Changing the default ports in the Appliance

Contents

Changing the default ports in the Appliance

Overview

Nexthink Appliances listen to a set of default network ports to communicate with the other Nexthink components and serve external requests. Some of the default ports are configurable.

For the Engine Appliance, configure:

For the Portal Appliance, configure:

Changing the ports in the Engine

By default, the Engine allows the communication with the Collectors through TCP port 443 only. This option requires that you have installed your own digital certificates in the Engine.

Based on how you configured the Collectors during installation, you may allow other custom TCP or UDP ports in the Engine to handle the communication between the Engine and the Collectors. Note that these options are not mutually exclusive; that is, you can have different sets of Collectors communicating with the Engine through different ports.

Remember that a single TCP connection between Collector and Engine can convey all available data: Engage, Act, updates, rule-based assignment and, optionally, device information and activity; whereas the UDP connection between Collector and Engine solely transfers device information and activity data, requiring an additional TCP connection for full connectivity.

To change the default ports in the Engine:

  1. Log in to the Web Console of the Appliance that hosts the Engine.
  2. Select the APPLIANCE tab at the top of the Web Console.
  3. Click Security on the left-hand side menu.
  4. Under Nexthink Ports, find the following configurable ports:
    1. Tick Allow Collector TCP port 443 to enable the communication with the Collectors through the default TCP port 443.
      • Remember that this option requires your own digital certificates.
    2. Tick Allow Collector TCP port to enable the communication with the Collectors through a custom TCP port.
      1. Type in the port number for the custom TCP connection of the Collector with the Engine. For this connection, you must use a port that does not require root privileges; that is, the port number must be above 1024. Default is 8443.
      • This option can work with the default certificates generated during the federation of the Appliances.
    3. Tick Allow Collector UDP port to enable the communication of the Collectors through UDP.
      1. Type in the port number for the UDP connection that sends device information and user activity to the Engine. Default is 999.
      • The UDP connection does not require digital certificates.
    4. In Web API, type in the port number of the TCP connection used to integrate with the Engine via the NXQL language. This connection also requires a port number higher than 1024. Default is 1671.
    WebConsoleApplianceSecurity.png
  5. Click SAVE to make your changes permanent. The Engine restarts if you changed either the UDP port or the Web API port.

After saving your changes, remember to configure the Collectors in accordance with the selected port numbers, either during their deployment or on already deployed Collectors with the Collector Configuration Tool.

In the same way, adapt your integrations to use the new Web API port of the Engine and, to test your NXQL queries, include the new port number in the URL of the NXQL Editor.

Changing the ports in the Portal

The Portal receives assignment requests from the Collectors through their TCP connection when rule-based assignment is enabled.

To change the configured port number of the TCP connection between the Collector and the Portal:

  1. Log in to the Web Console of the Appliance that hosts the Portal.
  2. Select the APPLIANCE tab at the top of the Web Console.
  3. Click Security on the left-hand side menu.
  4. Under Nexthink Ports, find the only configurable port:
    1. Tick Allow Collector TCP port 443 to enable the communication with the Collectors through the default TCP port 443.
      • Remember that this option requires your own digital certificates.
    2. Tick Allow Collector TCP port to enable the communication with the Collectors through a custom TCP port.
      1. Type in the port number for the custom TCP connection of the Collector with the Portal. For this connection, you must use a port that does not require root privileges; that is, the port number must be above 1024. Default is 8443.
      • This option can work with the default certificates generated during the federation of the Appliances.
  5. Click SAVE to make your changes permanent.

Remember to configure the Collectors with the same TCP port number as set in the Portal either during their installation or later via the Collector Configuration tool.

Changing the ports in a single Appliance

If the Portal and the Engine are installed in a single Appliance, the Nexthink Ports section appears twice on the Security page of the Web Console:

  • The first holds the three ports to configure the Collector communication with the Engine.
  • The second holds the TCP port number for the Collector to connect to the Portal.

Follow the instructions in the two preceding sections to change the port numbers accordingly.

The operations described in this article should only be performed by a Nexthink Engineer or a Nexthink Certified Partner.

If you need help or assistance, please contact your Nexthink Certified Partner.