Ports used by IBM Spectrum Control

When you install IBM Spectrum Control, the ports must be opened through the firewall. You must disable the firewall program or open the ports to allow incoming requests to the IBM Spectrum Control ports. Review these ports before you install IBM Spectrum Control.

Restriction: IBM Spectrum Control uses TLS 1.2 protocol for communicating on storage system ports. It does not use TLS 1.3, and TLS 1.1 and 1.0 are disabled by default for increased security.

For information about how to re-enable TLS 1.1 and 1.0 for IBM Spectrum Control ports, see Enabling TLS 1.1 and 1.0 for IBM Spectrum Control ports.

IBM Spectrum Control ports used for TCP/IP

Table 1 lists the IBM Spectrum Control default ports.

All ports in Table 1 are configured during installation using the installation program. For a silent mode installation, use the varTPCPortRangeSP parameter in the installation response file.

Table 1. IBM Spectrum Control ports used by TCP/IP for incoming communication
Ports	Component and port information
9549	Data server 9549 listens for communications from the Device server, CLI, and Storage Resource agents.
9550-9551 9553 9572	Device server 9550-9551 listens for communications from the Data server, Alert server, and Web server. 9553 listens for logging commands. 9572 listens for IBM® WebSphere® Application Server Liberty administrative commands.
9556 9570 9571	Alert server 9556 listens for communications from the Device server. 9570 listens for logging commands. 9571 listens for WebSphere Application Server Liberty administrative commands.
9510 9567	Storage Resource agent 9510 listens for communications from the Data server if the Storage Resource agent is deployed in daemon mode. The only exception is the Storage Resource agent that is deployed on the IBM Spectrum Control server at installation time, which listens on port 9567 instead. If the Storage Resource agent is deployed in non-daemon mode, the Storage Resource agent does not need any listening ports. The Data server uses RXA to communicate with the Storage Resource agent in non-daemon mode. RXA uses the following default ports for the protocols: 22 SSH 512 Remote Execution (REXEC) 514 Remote Shell (rsh) 445 Windows SMB protocol The Storage Resource agent sends responses back to the Data server on port 9549, in both daemon mode and non-daemon mode.
9554 9568 9569	Web server 9554 is used by WebSphere Application Server Liberty. The following ports are used for the GUI: 9568 (non-secure) 9569 (secure) 9569 is used for the REST API.
9562	Export server 9562 listens for communications from the Web server.
25000 50000	Db2® By default, Db2 listens on port 25000 for communication from IBM Spectrum Control and other clients. Port 50000 can also be used. The default port can be changed only during the Db2 installation.

Restrictions: The following restrictions apply to the ports that are listed in Table 1:

The ports apply only to a fresh installation of IBM Spectrum Control. If you upgrade from an earlier version of IBM Spectrum Control that used different ports, those ports are reused for your installation.
The ports are used for incoming communication and are configured during installation. Do not change these ports after your installation is complete.

Other IBM Spectrum Control IP ports

Table 2. List of IP ports that are used by IBM Spectrum Control
Resource and ports	Port information
Resources that run IBM Storage Virtualize Ports: 22, 5989 (both unidirectional)	For native interface: 22 listens for SSH communication from IBM Spectrum Control. 5989 listens for other communication from IBM Spectrum Control. You can upload the SSH key once at setup time using the 5989 port. By default, the IBM Spectrum Control Device server creates a connection between a IBM Storage Virtualize resource and a local port to listen for events from the IBM Storage Virtualize resource. The default range is 49152 to 65535. These ports are on the Device server only; you do not need to configure the firewall for them. The ports are used for a SSH tunnel to connect to the event port on the IBM Storage Virtualize resource. All communication to the IBM Storage Virtualize resource runs through the SSH connection. No other ports need to be open for IBM Storage Virtualize events. To change to a custom port range, use the CLI setdscfg command to change the values of the following parameters: NAPI.SVCEventListenerLPortBase NAPI.SVCEventListenerLPortMax After resetting the value, restart the Device server. For example, to set the range from 50100 to 65000, run these commands from the `installation_dir`/cli/ subdirectory: For Windows operating system: `tpctool.bat setdscfg -user <user name> -pwd <password>` `-property NAPI.SVCEventListenerLPortBase 50100` `tpctool.bat setdscfg -user <user name> -pwd <password>` `-property NAPI.SVCEventListenerLPortMax 65000` For AIX® and Linux® operating systems: `./tpctool.sh setdscfg -user <user name> -pwd <password>` `-property NAPI.SVCEventListenerLPortBase 50100` `./tpctool.sh setdscfg -user <user name> -pwd <password>` `-property NAPI.SVCEventListenerLPortMax 65000`
IBM Storage FlashSystem 900 Ports: 22, 5989, 161 (UDP) (all unidirectional)	For native interface: 22 listens for SSH communication from IBM Spectrum Control. 5989 listens for other communication from IBM Spectrum Control. You can upload the SSH key once at setup time using the 5989 port. For SNMP: 161 (UDP) listens for SNMP communications from IBM Spectrum Control for performance monitoring. The SNMP agent must be enabled for a storage system before IBM Spectrum Control can collect its performance data.
DS8000 Ports: 1751, 1750, 1755 (all bidirectional) Ports: 8451, 8452 (both unidirectional)	Native interface: 1751 (default) listens for communication from IBM Spectrum Control and other clients. If 1751 is unavailable, uses 1750. 1751 (default) sends hardware management console (HMC) information and events to IBM Spectrum Control. If 1751 is unavailable, uses 1750. 1755 sends and receives data for HTC when logs are being offloaded. 8451, 8452 DS8000 listens on these ports for communication with the DS8000 GUI.
IBM XIV Storage System IBM Storage Accelerate IBM FlashSystem A9000 IBM FlashSystem A9000R Port: 7778 (bidirectional)	The storage systems listen for communication from IBM Spectrum Control and other clients, and also send communications to IBM Spectrum Control.
IBM Storage Scale File storage ports: 22, 9084 (both unidirectional) Object storage ports: 5000, 8080, 35357 (all unidirectional)	File storage: 22 listens for SSH communication from IBM Spectrum Control. 9084 listens for performance data collection on the IBM Spectrum® Scale cluster node where the collector component is running. To collect performance metadata, complete the following actions: IBM Spectrum Scale 5.1.0 and earlier: Ensure that the queryinterface property is set to "0.0.0.0" in the ZIMonCollector.cfg file on the cluster node. `queryinterface="0.0.0.0"` IBM Spectrum Scale 5.1.1 and later: Ensure that the zimon/ZIMonCollector.cfg file on the cluster node includes the following properties: `fallbackqueryinterface = "0.0.0.0" # "0.0.0.0" to allow remote connections (or "::0" for IPv6) fallbackqueryport = "9084”` For more information, see Configuring the collection of performance data for IBM Storage Scale. Object storage: 5000, 8080, 35357 listen for data about any object storage or OpenStack Swift configurations on the IBM Spectrum Scale cluster node where the collector component is running.
IBM Cloud Object Storage Port: 443 (unidirectional)	443 listens for HTTPS communication from IBM Spectrum Control.
Dell EMC Unity Port: 443 (unidirectional)	443 listens for communication from IBM Spectrum Control.
Other Dell EMC storage systems Port: 5991 (unidirectional)	5991 listens for events that are coming from Dell EMC CIMOMs . To change this port, use the CLI setdscfg command and change the value for the Event.ListenerPort parameter. Then, restart the Device server. For example, to set the port to 7200, run this command from the `installation_dir`/cli/ subdirectory: For Windows operating system: `tpctool.bat setdscfg -user <user name> -pwd <password>` `-property Event.ListenerPort 7200` For AIX and Linux operating systems: `./tpctool.sh setdscfg -user <user name> -pwd <password>` `-property Event.ListenerPort 7200` You can also modify the protocol for listening to events that are coming from Dell EMC CIMOMs. By default, this protocol is set http. To change this protocol, use the CLI setdscfg command and change the value for the Event.ListenerProtocol parameter. Then, restart the External Process component. For example, to set the protocol to https, run this command from the `installation_dir`/cli/ subdirectory: For Windows operating system: `tpctool.bat setdscfg -user <user name> -pwd <password>` `-property Event.ListenerProtocol https` For AIX and Linux operating systems: `./tpctool.sh setdscfg -user <user name> -pwd <password>` `-property Event.ListenerProtocol https`
Hitachi VSP storage systems: Hitachi Command Suite: Port: 2443 (unidirectional) Hitachi Device Manager: Port: 2443 (unidirectional)	2443 listens for communication from IBM Spectrum Control.
NetApp ONTAP 9 Port: 22 (unidirectional)	22 listens for communication from IBM Spectrum Control.
Other NetApp storage systems Port: 80 (unidirectional)	80 listens for communication from IBM Spectrum Control using the NetApp Data ONTAP API (NAPI), if the storage system is a file storage system. If the NetApp storage system is a block storage system, the CIM agent ports are used to listen for communication from the Device server.
Pure storage systems Port: 443 (unidirectional)	443 listens for communication from IBM Spectrum Control.
SMI-S providers and CIM agents for switches and managed storage systems Ports: 5988, 5989, 5990 (unidirectional)	5988 listens for non-secure communication from the Device server. 5989 listens for secure communication from the Device server. 5990 IBM Spectrum Control listens on this port for events coming from CIM agents for managed storage systems. To change the port that IBM Spectrum Control uses to listen for events coming from CIM agents for managed storage systems, use the CLI setdscfg command. Change the value for the Indication.PermanentListenerPort parameter then restart the Device server. For example, to set the port to 7100, run this command from the `installation_dir`/cli/ subdirectory: For Windows operating system: `tpctool.bat setdscfg -user <user name> -pwd <password>` `-property Indication.PermanentListenerPort 7100` For AIX and Linux operating systems: `./tpctool.sh setdscfg -user <user name> -pwd <password>` `-property Indication.PermanentListenerPort 7100`
Brocade switches, Fabric OS 8.2.1 and later Ports: 80, 443 (unidirectional)	80 listens for HTTP communication from IBM Spectrum Control. 443 listens for HTTPS communication from IBM Spectrum Control. IBM Spectrum Control supports the TLS 1.3 protocol for communication with Brocade SAN switches, along with earlier TLS versions.
VMware vCenter Servers Port: 443 (unidirectional)	443 listens for communication from IBM Spectrum Control.
IBM Spectrum Control Device server Ports: 162 (UDP), 5960 (UDP), (both unidirectional) Ports: 49152 (UDP) (bidirectional)	162 (UDP) listens for SNMP traps coming from managed storage systems. 5960 (UDP) listens for forwarded SNMP messages. 49152 (UDP) IBM Spectrum Control uses this port to forward SNMP traps. To change these ports, use these steps: Log on to IBM Spectrum Control as a user with administrative privileges. Stop the Device server. Create a backup of the `installation_dir`/device/conf/user.properties file. Change the parameter that corresponds to the port to an available port number and save the file. 162 SnmpTrapPort 5960 SnmpForwardedTrapListeningPort 49152 SnmpForwardingPort Start the Device server.
All monitored resources 7 (ECHO port) (bidirectional)	Before you can discover resources, ensure that port 7 (ECHO port) is open on the resources, and Internet Control Message Protocol (ICMP) is available.
IBM Cognos® Analytics Port: 9300 (unidirectional)	Listens for communication from web browsers and other clients.