HP Operations Manager for Windows

Concepts of DCE RPC Communication without Endpoint Mapper


The fundamental requirement is to enable HPOM to run in an environment where the port 135 can be closed on the firewall. Additionally, it would be helpful if the DCE RPC endpoint mapper could be disabled on the node itself, if no other applications are using it.

In particular, communication between the HP Operations management server and managed nodes must not use port 135.

This behavior can be achieved by setting certain variables in the opcinfo file on the HP Operations managed nodes and the registry on the HPOM for Windows management server.

To implement this, the HP Operations RPC servers must use specific ports, which can be configured by the customer. The RPC servers and clients will read these ports from configuration files and RPC clients will directly contact the HP Operations RPC servers using the specified ports, without using the DCE endpoint mapper.

NoteNOTE:
Variables used in the registry have the same names as the ones used in the opcinfo file, except that the prefix OPC_ is omitted. There are variable names such as OPC_COMM_PORT_RANGE throughout this document - the prefix OPC_ in italics means that the variable used in the opcinfo file is called OPC_COMM_PORT_RANGE, whereas the variable used in the registry is called COMM_PORT_RANGE.


A comparison of both models is shown below:

Behavior with DCE RPC endpoint mapper

  1. The RPC server starts up. It either uses the port specified in the variable OPC_COMM_PORT_RANGE or it will get a free port assigned. The RPC server registers itself with this port at the endpoint mapper.
  2. The endpoint mapper stores this information in its database.
  3. The RPC clients starts but does not know the port number used by the RPC server. It queries the endpoint mapper with the type of server it wants to contact and some additional interface specification uniquely identifying the destination server. The endpoint mapper returns the port number.
  4. The RPC client can now contact the specified RPC server.

Behavior without DCE RPC endpoint mapper

  1. The RPC server starts up. It uses the port specified in the variable OPC_COMM_PORT_RANGE. It does not register itself at the endpoint mapper (switched off using OPC_COMM_REGISTER_RPC_SERVER FALSE) and listens at this port (A).
  2. The RPC client determines from its local configuration that the RPC server must be contacted without an endpoint mapper lookup (OPC_COMM_LOOKUP_RPC_SRV FALSE). It reads the port of the RPC server either from a variable in the opcinfo file directly or reads it from a server port specification file specified in the variable OPC_COMM_RPC_PORT_FILE “…” (B).
  3. The RPC client searches for the specified RPC server within the server port specification file, based on the server type and destination node. The file entry contains the port where the RPC server is supposed to be listening (C).
  4. The RPC client now can contact the RPC server directly (D).

NoteNOTE:
Mixed environments are also possible, where some RPC clients are using the endpoint mapper, and other clients do not. For example, RPC clients (=nodes) inside the firewall could use the RPC endpoint mapper lookup (because they do not have to cross the firewall), whereas RPC clients (=nodes) outside the firewall do not use the endpoint mapper. This can be controlled using the OPC_COMM_LOOKUP_RPC_SRV variable.

In such a mixed scenario it would be necessary to register the HP Operations management server RPC server at the endpoint mapper, so that the nodes inside the firewall can find the server.

This can be controlled using the OPC_COMM_REGISTER_RPC_SERVER variable.

Related Topics: