D.2 Firewall passage directions

This subsection describes the firewall passage directions for PFM - RM for Platform.

Organization of this subsection

(1) Setting the firewall passage directions
(2) Setting the firewall passage directions (when a logical host is used for operation)
(3) Setting the firewall passage directions (when the health check function is used)

(1) Setting the firewall passage directions

If there is a firewall between PFM - Manager and PFM - RM for Platform, you must set fixed port numbers for all services of PFM - Manager and PFM - RM for Platform.

The following table shows the firewall passage directions.

Table D‒2: Firewall passage directions (between PFM - Manager and PFM - RM for Platform)
Service name	Parameter	Passage direction
Remote Monitor Collector service	`jp1pcagt7`[`nnn`]^#	PFM - RM for Platform PFM - Manager
Remote Monitor Store service	`jp1pcsto7`[`nnn`]^#	PFM - RM for Platform PFM - Manager

Legend:: : Direction in which communication (connection) begins, from the right-hand item to the left-hand item.
#: If multiple instances are created, a sequence number (nnn) is assigned to the second and subsequent instances that are created. No sequence number is assigned to the first instance that is created.

When communication (connection) begins, the service receiving the connection request (pointed to by the arrow) uses the port number indicated in Table D-1 Port numbers used by PFM - RM for Platform as the reception port. The service sending the connection request uses an available port as assigned by the OS as the transmission port. The range of port numbers used depends on the OS.

Set the firewall so that the transmission port used temporarily by PFM - Manager can pass through the reception port of PFM - RM for Platform.

Note

If you execute the jpctool db dump or jpctool service list command at the PFM - RM for Platform host, specify the proxy option so that communication is established via PFM - Manager. Alternatively, between each PFM - RM host, set port numbers in the directions shown in the table below so that communication can pass through the firewall. For details about the proxy option of the jpctool db dump and jpctool service list commands, see the chapter that describes commands in the manual Job Management Partner 1/Performance Management Reference.

Table D‒3: Firewall passage directions (between each PFM - RM host)
Service name	Parameter	Passage direction
Remote Monitor Collector service	`jp1pcagt7`[`nnn`]^#	PFM - RM PFM - RM
Remote Monitor Store service	`jp1pcsto7`[`nnn`]^#	PFM - RM PFM - RM

Legend:: : Direction in which communication (connection) begins, from the left-hand item to the right-hand item or from the right-hand item to the left-hand item.
#: If multiple instances are created, a sequence number (nnn) is assigned to the second and subsequent instances that are created. No sequence number is assigned to the first instance that is created.

In order to collect information from the monitored host, WMI is used for communications when the monitored host is running Windows, and SSH is used for communications when the monitored host is running UNIX. Therefore, if you place a firewall between PFM - RM for Platform and the monitored host, you must specify the settings so that communication passes through the firewall as follows:

PFM - RM for Platform (Remote Monitor Collector service) monitored host

Note

: Direction in which communication (connection) begins, from the left-hand item to the right-hand item.

(a) When the monitored host is running Windows

WMI uses DCOM. Because DCOM uses dynamic port allocation, the port used for DCOM must pass through the firewall. For details about the setup method, see the firewall product documentation or contact the firewall product developer.

Usage with a firewall is not suitable because one WMI and DCOM request cannot be separated from another WMI and DCOM request. The following figure shows the recommended configuration.

Figure D‒1: Example of an acceptable configuration for passing through a firewall with the port used in DCOM

(b) When the monitored host is running UNIX

Specify the settings so that the port number specified in the settings for the monitoring target of PFM - RM for Platform is used to pass through the firewall.

The table below shows the values that can be specified for the port number, which is a monitoring target setting. For details about the monitoring target settings, see 3.2.4 Setup procedure for the UNIX edition.

Table D‒4: Port numbers permitted for the monitoring target setting
Setting item	Description	Permitted value	Default value
Port	Port number of the SSH server on the monitored host	From 1 to 65,535	`22`

To Page Top

(2) Setting the firewall passage directions (when a logical host is used for operation)

If you place a firewall between PFM - Manager and PFM - RM for Platform, you must set fixed port numbers for all services of PFM - Manager and PFM - RM for Platform.

The following table shows the firewall passage directions.

Table D‒5: Firewall passage directions (between PFM - Manager and PFM - RM for Platform (for logical host operation)
Service name	Parameter	Passage direction
Remote Monitor Collector service (logical host)	`jp1pcagt7`[`nnn`]^#	PFM - RM for Platform (logical host) PFM - Manager
Remote Monitor Store service (logical host)	`jp1pcsto7`[`nnn`]^#	PFM - RM for Platform (logical host) PFM - Manager

Legend:: : Direction in which communication (connection) begins, from the right-hand item to the left-hand item.
#: If multiple instances are created, a sequence number (nnn) is assigned to the second and subsequent instances that are created. No sequence number is assigned to the first instance that is created.

When communication (connection) begins, the service receiving the connection request (pointed to by the arrow) uses the port number indicated in Table D-1 Port numbers used by PFM - RM for Platform as the reception port. The service sending the connection request uses an available port assigned by the OS as the transmission port. The range of port numbers used depends on the OS.

Set the firewall so that the transmission port used temporarily by PFM - Manager can pass to the reception port of the logical host of PFM - RM for Platform.

To Page Top

(3) Setting the firewall passage directions (when the health check function is used)

If PFM - RM for Platform is to monitor the operating status of a monitored host using the health check function, you must specify the settings so that ICMP communication passes through the firewall.

The following table shows the firewall passage directions.

Table D‒6: Firewall passage directions (between PFM - RM for Platform and a monitored host)
Service name	Communication protocol	Passage direction
Remote Monitor Collector service	ICMP echo request/ICMP echo response	PFM - RM host monitored host

Legend:: : Direction in which communication (connection) begins, from the left-hand item to the right-hand item or from the right-hand item to the left-hand item.

To Page Top