This section explains how the Applications Manager can be accessed behind a firewall. Firewalls act as barriers preventing unauthorized access to a network. They act as entrance through which authorized people may pass and others not. You need to configure the firewall so that the host on which Applications Manager runs, can access the monitor at the relevant port.
Note: It is important to know that all ports must be opened for bi-directional communication to take place.
Monitors | Port Details |
---|---|
APPLICATION SERVERS | |
Glassfish | Glassfish JMX port (default : 8686) |
JBoss | Two-way communication between JBoss web server port (default : 8080) and Applications Manager web server port (default : 9090). Applications Manager hostname should be accessible from JBoss server. JBoss RMI object port (default : 4444). |
Jetty | Enable JMX for monitoring. The JMX Port for default installations of Jetty is 9999. |
Microsoft .NET |
Windows Management Instrumentation (WMI) -- Port: 445 Remote Procedure Call (RPC) (default : 135) Know more about the ports required for WMI Mode of monitoring. |
Oracle Application Server | Oracle Application Server port (default : 7200) |
Tomcat | Tomcat web server port (default : 8080) |
VMware vFabric tc Server | JMX port of VMware vFabric tc Server (default : 6969) |
WebLogic | Two-way communication between WebLogic listening port (default : 7001) and Applications Manager web server port (default : 9090) |
WebSphere |
WebSphere application port (default : 9080) |
CLOUD APPS | |
Microsoft Azure |
|
Amazon | REST API via SDK HTTPS port (Default port: 443) |
Microsoft 365 | REST API HTTPS port (Default port: 443) |
Openstack | REST API HTTPS port (Default port: 443) |
Google Cloud Platform | REST API HTTPS port (Default port: 443) |
Oracle Cloud |
|
CUSTOM MONITORS | |
Database Query monitor | Corresponding database server port |
File/Directory, Script (Telnet/SSH mode) |
Telnet Port: 23 (if mode of monitoring is Telnet) SSH Port: 22 (if mode of monitoring is SSH) |
File/Directory, WMI Performance counter (WMI mode) |
Remote Procedure Call (RPC) (Default :TCP 135) Windows Management Instrumentation (WMI) (Default : TCP 445) Know more about the ports required for WMI Mode of monitoring. |
DATABASE SERVERS | |
DB2 | The port in which DB2 is running (default: 50000) |
Memcached | The port in which Memcached server is running (default : 11211) |
MySQL | The port in which MySQL is running (default : 3306) |
Oracle | The port in which Oracle is running (default : 1521) |
PostgreSQL | The port in which PostgreSQL is running (default : 5432) |
Microsoft SQL Server | The port in which SQL Server is running (default : 1433). UDP port 1434 might be required for the SQL Server Browser Service when you are using named instances. |
Sybase | The port in which Sybase is running (default : 5000) |
SAP HANA | SAP HANA's IndexServer port (default: 30015) |
Apache HBase | The port in which Hbase is running. For default installations of HBase, the JMX port number is 10101 for Master and 10102 for RegionServer. |
NoSQL | |
Cassandra | Enable JMX for monitoring. The JMX Port for default installations of Cassandra is 7199. |
ERP | |
Oracle EBS | Oracle EBS webserver port (default:7200) |
Microsoft Dynamics CRM/365 (On-Premise) |
To monitor a Microsoft Dynamics CRM/365 application, use Administrator user account which has the permission to excute WMI queries on 'root\CIMV2' namespace of the Dynamics CRM/365 Server. Firewall access for monitoring: Ports required for monitoring via WMI.
Powershell access for monitoring: Click here to see powershell prerequisites. |
Microsoft Dynamics AX |
Windows Management Instrumentation (WMI) -- Port: 445 Remote Procedure Call (RPC) -- Port: 135 Also refer to ports required for WMI Mode of monitoring under Servers |
MAIL SERVERS | |
Exchange Server | Windows Management Instrumentation (WMI) (default : 445) Remote Procedure Call (RPC) (default : 135) PowerShell remoting - TCP 5985 and 5986 Exchange PowerShell session - TCP 80 and 443 Know more about the ports required for WMI Mode of monitoring |
Mail Server | SMTP server port (default : 25) to send mails from Applications Manager. POP port (default : 110 ) to fetch mails using the POP server. |
MIDDLEWARE/PORTAL | |
IBM WebSphere MQ | The MQ Listener Port (default:1414) |
Microsoft MSMQ/SharePoint Server/Biztalk Server |
Windows Management Instrumentation (WMI) -- Port: 445 Remote Procedure Call (RPC) -- Port: 135 PowerShell remoting - TCP 5985 and 5986 Know more about the ports required for WMI Mode of monitoring. |
VMware vFabric RabbitMQ Server | The Port ID where the management plugin is configured (default : 55672) |
WebLogic Integration Server | WebLogic Integration port (default : 7001) |
Oracle Tuxedo | The SNMP port number , on which the Tuxedo SNMP agent is running. The default port number is 161. |
Apache ActiveMQ | Remote JMX should be enabled. The default JMX port is 1099. |
Apache Kafka |
The default JMX port is 9999. To enable JMX, you can set the JMX_PORT environment variable in the kafka-run-class.sh/kafka-run-class.bat file or use standard Java system properties. Alternatively, you can set the KAFKA_JMX_OPTS environment variable in the kafka-run-class.sh/kafka-run-class.bat file to enable JMX for monitoring in Applications Manager. For more information on configuring JMX, refer to this link.
|
Skype for Business Server |
Windows Management Instrumentation (WMI) -- Port: 445 Remote Procedure Call (RPC) -- Port: 135 Also refer to ports required for WMI Mode of monitoring under Servers |
SERVERS | |
AS400/iSeries |
To connect AS400/iSeries server from Applications Manager it uses JTOpen package. The JTOpen package uses the following Non-SSL ports 449, 446, 8470, 8471, 8472, 8473, 8474, 8475, 8476. Ensure that the ports mentioned under "Port Non-SSL" column in the link are not blocked in firewall. |
Linux / Solaris / AIX / HPUnix /Tru64 Unix |
Telnet Port (default : 23), if mode of monitoring is Telnet. SSH Port (default : 22), if mode of monitoring is SSH SNMP Agent Port (default : 161), if mode of monitoring is SNMP |
Windows |
Applications Manager supports users with both administrator and non-administrator roles for monitoring Windows servers through WMI mode. However, it is recommended to use administrator privilege for Windows server monitoring. Ports required - Remote Procedure Call (RPC) (default : 135)
For SNMP Mode of monitoring: Ports required - SNMP Agent Port: 161 |
Windows Cluster |
For WMI Mode of Monitoring: Applications Manager supports users with both administrator and non-administrator roles for monitoring Windows servers through WMI mode. However, it is recommended to use administrator privilege for Windows server monitoring. Ports required - Remote Procedure Call (RPC) (default : 135)
For SNMP Mode of monitoring: Ports required - SNMP Agent Port: 161 |
SERVICES | |
Active Directory |
Windows Management Instrumentation (WMI) -- Port: 445 Remote Procedure Call (RPC) -- Port: 135 PowerShell remoting -- TCP 5985 and 5986 Also refer to ports required for WMI Mode of monitoring under Servers |
FTP/SFTP |
Port in which FTP or SFTP is running (default:21 for FTP, 22 for SFTP) |
JMX [ MX4J / JDK 1.5] | Port of JMX agent (default:1099) To monitor JMX behind firewall, the following changes have to be done.
|
LDAP | LDAP server port |
Network Policy Server (NPS) |
Windows Management Instrumentation (WMI) -- Port: 445 Remote Procedure Call (RPC) -- Port: 135 Also refer to ports required for WMI Mode of monitoring under Servers |
Service Monitoring | The service port that you need to monitor |
SNMP | SNMP Agent port (Default:161) |
Telnet | Port which you need to Telnet |
Apache ZooKeeper |
The default port of JMX agent is 1099 To enable Remote JMX for zookeeper in Linux Environments, open zkServer.sh file under bin folder and check the below following:
In Windows Environments, do the following changes in zkServer.bat file under bin folder:
Replace <PORT NO> with JMXPORT and <IP address> with IP address of the machine.
|
Oracle Coherence | Enable JMX for monitoring. The JMX Port for default installations of Coherence is 1099. |
Hadoop | Enable JMX for monitoring. The JMX port of the NameNode. |
APPLICATION PERFORMANCE MANAGEMENT | |
APM Insight | One way communication from the Agent installed application server to the Applications Manager port- (default: 9090/8443). |
VIRTUALIZATION | |
Hyper-V |
Windows Management Instrumentation (WMI) -- Port: 445 Remote Procedure Call (RPC) -- Port: 135 Also refer to the ports required for WMI Mode of monitoring under Servers |
VMWare ESX/ESXi | VMWare Web Service port (default:443) |
Citrix Xenserver | The https Port where the XenServer web service runs. The default port is 443. |
Docker | The Docker socket port. (default port: 4243). |
Kubernetes | SSH Port (Default port: 22). |
OpenShift | SSH Port (Default port: 22) RESTAPI Port (Default port: 8443) |
WEB SERVER/SERVICES | |
SSL Certificate Monitor | SSL port in which the web server is running (default: 443). |
Web Server | HTTP Port of Web Server. (Default port is 80. For SSL, it is 443) |
Elasticsearch | The port on which the ElasticSearch is running (default: 9200). |
Apache Solr | The port on which the Apache Solr is running (default: 8983) |
IIS Server | Port on which IIS Server is running. (Default port is 80. For SSL, it is 443.) |
Miscellaneous | |
Trap Listeners | Trap Listener port (default:1620) in Applications Manager server should be accessible from the server where you want to send traps. More on receiving SNMP Traps. |
RUM Agent |
Note:
|
EUM Agent |
|
Applications Manager makes sure that data is secure. The internal PostgreSQL database allows only the localhost to access the database through authenticated users. User Names and Passwords are stored in the PostgreSQL database that is bundled along with the product. The passwords are encrypted to maintain security.
Monitors | Privileges |
---|---|
Active Directory | Administrator username/password [WMI mode] |
Amazon |
|
Apache Server | Credentials for accessing the server status url for Apache |
AS400/iSeries |
|
Database Query Monitor | User with privileges for accessing a particular database and execute the query |
DB2 | User with atleast SYSMON instance level authority |
Exchange Server | Administrator username/password [WMI mode] |
File/Directory | User with privileges for accessing the File or Directory to monitor |
FTP/SFTP | If Authentication is enabled, enter the Username and Password for connecting to the FTP/SFTP server & move to required directory |
Glassfish | Username and password for connecting to Glassfish Admin console |
HP-UX | Guest user privilege |
HTTP URL | If basic authentication is required enter the same in monitor |
Hyper-V | Administrator privileges to the root OS (Windows 2008 R2 and other supported Hyper-V versions) |
IBM AIX | Guest user privileges are sufficient but "root" privileges are required for collecting Memory related details. Hence, it is preferable to use a "root" account to view all the details |
IBM WebSphere MQ | A Channel name with type of "Server Connection Channel" |
JBoss | Use the JBoss username/password (if Jboss is authenticated). User should be able to access the JBoss JMX console. If not, no username/password is required |
JMX/Java Runtime |
If Authentication is enabled, enter the Username and password for connecting to the JMX agent. To monitor a JMX Applications, the following java runtime options are to be added to your application
Replace <PORT NO> with JMX Port of the machine.
|
LDAP | If Authentication is enabled, enter the Username and Password. If no username and password is provided, then it will connect to LDAP server as an anonymous login. |
Linux | Guest user privilege |
Mail Server | If Authentication is enabled, enter the Username and password for connecting to the SMTP and POP |
Microsoft .Net | Administrator username/password [WMI mode] |
Microsoft Office SharePoint Server | Administrator username/password [WMI mode] |
MS SQL | System Administrator/Owner for the "master" database |
MSMQ | Administrator username/password [WMI mode] |
MySQL | The User-name specified should have access to the databases to be monitored. MySQL should also be configured. This allows the host on which App Manager is running to access the MySQL database. |
Oracle EBS | Users with CONNECT, SELECT_CATALOG_ROLE and SELECT ANY TABLE roles. |
RabbitMQ | The User must have an administrator tag (that has privileges to list all the objects under every Virtual host) to monitor a RabbitMQ server. |
SAP/SAP CCMS |
You need a SAP user profile with the following authorization objects: S_RFC, S_XMI_LOG and S_XMI_PROD which are the minimum prerequisities for adding a SAP monitor. We use the SAP Java Connector to connect to the SAP ABAP server. The SAP JCo will communicate from APM to SAP using the SAP Dispatcher. The SAP Dispatcher port to be used is 3200 with the SAP System number. |
Script monitor | User with privileges for executing the script and accessing the output file. |
Server with SNMP mode | SNMP Community string with read privileges. |
SNMP/Network device |
For SNMP Version V1/V2c:
For SNMP Version V3: Select one of the three Security Levels in the drop-down list:
|
Solaris | Guest user privilege. |
Sybase | The user should have admin privileges or the DB owner for master database. |
Tomcat |
|
VMWare ESX/ESXi |
When adding VMWare ESX/ESXi servers for monitoring, we recommend that you use the root account. However, if you are unable to use the root account, you can use a 'view-only' profile to add the servers. This profile has all the privileges required for monitoring. The user you create must be:
|
VMware vFabric RabbitMQ Server | User Name and Password of RabbitMQ server. |
WebLogic | Use the WebLogic username/password, if WebLogic is authenticated. The user should be an administrator. Otherwise, no username/password is required. |
WebLogic Integration Server | Use the WebLogic username/password, if WebLogic is authenticated. User should be an administrator. Else no username/password is required. |
Webservices | Give the User Name and Password, if it is required to invoke the webservice operation. |
WebSphere | If Global Security is enabled, use the same username/password . If not, no username/password is required. |
Windows | Administrator username/password [WMI mode]. |
Windows Cluster | Administrator username/password [WMI mode]. |
Path | Ports |
---|---|
Admin Server to Managed Server | SSL Port (default 8443) for data syncing. Webserver (default 9090). |
Managed Server to Admin Server | SSL Port (default 8443) for data syncing. |
Note: Production Environment gives you the configuration details that you need to take care of, when moving Applications Manager into Production.