Symantec Access Management

Hi,

I have some questions about services related to Policy Server about their configuration that I would like to understand better. I don't have a good knowledge of servers background yet, so maybe my questions may be more related with that knowledge than with CA Policy Server, I don't know.

When I check what services related to CA SiteMinder Policy Server are running in the server, I find these three:

• SiteMinder Administrative UI:
  • Service name: SMADINUI
  • Path to executable: "...\jbosssvc.exe" -r SMADMINUI
• SiteMinder Health Monitor Service:
  • Service name: SmServMon
  • Path to executable: "...\SERVIC~2.EXE"
• SiteMinder Policy Server:
  • Service Name: SmPolicySrv
  • Path to executable: "...\SERVIC~1.EXE"

When I execute on console "tasklist" command, I can read this:

Image Name                    PID  Session Name        Session#    Mem Usage

========================= ======== ================ =========== ============

jbosssvc.exe                  1828 Services                   0      2,696 K

SERVIC~1.EXE                  1852 Services                   0     14,268 K

SERVIC~2.EXE                  2044 Services                   0     14,276 K

smpolicysrv.exe               1040 Services                   0     95,464 K

java.exe                      1920 Services                   0    652,672 K

When I execute "netstat -nao" I get:

  Proto  Local Address          Foreign Address        State           PID

  TCP    0.0.0.0:44441          0.0.0.0:0              LISTENING       1040

  TCP    0.0.0.0:44442          0.0.0.0:0              LISTENING       1040

  TCP    0.0.0.0:44443          0.0.0.0:0              LISTENING       1040

  TCP    0.0.0.0:44444          0.0.0.0:0              LISTENING       1040

  TCP    127.0.0.1:49191        127.0.0.1:44449        ESTABLISHED     1040

  TCP    127.0.0.1:49205        127.0.0.1:19999        ESTABLISHED     1040

  TCP    [::]:44441             [::]:0                 LISTENING       1040

  TCP    [::]:44442             [::]:0                 LISTENING       1040

  TCP    [::]:44443             [::]:0                 LISTENING       1040

  TCP    [::]:44444             [::]:0                 LISTENING       1040

  UDP    0.0.0.0:44444          *:*                                    1040

  UDP    127.0.0.1:57679        *:*                                    1040

  UDP    [::]:44444             *:*                                    1040

  UDP    [::]:59608             *:*                                    1040

  UDP    [::1]:57678            *:*                                    1040

  ...

  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       1920

  TCP    127.0.0.1:8443         0.0.0.0:0              LISTENING       1920

  TCP    127.0.0.1:49230        0.0.0.0:0              LISTENING       1920

  TCP    127.0.0.1:51897        127.0.0.1:51898        ESTABLISHED     1920

  TCP    127.0.0.1:51898        127.0.0.1:51897        ESTABLISHED     1920

  TCP    127.0.0.1:51899        127.0.0.1:44442        ESTABLISHED     1920

  TCP    127.0.0.1:51980        127.0.0.1:51981        ESTABLISHED     1920

  TCP    127.0.0.1:51981        127.0.0.1:51980        ESTABLISHED     1920

  TCP    127.0.0.1:51983        127.0.0.1:51984        ESTABLISHED     1920

  TCP    127.0.0.1:51984        127.0.0.1:51983        ESTABLISHED     1920

  TCP    [::]:8080              [::]:0                 LISTENING       1920

On the browser, where ADMIN UI is being displayed,I can read this URL:

https://127.0.0.1:8443/iam/siteminder/console/ui7/index.jsp?facesViewId=/app/webadmin/HostConfig/HostConfigGeneral.jsp

My questions are these:

1. I don't understand the difference between Service name and Executable name. For example, Administrative UI executable name does appear on tasklist table but its service name don't. For Health Monitor service is the same. However, with Policy Server it's different, since its Service Name and executable name do appear on the table.
2. Is Policy Server listening on these three TCP ports: 44441, 44442 and 44443.? If does, for what does it uses the others:
   • TCP: 44444, 49191 and 49205.
3. Why is Admin UI  listening on port 8443, which is related to java.exe? Why is not related to jsbosssvc.exe, which doesn't have any port?
4. Why does only service smpolicyserver has ports assigned?

Thanks in advance and please be patient with me

Kind regards,

Andrés-J. Cremades

Message was edited by: Andres J. Cremades Cremades Monserrat Grammar.

Hi Andreas,

Let me give a try to your questions :--

1. Service name : name with which process or may be shortname of a proces, whereas executable name is a name of file or executable which is executed / run to trigger the service.

2. 44444 : this is port for administration ( Port for Connection Wizard ) and other ports seems to be connection made from webagent to policy server.

3. default port of ssl for adminui is 8443 , since it is an application deployed on jboss which is a java based application hence it shows up as java.

4. Since all connection are made with Policy Server based whether it is an authentication process from webagent or policy creation via adminui all done via policy server.

Hope it helps

Thanks,

Ankush

Hi, thanks for answering, Ankush.

I need a few clarifications more.

• Does not the SiteMinder Health Monitor Service need any port? How does Health Monitor communicate with Policy Server then?
• It's the first time I hear that of "port for administration". Is it some kind of pre-established port? Is used just by CA SiteMinder or by more services? I found an Oracle document where you can read "WebLogic Server provides the option to enable an SSL administration port for use with all servers in the domain." (link) Are they talking about the same port?
• So ports 49191 and 49205 are also used to communicate Policy Server with Agents?

Thanks

Andrés-J. Cremades

Hi Andres,

1)  OneView Agent -- 44449 and OneView Monitor : -- 44450 , these are ports used by one view.

2) Here 44444 is the port used by Siteminder for operating in administration purpose.

3) Yes, these ports might be used and established at time of communication between agent and policy server. You stop services of components such as webagent , wam ui and one view one by one to check which agent is using these ports for communication.

Thanks,

Ankush

Ok. Thanks Ankush

Kind regards,

Andrés-J. Cremades