There are several different interactions that occur between the components of the
License Metric Tool infrastructure and between
the user and tool.
Arrow indicates the connection origination.
License Metric Tool domain
Interaction |
Type |
Connection |
Description |
a |
REST API data traffic |
Default port |
9081 |
Protocol |
HTTPS |
Origination |
Client that uses REST API connections |
b |
Web browser data traffic |
Default port |
9081 |
Protocol |
HTTPS |
Origination |
Web browser |
c |
Extraction of virtualization hierarchy by using REST API |
Default port |
Specific to the type of virtualization manager |
Protocol |
TCP (HTTP/HTTPS) |
Origination |
VM Manager Tool |
BigFix domain
Interaction |
Type |
Connection |
Description |
A |
BigFix
console data traffic |
Default port |
52311 |
Protocol |
HTTPS |
Origination |
BigFix console |
Network controls |
There is a "refresh rate" for each BigFix console user (default 15 seconds) |
B |
Directory server user authentication |
Default port |
389 or 636 (for SSL) |
Protocol |
TCP (LDAP/LDAPS) |
Origination |
WebReports |
Network controls |
N/A |
C |
REST API data traffic |
Default port |
8080 or 8083 |
Protocol |
TCP (HTTP/HTTPS) |
Origination |
BigFix server |
Network controls |
N/A |
D |
Directory server user authentication |
Default port |
389 or 636 (for SSL) |
Protocol |
TCP (LDAP/LDAPS) |
Origination |
BigFix server |
Network controls |
N/A |
E |
Download of new data from external HCL fixlet servers |
Default port |
80 (typically); possibly 443 |
Protocol |
TCP (HTTP/HTTPS) |
Origination |
BigFix server |
Network controls |
- This communication is optional. In case of no Internet connection, you need to update the fixlet site manually.
- There is a configurable interval that the BigFix server checks for new fixlet messages.
|
F |
Gather, post, download |
Default port |
52311 |
Protocol |
TCP (HTTP/HTTPS) |
Origination |
BigFix client |
Network controls |
- Configurable bandwidth throttling to BigFix
relay or clients
- Configurable gather interval. The default is 1 per
day per fixlet site.
- Configurable minimum time to wait between posts. The default is 15 seconds.
- Configurable temporal distribution (spread out downloads over
time) per action
- The ability to set "policy" to prevent computers from downloading files if they are not pointed
at the proper BigFix relay
|
G |
UDP new information message |
Default port |
52311 |
Protocol |
UDP |
Origination |
UDP messages are sent from the immediate parent of the BigFix client. It can be either a BigFix relay or the BigFix server. |
Network controls |
- Configurable limit of the number of UDP messages sent at one time from a BigFix relay
- Configurable limit of the amount of time to wait after sending UDP messages from a BigFix relay
|
H |
Relay selection |
Default port |
None |
Protocol |
ICMP |
Origination |
Each BigFix client sends
progressive rounds of ICMP packets to each relay with increasing TTLs until a BigFix relay responds. For example, in a network of 2
relays, one 1 hop away and one 2 hops away, the BigFix client sends an ICMP message to both with TTL 1 and
receives 2 time exceeded messages from the local router. The BigFix client then sends an ICMP message to both relays
with TTL 2 and receives one time exceeded message and one reply message. The BigFix client then chooses the relay that is one hop
away. |
Network controls |
- Relay auto-selection can be disabled.
- Configurable interval for when the BigFix
clients perform auto-selection
- Configurable limit on the maximum number of ICMP packets to send
out in a time interval
- Configurable limit on the maximum number of
rounds to send
out during relay auto-selection
|
I |
Extraction of virtualization hierarchy by using REST API |
Default port |
Specific to the type of virtualization manager |
Protocol |
TCP (HTTP/HTTPS) |
Origination |
VM Manager Tool |
Network controls |
N/A |
Cross domain
Interaction |
Type |
Connection |
Description |
1 |
Download of the scan results from endpoints |
Default port |
52311 |
Protocol |
TCP (HTTP/HTTPS) |
Origination |
License Metric Tool
server |
2 |
Directory server user authentication |
Default port |
389 or 636 (for SSL) |
Protocol |
TCP (LDAP/LDAPS) |
Origination |
License Metric Tool
server |