Network protocol and ports (incoming ports allowed by the firewall)
The firewall provides basic protection. If protection against sophisticated attacks is required, using a dedicated firewall product is recommended.
Communication across a NAT firewall is not supported.
The following protocols and ports are used by Data Center Operation:
|
Protocol |
Transfer protocol |
Port(s) |
Network | Credentials/Access | Encryption | Comments |
|---|---|---|---|---|---|---|
|
HTTP / HTTPS |
TCP |
80 / 443 |
Latency less than 200 ms, bandwidth minimum 1 Mbps. Bandwidth usage between client and server heavily depends on size of solution, number of users and the type of operations done to the solution. |
Manually created user and password (default apc/apc) Authentication server integration support There is no option to reset client user password Password policy is not implemented in DCO but can be enforced using Authentication servers. Password can be ASCII format and numbers |
Only using HTTPS TLSv1.2 |
Communication between server and clients. HTTP can be disabled or redirected to HTTPS for improved security. |
| SNMP | UDP | 161 | Basic system information and status of the Operation service will be exposed. More information can be found here The SNMP server can be disabled using the Server Configuration interface |
SNMP community string is default "public" | For added security from v7.3.6, disable SNMPv1 and configure SNMPv3. More... | |
| PostgreSQL | TCP | 5432 | Depending on system integration the bandwidth requirements should be specified accordingly. | As specified in external system ETL configuration |
Default MD5 authentication Otherwise depending on database integration created |
ETL communication between database and server |
| Webmin | TCP | 10000 | Very limited bandwidth requirements in normal operation. Downloading/uploading backups will increase the bandwidth requirements significantly. |
Manually created user and password during installation User password reset instructions |
Yes | Server configuration interface at https://<server ip>:10000 |
| Ping | ICMP | Will reply to ping requests | ||||
External systems related protocols (outgoing, default (can be edited)) |
||||||
| HTTP | TCP (SSL/TLS) | 80 (443) |
Depending on system integration being used. For Data Center Expert it is estimated that every alarm will be around 2000 characters in size. Sensor data has approximately the same size but is transferred more often (depending on the integration configuration). The alarm and sensor data are bidirectional communicated with the majority of data going to DCO. A catch-up job is run on a hourly basis (configurable) this job will poll number of active alarms * 2000 chars. |
As specified in external system configuration | Depending on system integration | VMware, SCOM, Cisco UCS |
| SMTP | TCP | 25 | Email traffic from the DCO is limited and "user generated" via e.g. work order execution, some system configuration etc. | As specified in external system configuration | Not supported | communication with e-mail server |
| DNS | TCP/UDP | 53 | Very limited traffic and bandwidth requirement | As specified in external system configuration | Not supported | DNS server communication |
| NFS | TCP/UDP | 111 | Depending on system integration | As specified in external system configuration | Not supported by protocol | NFS mounted external drive |
| NTP | UDP | 123 | Very limited traffic and bandwidth requirement | As specified in external system configuration | Depending on system integration | NTP server communication |
| SMB | TCP/UDP | 139 | Depending on system integration | As specified in external system configuration | Depending on system integration | SMB communication to NAS/SAN |
| CIFS | TCP | 445 | Depending on system integration | As specified in external system configuration | Depending on system integration | CIFS communication to NAS/SAN |
| NFS | TCP/UDP | 2049 | Depending on system integration | As specified in external system configuration | Not supported by protocol | NFS communication to NAS/SAN |
