Previous Topic

Next Topic

Enabling ports in HP Smart Update Manager

The ports that HP Smart Update Manager uses cannot be configured. When HP Smart Update Manager port initiates communications to remote targets, it uses several well-known ports depending on the operating system. For Windows®, it uses ports 138 and 445 to connect to remote targets (equivalent to remote and file print share functionality). For Linux, HP Smart Update Manager uses port 22 (SSH) to start the communications with the remote target.

HP Smart Update Manager uses defined ports to communicate between the remote target and the workstation where HP Smart Update Manager is executing. When you run HP Smart Update Manager, it uses the administrator/root privileges to dynamically register the port with the default Windows® and Linux firewalls for the length of the application execution, then closes and deregisters the port. All communications are over a SOAP server using SSL with additional functionality to prevent man-in-the-middle, packet spoofing, packet replay, and other attacks. The randomness of the port helps prevent port scanning software from denying service to the application. The SOAP server is deployed on the remote target using the initial ports described above (ports 138, 445, and 22) and then allocates another independent port as documented below for its communications back to the workstation where HP Smart Update Manager is running. During shutdown of HP Smart Update Manager, the SOAP server is shutdown and removed from the target server, leaving the log files.

To deploy software to remote targets on their secure networks using HP Smart Update Manager, the following ports are used.

For Windows®

Ports

Description

Ports 445 and 137/138/139

(Port 137 is used only if you are using NetBIOS naming service.)

These ports are needed to connect to the remote ADMIN$ share on target servers. These are the standard ports Windows® servers use to connect to remote file shares. If you can connect remotely to a remote Windows® file share on the target server, then you have the right ports open.

Ports 60000-60007

Random ports are used in this range to pass messages back and forth between the local and remote systems via SSL. These ports are used on the system running HP Smart Update Manager to send data to the target server.

Several internal processes within HP Smart Update Manager automatically use the port from 60000 when no other application uses it. If there is a port conflict, the manager uses the next available one. There is no guarantee that the upper limit is 60007 as it is dependent on how many target devices are selected for installation.

Ports 61000-61007

These ports are used from the target server back to the system running HP Smart Update Manager. The same mechanism is used by the remote access code as the 60000 ports, with the first trial port as 61000. There is no guarantee that the upper limit is 61007 when a conflict occurs. For the case of ipv4-only and one NIC, the lowest available one is used by HP Smart Update Manager to pass information between processes on the local workstation where HP Smart Update Manager is executed, and the next available one is used to receive messages from remote servers.

Port 62286

This port is the default for some internal communications. It is the listening on the remote side if there is no conflict. If a conflict occurs, the next available one is used.

Ports 80 or 63000-63005

The logs are passed to the target and the logs are retrieved via an internal secure web server that uses port 80 if it is available or a random port between 63000 and 63005, if it is not. This support allows updates of the iLO firmware without the need to access the host server and allows servers running VMware or other virtualization platforms to update their iLO without the need to reboot their server or migrate their virtual machines to other servers.

For Linux

Port

Description

Port 22

This port is establishes a connection to the remote Linux server via SSH.

Ports 60000-60007

Random ports are used in this range to pass messages back and forth between the local and remote systems via SSL. These ports are used on the system running HP Smart Update Manager to send data to the target server.

Several internal processes within HP Smart Update Manager automatically use the port from 60000 when no other application uses it. If there is a port conflict, the manager uses the next available one. There is no guarantee that the upper limit is 60007 as it is dependent on how many target devices are selected for installation.

Ports 61000-61007

These ports are used from the target server back to the system running HP Smart Update Manager. The same mechanism is used by the remote access code as the 60000 ports, with the first trial port as 61000. There is no guarantee that the upper limit is 61007 when a conflict occurs. For the case of ipv4-only and one NIC, the lowest available one is used by HP Smart Update Manager to pass information between processes on the local workstation where HP Smart Update Manager is executed, and the next available one is used to receive messages from remote servers.

Port 62286

This port is the default for some internal communications. It is used for listening on the remote side if there is no conflict. If a conflict occurs, the next available one is used.

Ports 80 or 63000-63005

The logs are passed to the target and the logs are retrieved via an internal secure web server that uses port 80 if it is available or a random port between 63000 and 63005, if it is not. This support allows updates of the iLO firmware without the need to access the host server and allows servers running VMware or other virtualization platforms to update their iLO without the need to reboot their server or migrate their virtual machines to other servers.