Connectivity requirements
Contents |
Connectivity requirements
Overview
Find the connectivity requirements of every Nexthink product in the reference tables below. You can configure some of the products to use either a secure or a non secure channel for specific services (see the column Reason). Depending on their configuration, note that you may require to allow connections through a different port number.
If rule-based Collector assignment is turned on, the TCP channel of the Collector also connects to the Portal. Collectors use this connection to ask for their assigned Engine.
The Collector can no longer use an UDP channel to send end-user analytics to the Engine. That data as well as coordination data and updates is transmitted through the TCP channel. The default is to use TCP port 443 for all Collector communications.
For each connection, the tables indicate the transport protocol used. When an application protocol handles the connection over the transport layer, the name of the application protocol precedes the name of the transport protocol.
Nexthink Experience Architecture
Portal
In the following table, we describe the port that must be opened on the computers connecting to the Portal.
| Port
Number | Protocol | Direction
(IN/OUT) | Reason | Domains |
|---|---|---|---|---|
| 443 | HTTPS / TCP | OUT | Access to the Portal (secure) | Portal address |
Finder
In the following table, we describe the different ports that must be opened on the computers running the Finder to communicate seamlessly with Nexthink Experience.
| Port
Number | Protocol | Direction
(IN/OUT) | Reason | Domains |
|---|---|---|---|---|
| 25 | SMTP / TCP | OUT | Send email in case of error | |
| 80 | HTTP / TCP | OUT | Connection to the documentation web site | doc.nexthink.com |
| HTTP / TCP | OUT | Verification of security certificates | ocsp.verisign.com | |
| 443 | WebSocket / TCP | OUT | User connection to the Portal | |
| WebSocket / TCP | OUT | User connection to the Engine | ||
| HTTPS / TCP | OUT | Installation and updates of the Finder from the Portal | Portal address | |
| HTTPS / TCP | OUT | Support telemetry | alib.nexthink.com | |
| HTTPS / TCP | OUT | Connection to the Library | library.nexthink.com |
Collector
In the following table, we describe the different ports that must be opened on the computers running the Nexthink Collector to send data seamlessly with the Nexthink Engine.
| Port
Number | Protocol | Direction
(IN/OUT) | Reason |
|---|---|---|---|
| 443 | WebSocket / TCP | OUT | Collector default TCP channel to the Engine and, if rule-based Collector assignment is turned on, to the Portal. |
In addition, Windows Collector components call a Windows API method once every 24 hours that triggers a connection for client to domain controller operations through TCP port 135. Ephemeral TCP ports in the range 49152-65535 are used for service response.
Data Enricher
The Windows Server that runs the Data Enricher requires the following communication channel to reach Nexthink Experience. The ports for connecting to Active Directory through a secure or insecure channel are configurable (Active Directory default port numbers are shown).
| Port
Number | Protocol | Direction
(IN/OUT) | Reason | Domain |
|---|---|---|---|---|
| 53 | DNS / UDP | OUT | Resolving destination names by reverse IP | |
| 389 | LDAP / TCP | OUT | Connection to Active Directory (non secure) | |
| 443 | HTTPS / TCP | OUT | Send AD and DNS data | agora.reg.nexthink.cloud (reg is the availability region of the customer) |
| 636 | LDAPs / TCP | OUT | Connection to Active Directory (secure) |