Microsoft SQL Database Server if they reside on separate computers.

    1812

    UDP

    Enforcer

    11.x: w3wp.exe (IIS)
    12.x: httpd.exe (Apache)

    RADIUS communication between a SEPM manager and Enforcers for authenticating unique ID information with the Enforcer.

    2638

    TCP

    SEPM manager

    11.x: dbsrv9.exe
    12.1.x: dbsrv11.exe

    Communication between the Embedded Database and the SEPM manager.

    8443

    TCP

    Remote Java or web console

    SemSvc.exe

    HTTPS communication between a remote management console and the SEPM manager. All login information and administrative communication takes place using this secure port.

    9090

    TCP

    Remote web console

    SemSvc.exe

    Initial HTTP communication between a remote management console and the SEPM manager (to display the login screen only).

    8005/8765

    TCP

    SEPM manager

    SemSvc.exe

    This is the Tomcat Shutdown port.
    In the 11.x product line SEPM manager listens on the Tomcat default port of 8005 except RU7 uses 8765.  Also in 12.x product line port 8765 is used instead.

    39999

    UDP

    Enforcer

    SNAC.exe (Windows SNAC)
    CClientCtl.exe (Windows ODC)
    SNAC
    (Mac SNAC/ODC)

    Communication between the SEP Clients and the Enforcer. This is used to authenticate Clients by the Enforcer.

    2967

    TCP

    SEP Clients

    Smc.exe

    The Group Update Provider (GUP) proxy functionality of SEP client listens on this port.

    8045

    TCP

    SEPM Manager

    SemSvc.exe

    In the SEP 11 RU6 SEPM, the registry is started by the Tomcat servlet container. CreamTec's AjaxSwing uses the existing registry to communicate with its client agents that run in stand alone mode
    8444 TCP Symantec Protection Center v2.0 SemSvc.exe This is the SEPM web services port. SPC 2.0 makes Data Feed and Workflow requests to SEPM over this port.

     


     

    The Symantec Endpoint Protection Manager (SEPM) use two web servers: Internet Information Services (IIS) and Tomcat. IIS uses port 80 (or 8014) and 443 - Tomcat uses port 9090 and 8443. The communication between IIS and Tomcat uses the HTTP protocol. IIS uses port 9090 to talk to Tomcat, Tomcat uses port 80 to talk to IIS.
     

    Client-Server Communication:
    For IIS SEP uses HTTP or HTTPS between the clients or Enforcers and the server. For the client server communication it uses port 80 (or 8014) and 443 by default. In addition, the Enforcers use RADIUS to communicate in real-time with the manager console for clients authentication. This is done on UDP port 1812.
     

    Remote Console:
    9090 is used by the remote console to download .jar files and display the help pages.
    8443 is used by the remote console to communicate with SEPM and the Replication Partners to replicate data.
     

    Client-Enforcer Authentication:
    The clients communicate with the Enforcer using a proprietary communication protocol. This communication uses a challenge-response to authenticate the clients. The default port for this is UDP 39,999.



  • 10.  RE: Tomcat in Symantec

    Posted Nov 09, 2011 02:44 PM

    Dear abnscbnklfoo

    Please can you tell us where you got this information from. What is the authoritive source.



  • 11.  RE: Tomcat in Symantec

    Posted Nov 09, 2011 03:25 PM

    Follow the link metioned below:

     

    http://www.symantec.com/business/support/index?page=content&id=TECH163787