OM ports to be opened on the PRS

The ports that are opened in all networking modes include the OM ports opened on the PRS server (Deployed Independently), the OM
opened on the Syslog server for the PRS server, the OM ports to be opened for the Citrix tool, the OM ports to be opened for the VNC
the OM ports to be opened for the Veritas Netbackuptool.

OM ports to be opened on the PRS Server (deployed independently)

Protocol Source Target Device Destination
Type Device Port Number
TCP PRS client PRS server 20, 21

TCP PRS client PRS server 22

TCP PRS client PRS server 25

9999,
TCP PRS client PRS server
10511(SSL)

19999,
TCP PRS client PRS server
20009(SSL)

TCP PRS client PRS server 31000 to 31099

31000, 31050
TCP PRS client PRS server
(SSL)

31001, 31051
TCP PRS client PRS server
(SSL)

31005, 31055
TCP PRS client PRS server
(SSL)

31006, 31056
TCP PRS client PRS server
(SSL)

31008, 31058
TCP PRS client PRS server
(SSL)

31015, 31065
TCP PRS client PRS server
(SSL)

31030, 31080
TCP PRS client PRS server
(SSL)
 31032, 31082
TCP PRS client PRS server
(SSL)

31037 (TCP),
31038 (HTTP),
TCP PRS client PRS server 31039 (TCP
SSL), 31040
(HTTPS)

TCP PRS client PRS server 31100 to 31799

31200, 31700
TCP PRS client PRS server
(SSL)

TCP PRS client PRS server 32300, 32301

TCP PRS client PRS server 42300, 42301

HTTP PRS client PRS server 80

HTTP PRS client PRS server 8010

HTTP PRS client PRS server 8449

TCP Oracle tool PRS server 1521

TCP Local PRS server 30500
TCP Local PRS server 31499

OM ports opened on the M2000 server for the PRS server

Protocol Source Target Device Destination
Type Device Port Number
TCP PRS server M2000 server 20, 21

TCP PRS server M2000 server 22

UDP PRS server M2000 server 123

TCP PRS server M2000 server 31045

OM ports opened on the syslog server for the PRS server
Protocol Source Target Device Destination
Type Device Port Number

TCP PRS server Syslog server 601

UDP PRS server Syslog server 514

OM ports to be opened for the Citrix tool

Protocol Source Target Device Destination
Type Device Port Number
TCP Citrix client Citrix server 80
Managemen
TCP Citrix server 135
t console
TCP Citrix client Citrix server 443

TCP Citrix client Citrix server 1494

Other Citrix
TCP Citrix server 2512
servers
TCP Citrix client Citrix server 2513
Managemen
TCP Citrix server 2598
t console

Managemen
TCP Citrix server 8082
t console

Citrix
TCP license Citrix server 27000
server

UDP Citrix client Citrix server 1604

Web
browser
TCP Citrix Server 2301, 2381
(such as IE
and Firefox)

OM ports to be opened for the VNC tool

Protocol Source Target Device Destination
Type Device Port Number
5908, 5902,
TCP VNCViewer PRS server
5903, 5901
TCP VNCViewer PRS server 5802, 5803

TCP VNCViewer PRS server 5801

OM ports to be opened for the SPLX antivirus solution

The TrendMicro Control Manager (TMCM) server is optional and applicable to only the Linux operating system. The server pro
refers to these servers in the following table. The network of the TMCM server is as shown in the following figure.

Protocol Source Target Device Destination

Type Device Port Number
Web
browser 14080, 14443
TCP PRS server
(such as IE (HTTPS)
and Firefox)

80, 443
TCP PRS server TMCM server
(HTTPS)
OM Ports to be opened for the Veritas Netbackup tool
The Veritas Netbackup tool are optional for all networking scenarios.
As shown in the figure, the NBU client software is deployed on each PRS server.
Due to the heavy traffic of backup service, a firewall should not be deployed between the NBU server and the NBU client (PRS

Protocol Source Target Device Destination

Type Device Port Number
NBU client
TCP (PRS NBU server 13782
server)
NBU client
TCP (PRS NBU server 13724
server)
NBU client
TCP NBU server 13782
(PRS server)

OM Ports to be opened on the disk array side

When an OSS server uses a disk array and a firewall is deployed between the OSS server and other devices, the ports are opened accord
Note: The destination IP address is the IP address of the disk array. The version in the following table is the version of the disk array, w

Protocol Source Target Device Destination

Type Device Port Number
ISM
(Integrated
TCP Storage S2600 5988, 5989
Managemen
t)

OMT, PRS
TCP S2600 22
server

TCP, UDP ISM S2600 427

Web
browser
TCP S2600 80, 8443
(such as IE
and Firefox)
 SNMP
UDP client (NMS S2600 161
server)

UDP S2600 PRS server 162

modes include the OM ports opened on the PRS server (Deployed Independently), the OM ports opened on the M2000 server for the PRS server, the O
ver, the OM ports to be opened for the Citrix tool, the OM ports to be opened for the VNC tool, the OM ports to be opened for the SPLX antivirus sol
etbackuptool.

r (deployed independently)
Port Description Authenticati Encryption
on Mode Mode
The ports are used to transmit FTP commands and data between the PRS username/pas
None
client and the PRS server. sword
The port is used by the PRS server to receive the SSH access request from the username/pas
SSH
PRS client so that the PRS server can be maintained. sword
username/pas
The port is used by the PRS server to connect to the Email server. None
sword
The port is opened for the TAO CORBA naming service.
Port 9999 is accessed without encryption, while port 10511 is accessed with None None
SSL encryption.
The port is opened for the TAO notification service.
Port 19999 is accessed without encryption, while port 20009 is accessed with None None
SSL encryption.
These ports are opened for the basic iMAP services based on TCP prototol.
The iMAP is the platform for the PRS application software. Unless special username/pas
SSL
cases, the ports should be opened for PRS client so that the firewall does not sword
need to be reconfigured after the system upgrade.
The ports are opened in the CORBA IDL for connecting to the PRS client.
username/pas
Port 31000 is accessed without encryption, while port 31050 is accessed with SSL
sword
SSL encryption.
The ports are opened for the License, Schedule, and DataManager services in
the CORBA IDL. username/pas
SSL
Port 31001 is accessed without encryption, while port 31051 is accessed with sword
SSL encryption.
The ports are opened for the Log service in the CORBA IDL.
username/pas
Port 31005 is accessed without encryption, while port 31055 is accessed with SSL
sword
SSL encryption.
The ports are opened for the Log service in the CORBA IDL.
username/pas
Port 31006 is accessed without encryption, while port 31056 is accessed with SSL
sword
SSL encryption.
The ports are opened for the Security service in the CORBA IDL.
username/pas
Port 31008 is accessed without encryption, while port 31058 is accessed with SSL
sword
SSL encryption.
The ports are opened for the itmserver_agent service in the CORBA IDL. The
itmserver_agent service is used to manage the time task. username/pas
SSL
Port 31015 is accessed without encryption, while port 31065 is accessed with sword
SSL encryption.
The ports are used as message request proxies for receiving the requests from
the DesktopService and other service processes. username/pas
SSL
Port 31030 is accessed without encryption, while port 31080 is accessed with sword
SSL encryption.
 The ports are socket ports opened for the Event Notification service.
username/pas
Port 31032 is accessed without encryption, while port 31082 is accessed with SSL
sword
SSL encryption.

The ports are used for the DS desktop service. The DS supports multiple
instances, while a single instance is used currently.
Ports 31037 and 31039 are the RPC service ports, which receive TCP and
TCP+SSL requests from the client. Port 31037 is accessed without username/pas
SSL/HTTPS
encryption, while port 31039 is accessed with SSL encryption. sword
Ports 31038 and 31040 are the HTTP service ports. Port 31038 is used to
receive HTTP requests from the client, while port 31040 is used to receive the
HTTPS requests from the client.

These ports are opened for the basic PRS services. Unless special cases, the
username/pas
ports should be opened for PRS client so that the firewall does not need to be SSL
sword
reconfigured after the system upgrade.
The ports are opened for the maintain_agent service in the CORBA IDL. The
maintain_agent service is used to back up system data periodically. username/pas
SSL
Port 31200 is accessed without encryption, while port 31700 is accessed with sword
SSL encryption.

The ports are used by the PRS server to communicate with the PRS client so username/pas
None
that the PRS client can access the PRS service and collect data. sword

The ports are used by the PRS server to communicate with the PRS client so username/pas
None
that the PRS client can access the PRS service and collect data. sword

The port is used by the PRS server to communicate with the PRS client username/pas
None
during the automatic CAU upgrade. sword
The port is used by the PRS server to communicate with the PRS client username/pas
None
during the automatic CAU upgrade. sword
This is the HTTPS port used by the PRS AT, PRS Web system, online help, username/pas
HTTPS
and client auto update (CAU). sword
username/pas
This port provides the Oracle service and is applicable to only HP servers. None
sword
The ports are opened for setting up a CORBA connection. None None
The ports are opened for the PRS tool. None None

r the PRS server

Port Description Authenticati Encryption
on Mode Mode
The ports are used to transmit FTP commands and data between the PRS username/pas
None
server and the M2000 server. sword
The port is used to transmit FTP commands and data between the PRS server username/pas
SSH
and the M2001 server. sword
The port is used to synchronize the time on the PRS with that on the M2000
None None
server to implement NTP time synchronization.

username/pas
The port is used by the PRS server to authenticate the M2000 server centrally. None
sword
the PRS server
Port Description Authenticati Encryption
on Mode Mode

The port is used for forwarding logs by using Syslog. None None

The port is used for forwarding logs by using Syslog. None None

Port Description Authenticati Encryption

on Mode Mode
The port is opened for the Citrix XML service. The default port number is 80. IP Address None
The port is used to establish the connection between the management console Username/Pa
None
and the Citrix server. ssword
The port is a Citrix SSL relay port. None None
The port is used by the Citrix client to set up the ICA session with the Citrix Username/Pa
None
server. ssword
The port enables the communication between Citrix servers. IP Address None

Username/Pa
The port is used by the Citrix client to maintain the Citrix server. None
ssword
The port is used by the management console to set up the session with the
IP Address None
Citrix server.
The port enables the communication between the Citrix server and the license
Username/Pa
management console. None
ssword

The port enables the communication between the Citrix license server and the
Citrix server. IP Address None

The port enables the communication between the Citrix client and the Citrix
None None
server.

The ports are opened for smhstart.exe, which are used for monitoring HP username/pas
None
hardware and collecting fault information if hardware faults occur. sword
 Port Description Authenticati Encryption
on Mode Mode
username/pas
The ports are used for login to the KDM of the VNC viewer. None
sword
username/pas
The ports are used for login to the VNCViewer based on the HTTP protocol. None
sword
The port is opened for /usr/sbin/xinetd, which provides the graphical
connection service of VNC. The client connects to the remote desktop username/pas
None
through a browser. The destination IP address is the floating IP address of a sword
service Ethernet port.

ntivirus solution
M) server is optional and applicable to only the Linux operating system. The server protect for Linux (splx) is a service deployed on these serv
le. The network of the TMCM server is as shown in the following figure.

Port Description Authenticati Encryption

on Mode Mode

The ports are opened for the server protect for Linux (SPLX), which is used
username/pas
for maintaining security software. HTTPS
sword
Port 14080 is an HTTP port, and port 14443 is an HTTPS port.

The ports are opened for the TMCM, which are used for virus definition
username/pas
update and management. HTTPS
sword
Port 80 is an HTTP port, and port 443 is an HTTPS port.
Netbackup tool
or all networking scenarios.
ftware is deployed on each PRS server.
, a firewall should not be deployed between the NBU server and the NBU client (PRS server).

Port Description Authenticati Encryption

on Mode Mode
The port is used by the NBU server to receive requests (such as backup and
None None
restore requests) from the NBU client.
The port is opened for the Veritas Network Utility. None None
The port is used for the connection between the NBU server and NBU client.
None None
The NBU client is deployed on the PRS server.

side
firewall is deployed between the OSS server and other devices, the ports are opened according to the following table.
dress of the disk array. The version in the following table is the version of the disk array, which is not related to the OSS product version.

Port Description Authenticati Encryption

on Mode Mode

The ports are opened for the management software of the S2600 disk array,
username/pas
which is used by the client to manage the S2600 disk array through the disk None
sword
array management software.

The port is opened for the OMT to set up a connection between the client and
username/pas
the S2600 disk array in SSH mode, and for the PRS server to run the disk SSH
sword
array inspection script.
The port is used by the client to automatically detect all S2600 disk arrays
within a specified network segment through the disk array management None svrloc
software.

The port is used to download the disk array management software through username/pas
None
HTTP. sword
The port is used to response to the SNMP requests from the SNMP client username/pas
SNMP
(NMS server). sword

username/pas
The port is used to report hardware faults of the disk array. None
sword
e M2000 server for the PRS server, the OM ports
to be opened for the SPLX antivirus solution, and

Version Special Scenario

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

V100R003
and later None
versions

V100R006
and later None
versions

Independently
deployed
versions
None
earlier than
V100R003
SPC220
V100R003
SPC220 and
later versions
None
V100R005
and later
versions
V100R003,
None
V100R005
V100R006
and later None
versions
V100R007
and later None
versions
V100R006
and later None
versions
All versions None
All versions None

Version Special Scenario

All versions None

All versions None

All versions None

PRS
V100R006 The port is used
and later only in SSO mode.
versions
Version Special Scenario

The port used must

be negotiated with
the Syslog server.
V100R007 If TCP is used, the
and later Syslog server uses
versions port 601 by default.
If UDP is used, the
Syslog server uses
port 514 by default.

The port used must

be negotiated with
the Syslog server.
V100R008 If TCP is used, the
and later Syslog server uses
versions port 601 by default.
If UDP is used, the
Syslog server uses
port 514 by default.

Version Special Scenario

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

All versions None

 Version Special Scenario

Only for the HP

All versions
server
Only for the HP
All versions
server

Only for the HP

All versions
server

lx) is a service deployed on these servers and

Version Special Scenario

V100R007
and later None
versions

V100R007
and later None
versions
 Version Special Scenario

V100R006
and later None
versions
V100R006
and later None
versions
V100R006
and later None
versions

g table.
o the OSS product version.

Version Special Scenario

V100R006
Huawei Symantec
and later
S2600
versions

V100R006
Huawei Symantec
and later
S2600
versions
V100R006
Huawei Symantec
and later
S2600
versions

V100R006
Huawei Symantec
and later
S2600
versions
V100R006
Huawei Symantec
and later
S2600
versions
V100R006
Huawei Symantec
and later
S2600
versions
 374893182.xls

Local ports on the PRS server

Protocol Source Target Destination
Type Device Device Port Number
TCP Local PRS Server 31135
TCP Local PRS Server 31163
TCP Local PRS Server 31200
TCP Local PRS Server 31205

31004, 31054
TCP Local PRS Server
(SSL)

TCP Local PRS Server 31007, 31057

31009, 31059
TCP Local PRS Server
(SSL)

31013, 31063
TCP Local PRS Server
(SSL)

31035, 31085
TCP Local PRS Server
(SSL)

TCP Local PRS Server 31049, 31099

12/19/2017 1921
 374893182.xls

Port Description Authenticati Encryption Version

on Mode Mode
This port is opened for the PRS DS service. None None All versions
This port is opened for the PRS AS service. None None All versions
This port is opened for the PRS maintain_agent service. None None All versions
This port is opened for the PRS FS service. None None All versions
The ports are opened for the Partition services in the CORBA IDL.
Port 31004 is accessed without encryption, while port 31054 is accessed None None All versions
with SSL encryption.
The ports are opened for SettingService. None None All versions
The ports are opened for med agent. None None All versions
The ports are opened for the System and DataMgr services in the
CORBA IDL.
None None All versions
Port 31013 is accessed without encryption, while port 31063 is accessed
with SSL encryption.
The port is opened for the proxy service.
Port 31035 is accessed without encryption, while port 31085 is accessed None None All versions
with SSL encryption.
The ports are opened for eam agent. None None All versions

12/19/2017 2021
 374893182.xls

Special Scenario

None
None
None
None

None

None
None

None

None

None

12/19/2017 2121