- What TCP/IP ports are used by Control-M? - What ports need to be opened in the firewall for Control-M communication? - What are the ports used between Control-M/EM Server, Control-M/EM Clients, Control-M/Server and Control-M/Agent? - What TCP/IP ports need to be opened in the firewall and used by Control-M/Enterprise Manager, Control-M/Server, and Control-M/Agent? |
1a. Ports between CONTROL-M/EM clients and CONTROL-M/EM servers version 9.0.18 and higherAll communication between Control-M/EM clients and Server is through the Control-M/EM web server.Therefore, the only port(s) that need to be opened in the firewall are the HTTP port (default 18080), and/or the HTTPS port (default 8443). 1b. Ports between CONTROL-M/EM clients and CONTROL-M/EM servers up to version 9.0.00 A. These ports are configured by the CORBA configuration utility (orbconfigure).
These ports need to be configured on the CONTROL-M/EM Server side. The EM components (GAS, GCS, GUI Server, Web Server, Self Service, Forecast, BIM) are set to use a random port # by default.
However, orbconfigure can set these components to use a range of ports that can then be opened in the firewall. We recommend a range of 24 ports (for v9). For example, 13100-13123.
These ports need to be opened for incoming traffic and allow bi-direction communication in these sessions
B. The database port is used by the Reporting Facility and will need to be opened in the firewall for incoming traffic and allow bi-direction communication on the session
C. The Tomcat web server port is used by the V9 Workload Automation Client to verify the latest version of the Client, for end-user deployment, and On-line Help. The port is configured in ./etc/emweb/tomcat/conf/server.xml file 2. Ports between Control-M/EM Server, Control-M/Server and their respective databases A. if the database is remote to Control-M/EM Server or Control-M/Server, then the port # that the database is listening on will need to be open in the firewall
This port should be open for incoming traffic to the Database and allow bi-directional communication during the session
in v9 with HA enabled using ProgreSQL the primary and the secondary machines need to be able to initiate a Database connection from one machine to the other. (See the HaWithPG diagram attached) B. The Control-M/Server Configuration Agent port. (Default 2369)
This port should be open for incoming traffic from CMS to Control-M/Server and allow bi-directional communication on the session.
C. In HA environment Control-M/Server HA port (Default 2368)
The port should be open for incoming traffic on the secondary server and allow bi-directional communication on the session.
It is used for the communication between the two Control-M/Server CA (Configuration Agent) processes only. D. The Gateway ports (Default 2370 and 2371)
These ports should be open for incoming traffic to Control-M/Server and allow bi-direction communication on these sessions
On version 7 and above, the Control-M/EM TCP/IP port is using a single port (Default 2370)
E. The API Gateway port (Default: 8393) For Control-M/Server 9.0.21 Only Define environment variable BMC_INST_CTM_APIGTW_PORT to 8393 or any available port on the Control-M/Server. This port should be open for incoming traffic to Control-M/Server and allow bi-direction communication on these sessions. 3. Ports between Control-M/Server and Control-M/Agent A. If 'persistent connection' is not used, then the following ports will have to be open in the firewall:
B. If 'persistent connection' is used, then only the Server to Agent Port will have to be open in the firewall This port should be open for incoming traffic to Control-M/Agent and allow bi-direction communication during the session
Additional Information:
The port diagram can be found on the ftp.bmc.com server for each release at ftp.bmc.com/pub/control-m/opensystem/DB_Schemas/ use anonymous user to login to the server |