|
Siebel Security Guide > Physical Deployment and Auditing >
About Selecting Port Numbers
Network traffic going to Siebel Application Object Managers (AOMs) on Siebel Servers go through static, configurable TCP ports. Each Siebel Server listens on one TCP port only. For more information on configuring ports for use with Siebel Business Applications, see Siebel Deployment Planning Guide. See also the Siebel Installation Guide for the operating system you are using. If you use Siebel load balancing, the AOM listens on one TCP port on each Siebel Server for traffic from the Web Server to the Siebel Server. If you use a third-party HTTP load balancer, then you can also use a single VIP address and port for all such communications from the Web Server to the Siebel Server. You can also use multiple VIP addresses and ports, if different VIPs or ports are used for different applications. By default, Siebel Server configuration assumes that each Web server communicates to one VIP address and port for all AOMs. You can change this manually, to support multiple VIP addresses or ports. Some important planning issues for using port numbers include the following:
- To secure communications between the Web browser and the Web server, using SSL, specify the HTTPS port (default is 443) when you install the SWSE.
- If you are setting up an LDAP or ADSI directory to use with Siebel Business Applications, use port 636 for secure transmission instead of port 389 for standard transmission.
- If you are using TCP/IP filtering, make sure that none of the ports you require, including the ServerMgr port, are blocked. If any required ports are blocked, the status of the Siebel Server will be Connect Failed. Note that the dynamic port numbers used range from 49152 to 65535.
- To allow users to access Siebel Business Applications across a firewall, make sure the Web server is accessible externally and that it can communicate with the Siebel Server using the SCBroker port (Siebel load balancing) or the virtual port of a third-party HTTP load balancer for TCP traffic. The default port used by SCBroker is 2321.
- Siebel Web Client users outside the firewall, such as authorized vendors (partners) or customers can use the standard Web server port (default is 80) to access Siebel Web applications. You can configure your firewall so that it will not pass traffic on anything other than port 80. If your Web server must support HTTP over SSL, you can open port 443.
- The COM data control and the Java DataBean both communicate using SISNAPI. COM data control supports RSA and Microsoft Crypto, but not SSL. Java DataBean supports RSA, but not Microsoft Crypto or SSL.
- Port numbers for communications between the Siebel Server and the Siebel database are database-specific. Default TCP port numbers available for this purpose are as follows:
- Oracle: 1521
- Microsoft SQL Server: 1433
- IBM DB2 UDB for Windows and UNIX: 5000 (Siebel default)
- IBM DB2 UDB for z/OS: no default
- Port numbers for communications between the Siebel Server and the Siebel File System and Database Server are dependent on the file system type. The default TCP port number is 139. The default User Datagram Protocol (UDP) port numbers are 137 and 138. UDP is a network protocol on the same level as TCP. Both TCP and UDP run on top of IP.
- Siebel Mobile Client users who have to connect to a Siebel Server in order to synchronize using Siebel Remote connect directly to the Siebel Server that serves as the Siebel Remote server. Telnet connections for mobile users can be configured in the Siebel environment. However, because of possible security risks, using such connections is not recommended.
|
