DHCP
|
|
Network access
|
Provisioning Network
|
|
Default port
|
67, 68 (server)
|
|
Router and Firewall Configuration
|
DHCP Relay required in routed networks.
|
|
Port Configurable?
|
no
|
|
Feature That Maps to the Port
|
Responds to DHCP requests from managed servers during netboot.
|
|
Enable or Disable?
|
The DHCP service is enabled by the N1 System Manager during the netboot phase
of OS deployment and is disabled thereafter.
|
|
Authentication
|
None
|
|
Data encryption
|
None
|
FTP
|
|
Network access
|
Management Network
|
|
Default port
|
TCP:21 (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
No
|
|
Feature That Maps to the Port
|
Firmware Management for ALOM based systems
|
|
Enable or Disable?
|
Indirectly through manual assertion
|
|
Authentication
|
Randomly generated user and password account on the N1 System Manager server.
Not user configurable
|
|
Data encryption
|
No
|
HTTP
|
|
Network access
|
Provisioning Network
|
|
Default port
|
80 (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
No
|
|
Feature That Maps to the Port
|
Required during disk-full OS Deployment of Red Hat Enterprise Linux
and SUSE Linux Enterprise Server.
|
|
Enable or Disable?
|
No
|
|
Authentication
|
User ID and password
|
|
Data encryption
|
No
|
HTTP
|
|
Network access
|
Management Network
|
|
Default port
|
TCP:80 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
No
|
|
Feature That Maps to the Port
|
Launch of Web Console for the Sun Fire T1000 and T2000 managed servers from
within the N1 System Manager browser interface.
|
|
Enable or Disable?
|
Yes. Use the n1smconfig to enable or disable, which
will shutdown and restart the N1 System Manager.
|
|
Authentication
|
User ID and password
|
|
Data encryption
|
No.
|
HTTPS
|
|
Network access
|
Corporate Network
|
|
Default port
|
6789 (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Port 6789 is registered by the N1 System Manager browser interface. Override
is not recommended
|
|
Feature That Maps to the Port
|
Serves content to the N1 System Manager browser interface.
|
|
Enable or Disable?
|
Port must be exclusively owned by the N1 System Manager browser interface and
cannot be disabled while the N1 System Manager is running.
|
|
Authentication
|
PAM based Authentication done by the N1 System Manager browser interface component.
|
|
Data encryption
|
Yes,
through certificates
|
ICMP
|
|
Network access
|
Provisioning Network
|
|
Default port
|
5813 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Well known port. Override is not recommended.
|
|
Feature That Maps to the Port
|
Network monitoring of a running OS on managed servers.
|
|
Enable or Disable?
|
No
|
|
Authentication
|
None
|
|
Data encryption
|
No
|
ICMP
|
|
Network access
|
Management Network
|
|
Default port
|
5813 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Well known port. Override is not recommended.
|
|
Feature That Maps to the Port
|
Network monitoring of service processor interfaces
|
|
Enable or Disable?
|
No
|
|
Authentication
|
None
|
|
Data encryption
|
No
|
IPMI
|
|
Network access
|
Management Network
|
|
Default port
|
TCP:623 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
No
|
|
Feature That Maps to the Port
|
Discovery using IPMI based service processor
|
|
Enable or Disable?
|
Indirectly through manual assertion
|
|
Authentication
|
User/password
|
|
Data encryption
|
No
|
JDBC
|
|
Network access
|
Local host
|
|
Default port
|
5434 (server)
|
|
Router and Firewall Configuration
|
Not applicable
|
|
Port Configurable?
|
Yes. Modify the file /opt/sun/N1_Service_Provisioning_System_5.1/server/postgres/data/postgresql.conf
|
|
Feature That Maps to the Port
|
Service provisioning Postgres database server
|
|
Enable or Disable?
|
No
|
|
Authentication
|
User/password
|
|
Data encryption
|
No
|
JDBC
|
|
Network access
|
Local host
|
|
Default port
|
5434 (client)
|
|
Router and Firewall Configuration
|
Not applicable
|
|
Port Configurable?
|
Yes. Modify the file /etc/opt/sun/cacao/modules/servicescommonmodule.xml
|
|
Feature That Maps to the Port
|
Service provisioning Postgres database server client
|
|
Enable or Disable?
|
No
|
|
Authentication
|
User ID and password
|
|
Data encryption
|
No
|
JDBC
|
|
Network access
|
Local host
|
|
Default port
|
5433 (server)
|
|
Router and Firewall Configuration
|
Not applicable
|
|
Port Configurable?
|
Yes. Modify the file /var/opt/sun/scs/data/db/mgmt/postgresql.conf
|
|
Feature That Maps to the Port
|
SCS Postgres database server
|
|
Enable or Disable?
|
No
|
|
Authentication
|
User/password
|
|
Data encryption
|
No
|
JDBC
|
|
Network access
|
Local host
|
|
Default port
|
5433 (client)
|
|
Router and Firewall Configuration
|
Not applicable
|
|
Port Configurable?
|
Yes. Modify the file /etc/opt/sun/cacao/modules/servicescommonmodule.xml
|
|
Feature That Maps to the Port
|
SCS Postgres Database client
|
|
Enable or Disable?
|
No
|
|
Authentication
|
User ID and password
|
|
Data encryption
|
None
|
JMXMP
|
|
Network access
|
localhost
|
|
Default port
|
10162 (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
No
|
|
Feature That Maps to the Port
|
Used by all features. This port is opened by the common agent container
Mbean Server.
|
|
Enable or Disable?
|
Port 10162 must be owned exclusively by the common agent container and
cannot be disabled while the N1 System Manager is running.
|
|
Authentication
|
PAM based authentication for UnknownClient connection
requests.
|
|
Data encryption
|
Yes
|
JMXMP
|
|
Network access
|
localhost
|
|
Default port
|
10162 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Yes. By editing cacao.properties.
|
|
Feature That Maps to the Port
|
Used by the N1 System Manager browser interface component to connect to the
common agent container Mbean server using the JMX UnknownClient connection.
|
|
Enable or Disable?
|
No
|
|
Authentication
|
PAM
|
|
Data encryption
|
Yes
|
JMXMP
|
|
Network access
|
localhost
|
|
Default port
|
10163 (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Yes. By editing cacao.properties.
|
|
Feature That Maps to the Port
|
Used by the N1 System Manager n1sh command line interface
to connect to the common agent container CommandStream adaptor
using the JMX WellknownClient connection.
|
|
Enable or Disable?
|
No
|
|
Authentication
|
Yes. Public key
based.
|
|
Data encryption
|
Yes
|
JMXMP
|
|
Network access
|
localhost
|
|
Default port
|
10163 (client)
|
|
Router and Firewall Configuration
|
No.
|
|
Port Configurable?
|
Yes, by modifying cacao.properties.
|
|
Feature That Maps to the Port
|
Used by the N1 System Manager n1sh command line interface
to establish the WellKnownClient connection to CSA
in the common agent container MbeanServer.
|
|
Enable or Disable?
|
No
|
|
Authentication
|
Key based authentication
|
|
Data encryption
|
Yes
|
NFS
|
|
Network access
|
Provisioning Network
|
|
Default port
|
TCP/UDP:2049 (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Well-know port. Override is not recommended
|
|
Feature That Maps to the Port
|
Used by the N1 System Manager to export file systems during disk-full OS deployment
process for Solaris only.
|
|
Enable or Disable?
|
Must always be running if OS deployment is a desired feature. NFS is
not automatically enabled or disabled by the N1 System Manager.
|
|
Authentication
|
None
|
|
Data encryption
|
No
|
SMTP
|
|
Network access
|
Management Network
|
|
Default port
|
TCP:25 (server)
|
|
Router and Firewall Configuratio
|
No
|
|
Port Configurable?
|
No
|
|
Feature That Maps to the Port
|
Email alert based detection of hardware monitoring threshold violations
for ALOM based managed servers
|
|
Enable or Disable?
|
Yes. Set monitored=false using the N1 System Manager,
but not independent of OS monitoring.
|
|
Authentication
|
Email account user and password configured manually prior to installation
|
|
Data encryption
|
None
|
SNMP V1
|
|
Network access
|
All
|
|
Default port
|
UDP:8089
(server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Yes. By editing the configuration file entry as root user. Requires
restart of the N1 System Manager to activate.
|
|
Feature That Maps to the Port
|
SNMP read requests for info Management Information Base (MIB) OIDs
from external SNMP Managers
|
|
Enable or Disable?
|
The SNMP agent is active as long as the N1 System Manager is running. The SNMP
agent cannot be disabled at N1 System Manager startup time or while the N1 System Manager is
running.
|
|
Authentication
|
SNMP V1 Community string. Community strings are passed in clear text
and are not configurable.
|
|
Data encryption
|
None
|
SNMP V1
|
|
Network access
|
All
|
|
Default port
|
UDP:162
(server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Yes. By
running the create notification CLI command.
|
|
Feature That Maps to the Port
|
Send SNMP traps to external SNMP trap listeners per OIDS in the trap
MIB.
|
|
Enable or Disable?
|
Cannot be directly disabled at startup time or while the N1 System Manager is
running. Can be indirectly disabled by denying privileges to create SNMP Notification
Rules in the N1 System Manager.
|
|
Authentication
|
None
|
|
Data encryption
|
None
|
SNMP V1
|
|
Network access
|
Management Network
|
|
Default port
|
UDP:162 (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
No.
|
|
Feature That Maps to the Port
|
Trap based detection of hardware monitoring threshold violations for
the Sun Fire V20z, V40z, X2100, X4100, and X4200.managed servers.
|
|
Enable or Disable?
|
Yes. Set monitored=false using the N1 System Manager,
but not independent of OS monitoring.
|
|
Authentication
|
None
|
|
Data encryption
|
None
|
SNMP V1
|
|
Network access
|
Provisioning Network
|
|
Default port
|
UDP:161
(client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Yes. Edit the file /etc/opt/sun/ n1gc/agent.properties as
root and insert the property com.sun.hss.agent.snmpAgentPort=port number where port number is
the new port number. You must configure the port on each managed node agent
manually. AnN1 System Manager restart is required.
|
|
Feature That Maps to the Port
|
OS Monitoring
|
|
Enable or Disable?
|
Yes. Do not add the osmonitor feature
|
|
Authentication
|
SNMP V1 community string that is configurable using the N1 System Manager
|
|
Data encryption
|
No
|
SNMP V1
|
|
Network access
|
Provisioning Network
|
|
Default port
|
UDP:8162
(server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Yes. Edit the configuration file as root user and configure the port
on each managed node using the N1 System Manager. AnN1 System Manager restart is required.
|
|
Feature That Maps to the Port
|
Trap based detection of OS monitoring threshold violations
|
|
Enable or Disable?
|
Yes. Set monitored=false using the N1 System Manager,
but not independent of hardware monitoring.
|
|
Authentication
|
None
|
|
Data encryption
|
None
|
SNMP V3
|
|
Network access
|
Provisioning Network
|
|
Default port
|
UDP:161 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Yes. Edit the file /etc/opt/sun/ n1gc/agent.properties as
root and insert the property com.sun.hss.agent.snmpAgentPort=port number where port number is
the new port number. You must configure the port on each managed node agent
manually. AnN1 System Manager restart is required.
|
|
Feature That Maps to the Port
|
OS monitoring thresholds configuration
|
|
Enable or Disable?
|
Yes. Do not add the osmonitor feature
|
|
Authentication
|
SNMP User-based
Security Model (USM) user ID and password that is configurable using
the N1 System Manager.
|
|
Data encryption
|
Yes
|
SSH
|
|
Network access
|
Provisioning Network
|
|
Default port
|
TCP:22 (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Well known port. Override is not recommended.
|
|
Feature That Maps to the Port
|
Required to enable remote login by authorized users who want to launch
the n1sh command line interface.
|
|
Enable or Disable?
|
May be disabled and enabled at the OS level by the root user. Restart
of the N1 System Manager is not required.
|
|
Authentication
|
PAM
|
|
Data encryption
|
Yes
|
SSH
|
|
Network access
|
Provisioning Network
|
|
Default port
|
TCP:22 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Well known port. Override is not recommended.
|
|
Feature That Maps to the Port
|
-
OS monitoring
-
Package deployment
-
Remote command
|
|
Enable or Disable?
|
Yes. Do not add the base management feature.
|
|
Authentication
|
User password and key based
|
|
Data encryption
|
Yes
|
SSH
|
|
Network access
|
Management Network
|
|
Default port
|
TCP:22 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
No
|
|
Feature That Maps to the Port
|
-
Discovery
-
Firmware management
-
Hardware monitoring
-
Netboot control for Sun Fire V20z and V40z systems using the
service provisioning command line interface for AMD based systems
|
|
Enable or Disable?
|
Indirectly through manual assertion
|
|
Authentication
|
User ID and password specified during discovery
|
|
Data encryption
|
Yes
|
TELNET
|
|
Network access
|
Management Network
|
|
Default port
|
TCP:23 (client)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
No
|
|
Feature That Maps to the Port
|
-
Discovery
-
Power Management
-
Hardware monitoring
-
Firmware management
-
Netboot control using the service processor command line interface
for for ALOM based systems
|
|
Enable or Disable?
|
Indirectly through manual assertion
|
|
Authentication
|
User/password, configurable during discovery
|
|
Data encryption
|
No
|
TFTP
|
|
Network access
|
Management Network
|
|
Default port
|
UDP: Random (server)
|
|
Router and Firewall Configuration
|
No
|
|
Port Configurable?
|
Not applicable
|
|
Feature That Maps to the Port
|
Firmware Management for the Sun Fire V20z and V40z
|
|
Enable or Disable?
|
Indirectly through manual assertion
|
|
Authentication
|
None
|
|
Data encryption
|
No
|
|
|
|