Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

martingoh

1 Rookie

 • 

31 Posts

1330

October 6th, 2006 00:00

Ports needed just for management

Hi,

Can anyone advise what is the processes required just for managing a networker server ?

The senario is like this:

Networker 7.2.1
The are 2 networker master servers separated by router. They need to be manage by either one of them using Administrator console, no NMC. Due to company security policy, I cannot open the full range of service ports 7937-9936 just for managing purpose. I need to know the range of ports that need to be opened at the router just for management purpose.

From my understanding, there are 5 main server process: nsrd, nsrmmdbd, nsrindexd, nsrmmd, nsrexecd. Each of the server process use 1 port each except nsrexecd which uses 2 ports. I wonder if I need to open ports for nsrmmd here just for management purpose. If not, does that mean only 5 ports need to be opened ?

Thanks.

ble1

6 Operator

 • 

14.4K Posts

 • 

56.2K Points

October 6th, 2006 00:00

Check technical bulletin 354.

martingoh

1 Rookie

 • 

31 Posts

October 6th, 2006 01:00

Hi Hrvoje,

Do you know of a working link to technical bulletin 354?

From EMC CustomerNet support KB, doing a search for it return all broken links to bulletin 354.

amediratta

2 Intern

 • 

2K Posts

October 6th, 2006 01:00

I am not too sure if things have changed recently but till 7.2 when I used across firewall, you have a formula to calculate service ports(7937-9936) and then open 20000 communication ports(10001-30000). I had to do that even when I was doing only NMC.

Without this it used to give errors on service ports or communication ports sooner or later.

martingoh

1 Rookie

 • 

31 Posts

October 6th, 2006 01:00

Hi Hrvoje,

Thanks for the advice, will try opening those ports.

ble1

6 Operator

 • 

14.4K Posts

 • 

56.2K Points

October 6th, 2006 01:00

From what I see it looks like it is removed or broken. Anyway, according to that document you are seen as client and it looks like you need 10 connection ports per monitoring tool (nwadmin, nsrwatch, nsradmin). I guess if you go with something like 10000-10100 you can't go wrong.

ble1

6 Operator

 • 

14.4K Posts

 • 

56.2K Points

October 6th, 2006 02:00

Hi Anuj,

I don't even use all connection ports for backups (20k) - it's hard to expect that monitoring would use that too. Monitoring is quite simply - or at least it should be. You have nwadmin on your workstation connecting to remote service and transferring updates. For that reason I believe 7937 and 7838 should be enabled too, but that is default anyway. Everything else is connection port - a small number of it.

To get the list of ports even lower than that and not using NMC, you might get into some different solutions like ssh tunneling from server to your box.

martingoh

1 Rookie

 • 

31 Posts

October 6th, 2006 02:00

Sorry folks,

Forget to mention the Networker servers are running on Windows

ble1

6 Operator

 • 

14.4K Posts

 • 

56.2K Points

October 6th, 2006 02:00

I believe when it comes to ports platform doesn't play major role. At least I didn't see it yet in any of EMC/Legato document related to NW.

amediratta

2 Intern

 • 

2K Posts

October 6th, 2006 03:00

Even I have never faced a platform specific issue not even on heterogeneous enviroment i.e. Linux Server with Windows & Solaris client.

amediratta

2 Intern

 • 

2K Posts

October 6th, 2006 09:00

One of my customers used IPsec in one Windows installation and opened only 3 ports.

martingoh

1 Rookie

 • 

31 Posts

October 9th, 2006 09:00

Hi Hrvoje,

Is there other monitoring tools other than nwadmin, nsrwatch and nsradmin ? Cos' they will only take up 30 ports then. Is it necessary to open 100 ports ?

ble1

6 Operator

 • 

14.4K Posts

 • 

56.2K Points

October 9th, 2006 10:00

You wish to be on the safe side - that's why I said you should not worry with 100 ports open. Besides, if monitoring is enabled for certain host only it is quite easy to set up fw rule where those 100 ports would only apply to that communication.

cfaller

96 Posts

October 10th, 2006 20:00

why not just test NMC by running it and seeing just what ports it opens up locally, as they should be all that is necessary, the rest of the service ports are only required from the Networker servers to their clients etc......
ignore port 2638 as that is a locally used port for the database
NMC uses ports 9000 & 9001

cfaller

96 Posts

October 10th, 2006 23:00

my bad for missing the "no",

really it wouldnt be more than the 2 ports between the 2 networker Servers, given an example of a Client configured with just 2 ports through a firewall, i.e. 7937 & 7938, it has the ability to perform all functions on the networker server as long as it is in the Administrators list.

ble1

6 Operator

 • 

14.4K Posts

 • 

56.2K Points

October 10th, 2006 23:00

Hi Craig,

Agreed, but Martin in first post said "no NMC".

Was this post helpful?

View All

No Events found!

Top