Network requirements
Your environment must meet network requirements for WebSphere Automation.
Note: WebSphere Automation supports routing outbound
requests to ibm.com hostnames through a proxy. For more information, see Configuring to use a proxy server.
| Hostnames | Ports and Protocols | Purpose |
|---|---|---|
| quay.io, icr.io, cp.icr.io, docker.io | 443 (HTTP over TLS) | The listed domains are the container image repositories that are used as part of the WebSphere Automation installation. These repositories are also used when WebSphere Automation and dependency software levels are updated. |
| esupport.ibm.com | 443 (HTTP over TLS) | For the fix manager to request and receive fixes from IBM Fix Central, the system must have outbound network access over HTTPS to esupport.ibm.com. |
| github.com | 443 (HTTP over TLS) | If you are installing WebSphere Automation in an air gap
environment, the system must have outbound network access over HTTPS to
github.com. This configuration is necessary to download the
ibm-pak utility and the CASE bundle. |
| public.dhe.ibm.com, dhempanon01.mul.ie.ibm.com (mirror), service.cpc.limited-use.ibm.com (mirror) | 443 (HTTP over TLS) | Required for the CVE monitor to parse Common Security Advisory Framework information. For the
CVE/PSIRT monitor to receive updated CVE data, the system must have outbound network access over
HTTPS to public.dhe.ibm.com or one of its mirrors. Because air gap installations cannot receive updated CVE information from the internet, manual steps are needed to update the CVE data. For more information, see the instructions for manually updating security bulletins. |
| Hostnames | Ports and Protocols | Purpose |
|---|---|---|
| WSA_URL | 443 (HTTP over TLS) | The WSA_URL hostname is used by the user browser to access the web interface, and by the WebSphere Application Servers to send HTTP/1.1 POST invocations with identifying information in a JSON payload. The WSA_URL hostname is determined at runtime, based on the hostname of the host Red Hat OpenShift cluster. The default port is 443. |
| SMTP_SERVER | 587 (SMTP, and SMTP over TLS with STARTTLS), 465 (SMTPS) | The SMTP_SERVER hostname and port are used by WebSphere Automation to connect to a configured mail server to send email-based notifications. WebSphere Automation first attempts to establish secure connections by sending a STARTTLS protocol command. When a secure connection is not established, plain text (no encryption) is used. For more details on default behavior for specific ports, see Configuring an SMTP server. Configuration of email-based notifications is not necessary for WebSphere Automation to monitor servers, but is necessary for WebSphere Automation to send email notifications. |
| SSH_HOSTS | 22 | Remote scripting uses Ansible. By default, SSH is used for Windows, Linux, and UNIX servers. WinRM is also supported for Windows servers. |