Chat now with support
Chat with Support

Foglight for Virtualization Enterprise Edition 8.9.3 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight FIPS-compliant mode Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Network ports

The Foglight® installation process allows you to configure port assignments. The default ports are displayed during installation.

Default port assignments

Table 2. Foglight® Management Server default port assignments

Embedded DB

TCP 15432

Incoming/Outgoing

HTTP

TCP 8080

Incoming

HTTPS

TCP 8443

Incoming

High Availability

UDP 45566
TCP 7800

Incoming/Outgoing

Federation RMI

TCP 1099

Incoming/Outgoing

Federation RMI Service

TCP 4444

Incoming/Outgoing

QP5

TCP 8448

Incoming/Outgoing

High Availability (HA) refers to running a secondary instance of Foglight as a failover backup server (redundant mode). Foglight listens to the multicast port (45566) only when configured for HA mode.

External PostgreSQL®

5432

Outgoing

Microsoft® SQL Server®

1433

Outgoing

Oracle®

1521

Outgoing

MySQLTM

3306

Outgoing

Agent adapter ports

Agent Manager

8080

Incoming

Agent Manager over SSL

8443

Incoming

Java EE Technology Agent

41705

Incoming

Client communication

The Agent Manager connects to the Management Server using the same HTTP(S) ports as the browser interface. The Agent Manager uses the standard URL format to configure the address of the upstream Management Server; therefore if the port number is changed in the Management Server configuration, it is a simple matter to configure the Agent Manager to use the updated port.

Agent Manager instances that are configured to communicate through a concentrator can use any customer-designated port for their communication with that concentrator host. This needs to be configured on both the upstream and downstream Agent Manager instance.

Some agents hosted by the Agent Manager are run out-of-process, and use local TCP connections to communicate with the master Agent Manager process. Two protocols are used for this local communication: legacy RAPSD for agents which are supported by the Agent Manager, and the Agent Manager’s XML-over-HTTP for new agents implemented with the Agent Manager API (this is the same protocol used by the Agent Manager to connect to the upstream Management Server or concentrators). In both cases, the master Agent Manager process listens for local connections on an available port assigned randomly by the OS from the ephemeral port range. In both cases, these ports will only accept connections from localhost; neither case supports encryption for this local-only traffic.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating