This post is more than 5 years old
6 Posts
0
10266
Firewall Ports for DPA 6
Hello to all
I've been working with DPA 5.8.x for few months now and am preparing to migrate to the newest version 6.x.
I cant get the same information found inisde the Installation guide for version 5.x (i.e. a nice diagram) with all teh required ports to allow the comunication with the collector (named agent now?).
The current DPA 6.x manual says:
####################
Default communication ports
DPA Agent 3741 TCP
DPA Application Server 9002 TCP
DPA Datastore Server 9003 TCP
To ensure communication between the server and agents, the firewalls in the network
must be configured to allow communication on these ports. During installation, these
ports are checked to see if they are in use.
####################
However , it doesnt say which direction or even if the agent connects into a different port talking to the server as the collector does on version 5.8.x - it talks on port 4001 (Listner) and 3916 (controler) on version 5.x outbound.
Would anyone be able to point me on the right direction?
Cheers,
Marco
eagarg1
66 Posts
0
December 12th, 2013 08:00
Hi Marco,
I'd be happy to help provide clarity. The application server listens on 9002 and the agent (what used to be called the Collector) listens on 3741, so the ports required for communication are:
DPA Agent --> DPA Application Server:9002
DPA Application Server --> DPA Agent:3741
The other requirement is for the DPA Application server to communicate with the Datastore (database):
DPA Application Server --> DPA Datastore:9003
With DPA 6 all communication with the Application Server is done via REST API with the server listening on port 9002 (so there is no longer separate ports for listener and controller communication). Even the UI is all based on REST API calls so the UI connection is also done to Port 9002.
I will provide feedback to the documentation team re this issue and ask if they can provide more clarity in future versions of the installation / administration guide.
Regards,
Gareth
Marco_UK1
6 Posts
0
December 13th, 2013 01:00
Hi Gareth,
Many thanks for the info.
Yes please tell the team responsible for the documentation to enchace it!
I would suggest a nice diagram as per the manual(s) on version 5.x - that one is really good!
Regards,
Marco
Marco_UK1
6 Posts
0
December 13th, 2013 07:00
Gareth,
One more question about ports:
Coudl you please confirm which ports are necessary to allow the Datastore Replication?
The same que for the Application Object when configured in a Cluster mode?
Regards,
Marco
eagarg1
66 Posts
0
December 13th, 2013 07:00
DPA replication between datastores is via Port 9003, so you would need that port open between the DS master and slave.
Application clustering is more complex and involves the following ports: 5445 (TCP), 5455 (TCP), 7500 (UDP), 9876 (UDP). However application servers in a cluster must be on a dedicated VLAN as the clustering technology also does some broadcasting to establish the cluster, and since they're on a dedicated VLAN firewall configuration between the application servers in the cluster is not usually necessary.
Regards,
Gareth
Ben122
8 Posts
0
July 27th, 2015 13:00
Hi Gareth,
I understand that opening firewall ports bi-directionally is what EMC recommends but what are the features we'll be losing if we just allow port 9002 from the agent servers to the application server ?
Will that even work or is 3741 from the application server to the agents is mandatory ?
Is it only need to restart services and make config changes from the GUI or we'll be losing more features ?
Thank you
eagarg1
66 Posts
0
July 29th, 2015 10:00
Hi Ben. I don't believe it would work at all if communication was only open in one direction. The server needs to send the agent configuration information about what requests to run and how often to run them, as well as other information. I doubt if the agent would even be able to register successfully with the server if 3741 from server to agent was blocked. You could try it, but if you had issues it wouldn't be supported.
Regards,
Gareth
Ben122
8 Posts
0
July 29th, 2015 12:00
Thanks for your time, this might be a challenge for our environment.