HP SUM requires that certain network ports are available. If you lock down network ports, make sure that the ports listed in the network port tables are open so that HP SUM works correctly when connecting to remote node servers and hosts. If you are unable to unlock these network ports, you must run HP SUM locally and update network-based hosts through their web interfaces (for example, the OA, iLO, and VC modules).
|
|
NOTE: Use the |
|
|
Updates for most node types require network traffic in both directions between the server running HP SUM and the node. The server running HP SUM creates a local HTTP server, which is used to serve firmware binaries to the node and to communicate node status. The remote node issues HTTP requests and posts status updates to the server running HP SUM during the update process. If there is a routing problem or firewall blocking traffic back from the remote node to the system running HP SUM, firmware updates might be blocked, status updates blocked or delayed, or both.
System running HP SUM |
Target node type |
Inventory phase |
Deployment phase |
||||
---|---|---|---|---|---|---|---|
To target |
From target (HP SUM 7.2.1 and earlier) |
From target (HP SUM 7.3.0 and later) |
To target |
From target (HP SUM 7.2.1 and earlier) |
From target (HP SUM 7.3.0 and later) |
||
Windows |
Windows |
445, 135, 137, 138, 139 |
63001, 63002 |
None |
445, 135, 137, 138, 139 |
63001, 63002 |
None |
Windows or Linux |
Linux |
22 |
63001, 63002 |
None |
22 |
63001, 63002 |
None |
Windows or Linux |
HP-UX |
22 |
63001, 63002 |
63001, 63002 |
22 |
63001, 63002 |
63001, 63002 |
Windows or Linux |
VMware |
443, 5989 |
63001 |
63001 |
443, 5989 |
63001 |
63001 |
Windows or Linux |
OA |
22, (80), 443 |
None |
None |
22, (80), 443 |
None |
None |
Windows or Linux |
iLO, VC, FC switch, SAS switch, Moonshot, Superdome 2/X |
22, (80), 443 |
None |
None |
22, (80), 443 |
63001 |
63001 |
HP SUM uses port 63002 to communicate between the hpsum_binary
and hpsum_service
applications on both Windows and Linux systems.
|
|
NOTE: Windows to Windows traffic uses WMI, a standard DCOM-In port 135 and Async-in and WMI-in. |
|
|
Issue the commands /port
and /ssl_port
to change from ports 63001 and 63002 if there are firewall conflicts. Use --open_firewall
to open the HTTP and HTTPS ports used by HP SUM for external access. Open these ports for remote node functionality and for remote browser access. For example:
You can issue the command /ftp_port
to assign which port to use for FTP service. By default the FTP port is disabled. Use the command to enable the service.
Changing the port address in the hpsum.ini
file
You can change the network ports HP SUM uses by editing the hpsum.ini
file or using the /port
or /ssl_port
CLI parameters. For more information on editing the hpsum.ini
file, see Changing the hpsum.ini file.
The following commonly used alternate network ports are:
Enabling HP SUM ports for VMware nodes
By default, outgoing connections are blocked in VMware servers, except ports 80, 443, and 5989. Use the following steps to enable the default ports of 63001 and 63002. You need to enable these outgoing ports on the VMware server.
-
Create an HTTP HP SUM firewall rule that enables outgoing connection via port 63001.
-
Create the file
httpSUM.xml
in the/etc/vmware/firewall
directory. Type the following into the file:/etc/vmware/firewall # cat httpHPSUM.xml
<!-- Firewall configuration information for FDM -->
-
Refresh by using the command,
esxcli network firewall refresh
.
Special network configuration note for Integrity servers
Integrity servers have management network and production interfaces. These are typically kept on separate subnets in an installation. To perform full remote administration of the server, access is required for both networks. If you keep both networks isolated, you need to perform management and operating systems tasks separately.