Performance Management server ports
The prerequisite scanner checks whether internal and external ports are available for communication on the Performance Management server.
- One type of port must be available and opened on the firewall. Such ports are for external communication, and you must open them on the firewall or disable the firewall. See Table 1.
- The other type of port is used for internal communication between components. Such ports must be available but can be blocked by the firewall because they do not require external communication. It is necessary to keep these ports from being used by any applications that are installed on the Performance Management server. See Table 2.
For each port that is used for external communication, one side sends a request and the other side provides a response. The side that initiates the connection is indicated for each port in Table 1.
For the list of ports that must be available for external communication on a Hybrid Gateway, see Installing the Hybrid Gateway.
| Port | Description |
|---|---|
| 80 | If you use HTTP to communicate with the Performance Management server, open port 80. The agents and the Hybrid Gateway initiate a unidirectional connection
with thePerformance Management server on port 80. HTTP communication
is the default option. The port is labeled MINHTTP in the prerequisite scanner output. |
| 443 | If you use HTTPS to communicate with the Performance Management server, open port 443. The agents and the Hybrid Gateway initiate a unidirectional connection
with the Performance Management server on port 443. The port is labeled MINHTTPS in the prerequisite scanner output. |
| 8080 | If you use HTTP to communicate with the Performance Management server, open port 8080. The Performance Management console browser initiates a unidirectional connection
with the Performance Management server on port 8080. Note: When you
use HTTP and port 8080 to connect to the Performance Management server, because the Performance Management console browser session is
redirected to use HTTPS and port 9443, enable communication for port 9443.
The port is labeled APMUIHTTP in the prerequisite scanner output. |
| 9443 | If you use HTTPS to communicate with the Performance Management server, open port 9443. The Performance Management console initiates a unidirectional connection with the
Performance Management server on port 9443. The port is labeled APMUIHTTPS in the prerequisite scanner output. |
| 8099 | Open port 8099 for Open ID Connect (OIDC) authentication. As part of the
Performance Management console user authentication process, a user's
browser might be redirected to port 8099. The Performance Management console browser initiates a unidirectional connection
with the Performance Management server on port 8099. The port is labeled OIDCHTTPS in the prerequisite scanner output. |
| 50000 | If you configure the Performance Management server to connect to a remote DB2® server, open port 50000. Either the DB2 server or the Performance Management server can initiate a connection on this port. The port is labeled DB2 in the prerequisite scanner output. |
| 27000 | If you configure the Performance Management server to connect to a remote MongoDB, open port
27000. The Performance Management server initiates a unidirectional connection with MongoDB on port 27000. The port is labeled MONGODB in the prerequisite scanner output. |
| 8091 and 8099 | To use the Threshold Manager API, open ports 8091 and 8099. For more
information about the Threshold Manager API, see Using the API for Threshold Management Service. API users initiate a unidirectional connection with the Performance Management server. Port 8091 is labeled SERVER1HTTPS in the prerequisite scanner output. Port 8099 is labeled OIDCHTTPS in the prerequisite scanner output. |
| 9443 and 8099 | To use the Role Based Access Control (RBAC) API, open ports 9443 and 8099. For
more information about the RBAC API, see Using the Role Based Access Control Service API. API users initiate a unidirectional connection with the Performance Management server. Port 9443 is labeled APMUIHTTPS in the prerequisite scanner output. Port 8099 is labeled OIDCHTTPS in the prerequisite scanner output. |
| 9998 | If you configure the Performance Management server to send EIF messages to an EIF receiver, such
as the Probe for Tivoli EIF, open port 9998. To use a
custom port, update the value of the EIF Port setting in the Event Manager
category of the Advanced Configuration window. The Performance Management server initiates a unidirectional connection with the
EIF receiver. The port is labeled FNEIFRCVR in the prerequisite scanner output. |
| 389 or 636 | If you plan to use LDAP to authenticate users of the Performance Management
console, open the port that is used by your LDAP server. Usually, you open port 389 but if you set
up the LDAP server to require SSL/TLS encrypted connections, open port 636. Contact your LDAP server
team to confirm which port numbers are used by your LDAP servers. The Performance Management server initiates this unidirectional connection with
the LDAP server. These ports are not included in the prerequisite scanner output. |
- Other ports may be used for external communication if you integrate the Performance Management server with other products such as Tivoli Common Reporting. See the documentation for these products that you plan to integrate with the Performance Management server to determine what ports they use. For links to the related documentation, see Table 10 in the Part numbers topic.
- If a firewall is blocking the ports, you can either configure the firewall to allow traffic on certain ports or disable the firewall. For more information, see Configuring the firewall for incoming requests to the server.
| Port | Component |
|---|---|
| 1527 | Port for Service Component Registry database. The port is labeled SCRDERBYDB in the prerequisite scanner output. |
| 2181 | Port for the Zookeeper process of Kafka Message Broker. The port is labeled ZOOKEEPER in the prerequisite scanner output. |
| 50000 | Port for the DB2 server. If you connect to a local DB2 server, this port must be unblocked for internal
communication. The port is labeled DB2 in the prerequisite scanner output. |
| 6066 | Port for Spark applications 2. The port is labeled SPARKAAPPS2 in the prerequisite scanner output. |
| 6414 | Port for Gaian database. The port is labeled FNGAIANDB in the prerequisite scanner output. |
| 7077 | Port for the Spark applications 1. The port is labeled SPARKAAPPS1 in the prerequisite scanner output. |
| 18080 | Port for the Spark master. The port is labeled SPARKMASTER in the prerequisite scanner output. |
| 18085 | Port for the Spark worker. The port is labeled SPARKWORKER in the prerequisite scanner output. |
| 8090 | Port for Performance Management console back end connection. The port is labeled SERVER1HTTP in the prerequisite scanner output. |
| 8091 | Port for secure Performance Management console back end connection. The port is labeled SERVER1HTTPS in the prerequisite scanner output. |
| 9092 | Port for Kafka Message Broker The port is labeled KAFKA1 in the prerequisite scanner output. |
| 9989 | Port for Kafka Message Broker The port is labeled KAFKA2 in the prerequisite scanner output. |
| 10001 | Port for Open Services for Lifecycle Collaboration service provider. The port is labeled OSLCPM in the prerequisite scanner output. |
| 12315 | Port for Service Component Registry Java™
back end. The port is labeled SCRJAVABKEND in the prerequisite scanner output. |
| 27000 | Port for the MongoDB database. If you connect to a local
MongoDB, this port must be unblocked for internal communication. The port is labeled MONGODB in the prerequisite scanner output. |
| 13245 | Port 1 for role-based access control. The port is labeled RBACSERVER1 in the prerequisite scanner output. |
| 13246 | Port 2 for role-based access control. The port is labeled RBACSERVER2 in the prerequisite scanner output. |
| 13247 | Port 3 for role-based access control. The port is labeled RBACSERVER3 in the prerequisite scanner output. |
| 13248 | Port 4 for role-based access control. The port is labeled RBACSERVER4 in the prerequisite scanner output. |
| 32105 | Port for internal messaging. The port is labeled FNINTMSG in the prerequisite scanner output. |