Skip to main content
Matrix42 Self-Service Help Center

Integration Framework

Overview

Matrix42 Workspace Management provides a framework that allows to create a new Data Provider by using workflows and without any coding.

Both bulk loading of data from an external system and execution of actions that are designed in Matrix42 Workspace Management externally can be implemented by using workflows. In both cases, the process of data exchange is represented by six simple steps.

Bulk Loading

1 - Triggering the Data Provider

A separate Data Provider should be configured for each external system. Triggering the Data Provider starts the data exchange process. It can be triggered either manually by a user or automatically by an engine activation.

2 - Running the Server Workflow

The Data Provider runs a specific server workflow that is designed for importing records from an external system into Matrix42 Workspace Management. For example, the AD workflow is used for importing Active Directoryobjects into Matrix42 Workspace Management.

3 - Running the Client Workflow

The server workflow uses integration settings from the Data Provider object to access the Data Gateway that is installed on the intranet or in an external corporate network. It is often the case that Matrix42 Workspace Management has no access to the corporate network for security reasons. However, the Data Gateway can be installed in the network and exchange data with Matrix42 Workspace Management. The Data Gateway communicates with the server workflow. When it is triggered by the server workflow, it runs the client workflow in the corporate network. For example, the AD workflow on the server starts the AD - Client workflow in a corporate network.

4 - Collecting Data

The client workflow collects data from the corporate network or data center. For example, it can collect data pertaining to Active Directory accounts, data center infrastructure, hardware and software specifics of the computers in the network, etc.

5 - Passing the Collected Data to the Server Workflow

When the client workflow instance is successfully completed, the obtained data is passed to the server workflow. The data can be passed from one workflow to another by using a package of XML files. In such a case, the client workflow creates a package of XML files and then the Matrix42 Workspace Management server workflow receives these files.

6 - Processing the Collected Data

The server workflow processes the collected data and saves it to Matrix42 Workspace Management. For example, it can use import definitions to match the values that are retrieved from an external system and corresponding fields of a Matrix42 Workspace Management object.

Executing Actions Externally

By using a Data Gateway, a number of actions can be executed in a corporate network. For example, a password can be reset for an Active Directory account or Matrix42 Workspace Management computers can be synchronized to an AD server.

1 - Triggering the Data Provider or a Compliance Rule

Triggering the Data Provider starts the data exchange process. It can be triggered either manually by a user or automatically by an engine activation. Compliance rules can also be used for starting the synchronization process. When conditions specified in a compliance rule for a certain configuration item are fulfilled, the compliance rule is triggered.

2 - Running the Server Workflow

The Data Provider or the compliance rule starts a server workflow. The workflow collects the object data that should be transferred to an external system. For example, the Create AD Account workflow retrieves all account records that meet the conditions of a corresponding compliance rule.

3 - Running the Client Workflow

Based on the Data Provider settings, the server workflow accesses the Data Gateway which is installed on the intranet or in an external corporate network. When triggered, the Data Gateway runs a client workflow. For example, the Create AD Account on Agent workflow receives the object data from the Create AD Account server workflow and matches it with the objects on an AD server. Then the AD objects are either added or updated correspondingly.

4 - Executing an Action Externally

The client workflow executes a certain action in a corporate network. It can be resetting password for an Active Directory account or updating attributes of other AD objects based on changes made to these objects in Matrix42 Workspace Management.

5, 6 - Returning Results to Server Workflow

When the client workflow completes the required action, it can send the successful result to the server workflow. In case of synchronization to an Active Directory server, the AD server workflow saves the SID attribute values for each object that has been synchronized to an AD server.

Ports Used by Connectors and Data Providers

Overview

To exchange data with external systems, Matrix42 Workspace Management uses Data Providers and Connectors. Due to security reasons it is required to close all unused ports on computers. This article explains which ports each Data Provider or Connector uses for communication.

AirWatch

The MWM AirWatch Data Provider uses the HTTPS protocol and the following port:

  • TCP 443

Empirum

All Empirum versions since v12 R2 Patch 2 use Empirum API that works through single TCP port (can be configured in the Connector location settings together with the Empirum API settings).
Port used:

  • TCP 9100

Information about ports used by Empirum itself can be found here.

Enterprise Manager

The EM Data Provider uses the following pre-configured port (can be set in the Data Provider configuration):

  • TCP 8099

Inventory of Citrix XenServer

Port used:

  • TCP 80 (HTTP)

Inventory of Microsoft Hyper-V

Port used:

  • TCP 5985

Inventory of VMware vCenter

Port used:

  • TCP 443 (HTTPS)

LDAP

The LDAP Data Provider obviously uses the LDAP port:

  • TCP 389
  • TCP 636 (over SSL)

LIS - Online Update

This Data Provider works through the HTTPS protocol and the following port:

  • TCP 443

MATRIX42 Accounts

The Matrix42 Accounts server (https://accounts.matrix42.com/) uses the HTTPS protocol and the following port:

  • TCP 443

MDM Connector

The MDM Connector uses HTTPS or HTTP connection, depending on location settings. By default only connection over HTTPS protocol has been tested.
Ports used:

  • TCP 443 (HTTPS)
  • TCP 80 (HTTP)

Oracle Inventory

The Oracle Database Inventory Data Provider uses the following pre-configured port (can be set in the Data Provider configuration):

  • TCP 3307

SCCM Inventory

The SCCM Inventory Data Provider connects to SCCM in two ways:

  1. SQL Server Connection
  2. RPC Calls to SCCM API

Correspondingly there are following requirements regarding available (open) ports:

SQL Server Connection

  • TCP 1433 (ms-sql-s)

For additional information from Microsoft about configuring the Windows Firewall for SQL Server Access see this external page.

RPC Calls to SCCM API

Communication with SCCM using RPC (Remote Procedure Calls) depends on Windows RPC Communication requirements. While RPC Endpoint Mapping is using a dedicated port, RPC Traffic is routed dynamically within a specific range of ports. For more information from Microsoft about ports used in SCCM review this external page.

Ports used depend on the version of the underlying Windows Server:

Windows Server 2008 and higher:

  • TCP 135 (RPC Endpoint Mapping)
  • TCP 49152 - 65535 (Dynamic TCP Ports)

Windows Server 2000 and Windows Server 2003:

  • TCP 1025-5000 (Dynamic TCP Ports)

For more information from Microsoft about network port requirements for Windows review this external page.

Use IPsec to help secure the traffic with the site server. If you must restrict the dynamic ports that are used with RPC, you can use the Microsoft RPC configuration tool (rpccfg.exe) to configure a limited range of ports for these RPC packets. For more information from Microsoft about restricting RPC traffic to a specific port review this external page.

Silverback by MATRIX42

Silverback Data Provider uses the HTTPS protocol and the following port:

  • TCP 443

Unix Inventory

The Unix Inventory Data Provider uses SSH for connection.
Port used:

  • TCP 22 (SSH)

Windows Inventory

The Windows Inventory Data Provider uses Active Directory ports.

  1. In Windows Server 2008 and later and Windows Vista and later, the following ports are used:
  • TCP 135 (epmap)
  • TCP 49152 - 65535
  1. In Windows 2000, Windows XP, and Windows Server 2003, ports in the following range are used:
  • TCP 1025-5000

For additional information about configuring Active Directory ports, see https://support.microsoft.com/en-us/kb/224196