D.2 Firewall passage directions
This subsection describes the firewall passage directions for PFM - RM for Platform.
- Organization of this subsection
(1) Setting the firewall passage directions
If there is a firewall between PFM - Manager and PFM - RM for Platform, you must set fixed port numbers for all services of PFM - Manager and PFM - RM for Platform.
The following table shows the firewall passage directions.
Service name |
Parameter |
Passage direction |
---|---|---|
Remote Monitor Collector service |
jp1pcagt7[nnn]# |
PFM - RM for Platform PFM - Manager |
Remote Monitor Store service |
jp1pcsto7[nnn]# |
When communication (connection) begins, the service receiving the connection request (pointed to by the arrow) uses the port number indicated in Table D-1 Port numbers used by PFM - RM for Platform as the reception port. The service sending the connection request uses an available port as assigned by the OS as the transmission port. The range of port numbers used depends on the OS.
Set the firewall so that the transmission port used temporarily by PFM - Manager can pass through the reception port of PFM - RM for Platform.
- Note
-
If you execute the jpctool db dump or jpctool service list command at the PFM - RM for Platform host, specify the proxy option so that communication is established via PFM - Manager. Alternatively, between each PFM - RM host, set port numbers in the directions shown in the table below so that communication can pass through the firewall. For details about the proxy option of the jpctool db dump and jpctool service list commands, see the chapter that describes commands in the manual Job Management Partner 1/Performance Management Reference.
Table D‒3: Firewall passage directions (between each PFM - RM host) Service name
Parameter
Passage direction
Remote Monitor Collector service
jp1pcagt7[nnn]#
PFM - RM PFM - RM
Remote Monitor Store service
jp1pcsto7[nnn]#
In order to collect information from the monitored host, WMI is used for communications when the monitored host is running Windows, and SSH is used for communications when the monitored host is running UNIX. Therefore, if you place a firewall between PFM - RM for Platform and the monitored host, you must specify the settings so that communication passes through the firewall as follows:
-
PFM - RM for Platform (Remote Monitor Collector service) monitored host
- Note
-
: Direction in which communication (connection) begins, from the left-hand item to the right-hand item.
(a) When the monitored host is running Windows
WMI uses DCOM. Because DCOM uses dynamic port allocation, the port used for DCOM must pass through the firewall. For details about the setup method, see the firewall product documentation or contact the firewall product developer.
Usage with a firewall is not suitable because one WMI and DCOM request cannot be separated from another WMI and DCOM request. The following figure shows the recommended configuration.
(b) When the monitored host is running UNIX
Specify the settings so that the port number specified in the settings for the monitoring target of PFM - RM for Platform is used to pass through the firewall.
The table below shows the values that can be specified for the port number, which is a monitoring target setting. For details about the monitoring target settings, see 3.2.4 Setup procedure for the UNIX edition.
Setting item |
Description |
Permitted value |
Default value |
---|---|---|---|
Port |
Port number of the SSH server on the monitored host |
From 1 to 65,535 |
22 |
(2) Setting the firewall passage directions (when a logical host is used for operation)
If you place a firewall between PFM - Manager and PFM - RM for Platform, you must set fixed port numbers for all services of PFM - Manager and PFM - RM for Platform.
The following table shows the firewall passage directions.
Service name |
Parameter |
Passage direction |
---|---|---|
Remote Monitor Collector service (logical host) |
jp1pcagt7[nnn]# |
PFM - RM for Platform (logical host) PFM - Manager |
Remote Monitor Store service (logical host) |
jp1pcsto7[nnn]# |
- Legend:
-
: Direction in which communication (connection) begins, from the right-hand item to the left-hand item.
- #
-
If multiple instances are created, a sequence number (nnn) is assigned to the second and subsequent instances that are created. No sequence number is assigned to the first instance that is created.
When communication (connection) begins, the service receiving the connection request (pointed to by the arrow) uses the port number indicated in Table D-1 Port numbers used by PFM - RM for Platform as the reception port. The service sending the connection request uses an available port assigned by the OS as the transmission port. The range of port numbers used depends on the OS.
Set the firewall so that the transmission port used temporarily by PFM - Manager can pass to the reception port of the logical host of PFM - RM for Platform.
(3) Setting the firewall passage directions (when the health check function is used)
If PFM - RM for Platform is to monitor the operating status of a monitored host using the health check function, you must specify the settings so that ICMP communication passes through the firewall.
The following table shows the firewall passage directions.
Service name |
Communication protocol |
Passage direction |
---|---|---|
Remote Monitor Collector service |
ICMP echo request/ICMP echo response |
PFM - RM host monitored host |