question

Kalle L. avatar image
Kalle L. asked ·

About Agent Manager network connectivity and ports

Hi,

I have two questions about Agent Manager NW connectivity with other DC RUM components:

1. The Agent Manager service is listening on ports 9014 and 9015. When I add a new Child Agent Manager via the Synthetic Console, is the required NW access Parent -> TCP 9014,9015 -> Child or

Child -> TCP 9014,9015 -> Parent, or both ways?

2. CAS is polling data from the Agent Manager either via port 9014 or 9015. In case the RUM Console is installed on a separate server, does the firewall need to be open to the defined port 9014/9015 also from the RUM Console server? If so, why is that access needed - perhaps only to test that the Agent Manager is up and running, when adding a new device? Or is there some continued need for RUM to access the Agent Manager?


Thanks,

Kalle

esm
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Carol O. avatar image
Carol O. answered ·

Hi, Kalle.

  1. The required NW access should be both ways:

Parent <-> TCP 9014,9015 <-> Child

  1. In 12.5, the Parent Agent Manager needs to access the RUM Console server on its port to authenticate the ESM Console user. I do not know when the RUM Console needs to connect to the Parent Agent Manager on 9014/9015. But, I think it may be continuous since the RUM Console shows the status of the connection.

I hope this is helpful. Thanks!

1 comment Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Thanks for the response! I was also suspecting that the RUM connection might be required simply so that the status light can be displayed as green in the RUM console. But I wasn't sure if that request was routed via CAS, where the actual continuous data transfer is happening. For now I suppose we'll assume that the direct connection from RUM to Agent Manager is indeed required.

0 Likes 0 · ·
Kalle L. avatar image
Kalle L. answered ·

Hello again. Since I think this post covers pretty much all the required communication for Agent Managers, I'll add one more that's missing.

When registering an agent for agent-initiated communication using a Child Manager, the port 9018 needs to be open towards the Parent. Meaning:

Child Manager -> TCP 9018 -> Parent Manager

To my knowledge, this is only required during the registration process. If the port is blocked, it will result in this error:

Unable to register with Vantage Manager [AGENT_MANAGER_HOSTNAME:9018]: error [0]

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Kalle L. avatar image
Kalle L. answered ·

I'll just add one more note here, in case it could be of help for someone. CAS doesn't need TCP 9014/9015 access only to the Parent Agent Manager -> if and when the Transaction Trace reporting feature is used, CAS also needs that TCP 9014/9015 access to any Child Agent Managers. So even though the basic monitoring data is routed to CAS from the Child Managers via the Parent, CAS still needs that direct access in order to display the Trace reports.

This is just one of those things you might not realize when the servers are in the same VLAN, but in a more distributed environment it becomes something you need to make a note of.

1 comment Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Good point. Thanks, Kalle.

0 Likes 0 · ·
Carol O. avatar image
Carol O. answered ·

Yes, Kalle. Sorry about that! I corrected the earlier response.

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Kalle L. avatar image
Kalle L. answered ·

Update to "The required NW access should be Parent -> TCP 9014,9015 -> Child"

-> it appears the other way around is also needed, so that the child managers can send data to the parent

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.