Cloud APM server ports
The prerequisite scanner checks whether internal and external ports are available for communication on the Cloud APM server.
- One type of port must be available and opened on the firewall. Such ports are for external communication, and you must open them on the firewall or disable the firewall. See Table 1.
- The other type of port is used for internal communication between components. Such ports must be available but can be blocked by the firewall because they do not require external communication. It is necessary to keep these ports from being used by any applications that are installed on the Cloud APM server. See Table 2.
For the list of ports that must be available for external communication on a Hybrid Gateway, see Installing the Hybrid Gateway.
FAIL for each port that is not available.
| Port | Description |
|---|---|
| 80 | If you use HTTP to communicate with the Cloud
APM server, open port 80. The agents and the Hybrid Gateway initiate a unidirectional connection
with the Cloud
APM server on port 80. HTTP communication
is the default option. A firewall can be used to block external access to this port if you want to use HTTPS only for agent to Cloud APM server. The port is labeled MINHTTP in the prerequisite scanner output. |
| 443 | If you use HTTPS to communicate with the Cloud
APM server, open port 443. The agents and the Hybrid Gateway initiate a unidirectional connection
with the Cloud
APM server on port 443. The port is labeled MINHTTPS in the prerequisite scanner output. |
| 9443 | If you use HTTPS to communicate with the Cloud
APM server, open port 9443. The Cloud APM console browser initiates a unidirectional connection
with the Cloud
APM server on port 9443. The port is labeled APMUIHTTPS in the prerequisite scanner output. |
| 8099 | Open port 8099 for Open ID Connect (OIDC) authentication. As part of the
Cloud APM console user authentication process, a user's
browser might be redirected to port 8099. The Cloud APM console browser initiates a unidirectional connection
with the Cloud
APM server on port 8099. The port is labeled OIDCHTTPS in the prerequisite scanner output. |
| 50000 | If you configure the Cloud
APM server to connect to a remote Db2® server, open port 50000. Either the Db2 server or the Cloud
APM server can initiate a connection on this port. The port is labeled DB2 in the prerequisite scanner output. |
| 27000 | If you configure the Cloud
APM server to connect to a remote MongoDB, a firewall must
allow access to port 27000. The Cloud
APM server
initiates a unidirectional connection with MongoDB on port 27000. If you use the local MongoDB, then external access to port 27000 can be blocked. The port is labeled MONGODB in the prerequisite scanner output. |
| 8091 and 8099 | To use the Threshold Manager API or the Resource Group
Management Service API, or both, open ports 8091 and 8099. API users initiate a unidirectional connection with the Cloud APM server. Port 8091 is labeled SERVER1HTTPS in the prerequisite scanner output. Port 8099 is labeled OIDCHTTPS in the prerequisite scanner output. |
| 9443 and 8099 | To use the Role Based Access Control (RBAC) API, open ports 9443 and 8099. For
more information about the RBAC API, see Accessing and using the Role-Based Access Control Service API. API users initiate a unidirectional connection with the Cloud APM server. Port 9443 is labeled APMUIHTTPS in the prerequisite scanner output. Port 8099 is labeled OIDCHTTPS in the prerequisite scanner output. |
| 9998 | If you configure the Cloud
APM server to send EIF messages to an EIF receiver, such as
the Probe for Tivoli EIF, open port 9998. To use a custom
port, update the value of the EIF Port setting in the Event Manager category
of the Advanced Configuration window (see Event Manager). The Cloud
APM server initiates a unidirectional connection with the
EIF receiver. The port is labeled FNEIFRCVR in the prerequisite scanner output. |
| 389 or 636 | If you plan to use LDAP to authenticate users of the Cloud APM console, open the port that is used by your LDAP
server. Usually, you open port 389 but if you set up the LDAP server to require SSL/TLS encrypted
connections, open port 636. Contact your LDAP server team to confirm which port numbers are used by
your LDAP servers. The Cloud
APM server initiates this
unidirectional connection with the LDAP server. These ports are not included in the prerequisite scanner output. |
| 8093 | If you plan to use the Universal View feature for defining dashboard pages in the
Custom Views tab of the Application Performance Dashboard, open port 8093 through a firewall. The Cloud APM console browser initiates a unidirectional connection
with the Cloud
APM server on port 8093. The port is labeled UVIEWSHTTPS in the prerequisite scanner output. |
- Other ports may be used for external communication if you integrate the Cloud APM server with other products such as Tivoli Common Reporting. See the documentation for these products that you plan to integrate with the Cloud APM server to determine what ports they use. For links to the related documentation, see Table 7 in the Part numbers topic.
- If a firewall is blocking the ports, you can either configure the firewall to allow traffic on certain ports or disable the firewall. For more information, see Configuring the firewall for incoming requests to the server.
| Port | Component |
|---|---|
| 80 | Port used by APM services to send requests to the min service. The port is labeled MINHTTP in the prerequisite scanner output. |
| 1527 | Port for Service Component Registry database. The port is labeled SCRDERBYDB in the prerequisite scanner output. |
| 2181 | Port for the Zookeeper process of Kafka Message Broker. The port is labeled ZOOKEEPER in the prerequisite scanner output. |
| 50000 | Port for the Db2 server. If you connect to a local Db2 server, this port must be unblocked for internal
communication. The port is labeled DB2 in the prerequisite scanner output. |
| 6066 | Port for Spark applications 2. The port is labeled SPARKAAPPS2 in the prerequisite scanner output. |
| 6414 | Port for Gaian database. The port is labeled FNGAIANDB in the prerequisite scanner output. |
| 7077 | Port for the Spark applications 1. The port is labeled SPARKAAPPS1 in the prerequisite scanner output. |
| 8080 | This is the HTTP port for the Cloud APM console. However, if you attempt to connect to the
console using HTTP and port 8080, you are redirected to use HTTPS and port 9443. The port is labeled APMUIHTTP in the prerequisite scanner output. |
| 18080 | Port for the Spark master. The port is labeled SPARKMASTER in the prerequisite scanner output. |
| 18085 | Port for the Spark worker. The port is labeled SPARKWORKER in the prerequisite scanner output. |
| 8090 | Port for Cloud APM console back end connection. The port is labeled SERVER1HTTP in the prerequisite scanner output. |
| 8091 | Port for secure Cloud APM console back end connection. The port is labeled SERVER1HTTPS in the prerequisite scanner output. |
| 8092 | This is the HTTP port for the uviews service, which is used for the
Custom Views tab of the Application Performance Dashboard. The ports is labeled UVIEWSHTTP in the prerequisite scanner output. |
| 9090 | Port for Cloud APM data collector back end |
| 9453 | Port for secure Cloud APM data collector back end |
| 9092 | Port for Kafka Message Broker The port is labeled KAFKA1 in the prerequisite scanner output. |
| 9989 | Port for Kafka Message Broker The port is labeled KAFKA2 in the prerequisite scanner output. |
| 10001 | Port for Open Services for Lifecycle Collaboration service provider. The port is labeled OSLCPM in the prerequisite scanner output. |
| 12315 | Port for Service Component Registry Java™
back end. The port is labeled SCRJAVABKEND in the prerequisite scanner output. |
| 27000 | Port for the MongoDB database. If you connect to a local
MongoDB, this port must be unblocked for internal communication. The port is labeled MONGODB in the prerequisite scanner output. |
| 13245 | Port 1 for role-based access control. The port is labeled RBACSERVER1 in the prerequisite scanner output. |
| 13246 | Port 2 for role-based access control. The port is labeled RBACSERVER2 in the prerequisite scanner output. |
| 13247 | Port 3 for role-based access control. The port is labeled RBACSERVER3 in the prerequisite scanner output. |
| 13248 | Port 4 for role-based access control. The port is labeled RBACSERVER4 in the prerequisite scanner output. |
| 32105 | Port for internal messaging. The port is labeled FNINTMSG in the prerequisite scanner output. |