Ports used by connectors and data providers
Overview
To exchange data with external systems, Matrix42 Workspace Management uses Data Providers and Connectors. Due to security reasons it is required to close all unused ports on computers. This article explains which ports each Data Provider or Connector uses for communication.
AirWatch
The MWM AirWatch Data Provider uses the HTTPS protocol and the following port:
- TCP 443
Empirum
All Empirum versions since v12 R2 Patch 2 use Empirum API that works through single TCP port (can be configured in the Connector location settings together with the Empirum API settings).
Port used:
- TCP 9100
Information about ports used by Empirum itself can be found here.
Enterprise Manager
The EM Data Provider uses the following pre-configured port (can be set in the Data Provider configuration):
- TCP 8099
Inventory of Citrix XenServer
Port used:
- TCP 80 (HTTP)
Inventory of Microsoft Hyper-V
Port used:
- TCP 5985
Inventory of VMware vCenter
Port used:
- TCP 443 (HTTPS)
LDAP
The LDAP Data Provider obviously uses the LDAP port:
- TCP 389
- TCP 636 (over SSL)
LIS - Online Update
This Data Provider works through the HTTPS protocol and the following port:
- TCP 443
MATRIX42 Accounts
The Matrix42 Accounts server (https://accounts.matrix42.com/) uses the HTTPS protocol and the following port:
- TCP 443
MDM Connector
The MDM Connector uses HTTPS or HTTP connection, depending on location settings. By default only connection over HTTPS protocol has been tested.
Ports used:
- TCP 443 (HTTPS)
- TCP 80 (HTTP)
Oracle Inventory
The Oracle Database Inventory Data Provider uses the following pre-configured port (can be set in the Data Provider configuration):
- TCP 3307
SCCM Inventory
The SCCM Inventory Data Provider connects to SCCM in two ways:
- SQL Server Connection
- RPC Calls to SCCM API
Correspondingly there are following requirements regarding available (open) ports:
SQL Server Connection
- TCP 1433 (ms-sql-s)
For additional information from Microsoft about configuring the Windows Firewall for SQL Server Access see this external page.
RPC Calls to SCCM API
Communication with SCCM using RPC (Remote Procedure Calls) depends on Windows RPC Communication requirements. While RPC Endpoint Mapping is using a dedicated port, RPC Traffic is routed dynamically within a specific range of ports. For more information from Microsoft about ports used in SCCM review this external page.
Ports used depend on the version of the underlying Windows Server:
Windows Server 2008 and higher:
- TCP 135 (RPC Endpoint Mapping)
- TCP 49152 - 65535 (Dynamic TCP Ports)
Windows Server 2000 and Windows Server 2003:
- TCP 1025-5000 (Dynamic TCP Ports)
For more information from Microsoft about network port requirements for Windows review this external page.
Use IPsec to help secure the traffic with the site server. If you must restrict the dynamic ports that are used with RPC, you can use the Microsoft RPC configuration tool (rpccfg.exe) to configure a limited range of ports for these RPC packets. For more information from Microsoft about restricting RPC traffic to a specific port review this external page.
Silverback by MATRIX42
Silverback Data Provider uses the HTTPS protocol and the following port:
- TCP 443
Unix Inventory
The Unix Inventory Data Provider uses SSH for connection.
Port used:
- TCP 22 (SSH)
Windows Inventory
The Windows Inventory Data Provider uses Active Directory ports.
- In Windows Server 2008 and later and Windows Vista and later, the following ports are used:
- TCP 135 (epmap)
- TCP 49152 - 65535
- In Windows 2000, Windows XP, and Windows Server 2003, ports in the following range are used:
- TCP 1025-5000
For additional information about configuring Active Directory ports, see https://support.microsoft.com/en-us/kb/224196