What TCP/IP ports that need to be opened in the firewall and used by Control-M/Enterprise Manager, Control-M/Server and Control-M/Agent? (Video Included)

Version 6
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Control-M/Enterprise Manager


    COMPONENT:

    Control-M/Enterprise Manager


    APPLIES TO:

    All versions of Control-M/Enterprise Manager All versions of Control-M/Server for UNIX and Microsoft Windows All versions of Control-M/Agent for UNIX and Microsoft Windows



    QUESTION:

    - What TCP/IP ports are used by Control-M?
    - What ports need to be opened in firewall for Control-M communication?
    - What are the ports used between Control-M/EM Server, Control-M/EM Clients, Control-M/Server and Control-M/Agent?
    - What TCP/IP ports that need to be opened in the firewall and used by Control-M/Enterprise Manager, Control-M/Server and Control-M/Agent?


    ANSWER:

     

    1a. Ports between CONTROL-M/EM clients and CONTROL-M/EM servers version 9.0.18 and higher
    All communication between Control-M/EM clients and Server is through the Control-M/EM web server.  
    Therefore, the only port(s) that need to be opened in the firewall are the http port (default 18080), and/or the https port (default 8443). 

       
    1b. Ports between CONTROL-M/EM clients and CONTROL-M/EM servers up to version 9.0.00
      
        A. These ports are configured by the CORBA configuration utility (orbconfigure). 
      
             These ports need to be configured on the CONTROL-M/EM Server side. The EM components (GAS, GCS, GUI Server, Web Server, Self Service, Forecast, BIM) are set to use a random port # by default. 
      
              However, orbconfigure can be used to set these components to use a range of ports that can then be opened in the firewall. We recommend a range of 24 ports (for v9). For example, 13100-13123.   
           These ports need to be opened for incoming traffic and allow bi-direction communication on these session 
      
        
      
                                                                                                                                                                                                                                                                                                                                    
    ParameterDefaultNeed to open in FirewallDescription
    CORBA Naming Service 13075YesThis is the Communications port used by the Control-M/EM client to communicate with the Control-M/EM CORBA server
    Control-M/EM GUI ServerRandom/RangeYesThis is the Communications port used to perform all user-initiated functionality for Control-M/EM clients (GUI, Desktop and CLI utilities)
    Control-M/EM Global Alerts ServerRandom/RangeYesThis is the Communications port used to identify, maintain and distribute Control-M alerts to Control-M/EM GUIs
    Control-M Configuration ServerRandom/RangeYesThis is the Communications port used by the CCM GUI to communicate with the Control-M Configuration Manager Server
    Control-M/ForecastRandom/RangeYesThis Communications port is needed for Control-M/Desktop client to connect to Control-M/Forecast Server when performing a 'Forecast' action on a job that uses Calendars
    BMC Batch Impact Manager ServerRandom/RangeYesThis Communications port is needed by Control-M/EM GUI client to connect to BIM when performing an 'add/edit BIM/Forecast Rules' action
    Control-M Self-ServiceRandom/RangeYesUsed by Self-Service client
    Control-M Archived ServerRandom/RangeYesUsed by Self-Service client and EM client
       

     

      
      
      B. The database port is used by the Reporting Facility and will need to be opened in the firewall for incoming traffic and allow bi-direction communication on the session  
     
    C. The tomcat web server port is used by the V9 Workload Automation Client to verify the latest version of the Client, for end user deployment, and On-line Help. The port is configured in ./etc/emweb/tomcat/conf/server.xml file 
      
       
     
      
      
    2. Ports between Control-M/EM Server, Control-M/Server and their respective databases
      
         A. if the database is remote to Control-M/EM Server or Control-M/Server, then the port # that the database is listening on will need to be open in the firewall 
      
              This port should be open for incoming traffic to the Database and allow bi-direction communication on the session  
            in v9 with HA enabled using ProgreSQL the primary and the secondary machine need to be able to initiate a Database connection from one machine to the other. (See HaWithPG diagram attached) 
      
        
      
         B. The Control-M/Server Configuration Agent port. (Default 2369) 
      
             This port should be open for incoming traffic from CMS to Control-M/Server and allow bi-direction communication on the session. 
      
        
      
         C. In HA environment Control-M/Server HA port (Default 2368) 
      
             The port should be open for incoming traffic on the secondary Serverand allow bi-direction communication on the session.  
            It    is used for the communication between the two Control-M/Server CA (Configuration Agent) processes only.  
       
      
       
          D. The Gateway ports (Default 2370 and 2371)  
       
       These ports should be open for incoming traffic to Control-M/Server and allow bi-direction communication on these sessions   
        
      
      
              On version 7 and above, Control-M/EM TCP/IP port is using a single port (Default 2370) 
      
        
      
    3. Ports between Control-M/Server and Control-M/Agent
      
         A. If 'persistent connection' is not used, then the following ports will have to be open in the firewall: 
      
         
      
                                                                                                      
    ProcessDefaultDescription
    Agent to Server Port7005Communication port from the Agent to Server. This will have to be open as incoming to Control-M/Server
    Server to Agent Port7006Communication port from the Server to Agent .This will have to be open as incoming to Control-M/Agent
      
      
        
      

        B. If 'persistent connection' is used, then only the Server to Agent Port  will have to be open in the firewall

      
             This port should be open for incoming traffic to Control-M/Agent and allow bi-direction communication on the session 
      

    Additional Information:

      

    NOTE: Please refer to resolution KM-000010055291 for additional information about ports used by Control-M products
     
    NOTE: Control-M HA configuration requires additional ports and configuration, please see 000105462.

    Additional Information:
    Customers viewing this solution may find value in the following self-help Connect with Control-M video.


      

     

      
      

     


    Article Number:

    000031546


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles