AppWorx, Dollar Universe and Sysload Community

 View Only

 Confirming Remote Agent Requirement and Port Question

Melodi Roberts's profile image
Melodi Roberts posted Sep 11, 2023 04:48 PM

First, let me confirm that I need to install an Automic Remote Agent in the following scenario:

  • Automic Engine installed on Linux server
  • TdClient software and bat files installed on a Windows VM
  • Need to execute these bat files and software, as well as move files around on the server to a mapped shared drive


If I do need to install a Remote Agent, I'm struggling a little with figure out what these ports are used for and should be set to.  They are required if there is a firewall on the VM:

Agent Server Port

Agent Client Port

Stack Server Port

Stack Client Port

Are these to be recorded in the ini file?

Thank you for any information.

Pat Richards's profile image
Pat Richards

Cant comment on the TdClient as i've no experience of that, but for the port settings the following may help

For the Automation Engine to connect/communicate to the Remote Agent the following ports need to be allowed (i.e. enable in firewall on Remote Agent VM)

       Awcomm_port : set in agent awenv.ini file.  Default value of 2136 should be used

       AgentClientPort : set in agent awenv.ini.  An appropriate value should be set if firewalls in play

For the Remote Agent to connect/communicate to the Automation Engine the following ports need to be allowed (i.e. enable in firewall on Automation Engine server)

       Awcomm_port : set in Engine awenv.ini file.  Default value of 2136 should be used

       MasterServerPort : set in Engine awenv.ini file. An appropriate value should be set if firewalls in play

link to online doc

https://techdocs.broadcom.com/us/en/ca-enterprise-software/intelligent-automation/applications-manager/9-4-0/Installation_Guide/Applications_Manager_Installation_Advanced_Topics/Overview_of_Firewall_Settings.html

        

Richard_Blumlein_8490's profile image
Richard_Blumlein_8490

Hi Melodi, 

We have been running Appman since 2005, and currently on 9.3.5 going to the latest 9.4.4 I believe. 

What I can tell you is we set the firewall option to no but we have hardware firewalls, and also running firewalld for in-bound on the VMs. The master, and remote agents all have firewall rules. When I last built the Appman Oracle Linux 8 systems I had to make sure the various parts were open. Notice I had to do this for the RMI, the awcomm, and a port for the remote agent which talks to the master 60010. Way back when we changed the RMI port from the default to another port because it conflicted with another product. This is from out prod Appman running 9.3.5. IT will be upgraded down the road sometime.  I believe only our upgrade insrance is at 9.4.4 now. Our Enterprise apps group is now responsible for Appman. 

The remote agent could not connect to the master until I opened up port 60010. Then it worked great. Still, we have Firewall no and things work great. Maybe it is the firewalld ports we have open which makes it work. We also have hardware firewall rules to allow users into Appman from around the campus subnets.  Lots I could talk about, but hope this helps. 

Rich 

###
### Master 
###


### site/awenv.ini

AWCOMM_PORT=2136
DB_PORT=1521
Smtp_port=25
Smtp_email=is_dl_team_-_systems_support@mail.colostate.edu
FireWall=No
APACHE_PORT=80
RMIRegistryPortNumber=1100
RMIDataPortNumber=
ClientRMIPortNumber=
[root@isifp610 site]#


### web/classes/Options.properties

# Set the RMI Registry Port number to use.  Default is 1099
RMIRegistryPortNumber=1100
# Set RMI Server port to use, default = 0
#RMIDataPortNumber=
# Set the RMI Client Port number to use, default = 0.
#ClientRMIPortNumber=
# Set the Database Port Number
# By default is the standard SQL listner port [1521]
#JdbcPortNumber=NULL

### firewall-cmd --info-zone internal
internal (active)
  target: default
  icmp-block-inversion: no
  interfaces:
  sources: ipset:internal_nets
  services: cockpit http https
  ports: 1100/tcp 2136/tcp 60010/tcp
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:


### firewall-cmd --info-zone trusted

trusted (active)
  target: default
  icmp-block-inversion: no
  interfaces:
  sources: ipset:trusted_nets
  services: http https ssh zabbix-agent
  ports: 1100/tcp 2136/tcp 60010/tcp
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

###
### Remote agent for Banner
###

### awenv.ini

AWCOMM_PORT=2136
FireWall=No

### web/classes/Options.properties

There is no file for the remote agent, only the master.