Connectivity requirements

Contents

Connectivity requirements

Overview

Find the connectivity requirements of every Nexthink product in the reference tables below. You can configure some of the products to use either a secure or a non secure channel for specific services (see the column Reason). Depending on their configuration, note that you may require to allow connections through a different port number.

Starting from V6.6, note that the Collector requires a new TCP connection to the Engine for coordination and on-demand data purposes, in addition to the traditional UDP connection for sending end-user analytics. If you change the default port numbers that the Collector uses for communicating with the Engine, change as well the default port numbers in the Engine through the Web Console.

Starting from 6.19, if rule-based Collector assignment is turned on, the TCP channel of the Collector also connects to the Portal. Collectors use this connection to ask for their assigned Engine.

For each connection, the tables also indicate the transport protocol used. When an application protocol handles the connection over the transport layer, the name of the application protocol precedes the name of the transport protocol.

First, find in this overview two diagrams:

  • A diagram with the connections and default ports that are common to all Nexthink Appliances, regardless of the Appliance hosting the Portal, the Engine or both.
  • A diagram with the default ports of the Portal and Engine Appliances separately, as well as the connections with other components.

Common connections of the Appliance

ApplianceCommonPorts.png

Connections between Portal, Engine and other components

PortalEnginePorts.png

Connections required for rule-based Collector Assignment

Starting from V6.19, the following connections between appliances are required if the rule-based Collector assignment feature is turned on.

CollectorAssignmentConnectivity.png

Federation of appliances is required before activating rule-based Collector assignment.

Engine

In the following table, we describe the different ports that must be open on the Engine appliance to communicate seamlessly with the other Nexthink components and with standard network services.

Port

Number

Protocol Direction

(IN/OUT)

Reason Domains
22 SSH / TCP IN Secure shell connection to the CLI  
SSH / TCP IN
OUT
Appliance federation  
25 SMTP / TCP OUT Mail server for notifications  
53 DNS / UDP OUT Resolving destination names by reverse IP  
99 HTTPS / TCP IN Administration through the Web Console  
123 NTP / UDP OUT Time synchronization

0.centos.pool.ntp.org 1.centos.pool.ntp.org 2.centos.pool.ntp.org

389 LDAP / TCP OUT Connection to Active Directory (non secure)  
443 HTTPS / TCP OUT Connection to the Application Library

application‑library‑v5.nexthink.com application‑library‑v6.nexthink.com

HTTPS / TCP OUT Connection to automatic updates

updates‑v6.nexthink.com updates‑centos‑v6.nexthink.com

636 LDAPs / TCP OUT Connection to Active Directory (secure)  
999 UDP IN Collector analytics  
TCP IN User connection from the Finder or the Portal  
1671 HTTPS / TCP IN Access to the Web API  

7000 7001 7002 7003

TCP OUT Communication channels with the Portal  

8300 8301

TCP & UDP IN
OUT
Communication with Portal and peer Engines for Collector assignment  
8443 WebSocket / TCP IN Collector TCP channel to the Engine  
10402 TCP IN
OUT
Communication with Portal for Collector assignment  
11031 HTTPS / TCP OUT Communication with the Mobile Bridge  

Portal

In the following table, we describe the different ports that must be open in the Portal appliance to communicate seamlessly with the other Nexthink components.

Port

Number

Protocol Direction

(IN/OUT)

Reason Domains
22 SSH / TCP IN Secure shell connection to the CLI  
SSH / TCP IN
OUT
Appliance federation  
25 SMTP / TCP OUT Mail server for notifications  
53 DNS / UDP OUT Lookup name of AD servers  
80 HTTP / TCP IN Access to the Portal (non secure)  
88 TCP & UDP OUT Kerberos authentication of AD users  
99 HTTPS / TCP IN Administration through the Web Console  
HTTPS / TCP OUT Centralized administration of the Engine  
123 NTP / UDP OUT Time synchronization

0.centos.pool.ntp.org 1.centos.pool.ntp.org 2.centos.pool.ntp.org

389 LDAP / TCP OUT Connection to Active Directory (non secure)  
443 HTTPS / TCP IN Access to the Portal (secure)  
WebSocket / TCP IN User connection from the Finder  
HTTPS / TCP IN Installation and updates of the Finder from the Portal Portal address
HTTPS / TCP IN API of remote actions Portal address
HTTPS / TCP OUT Connection to the Online License mechanism license.nexthink.com
HTTPS / TCP OUT Connection to the Application Library

application‑library‑v5.nexthink.com application‑library‑v6.nexthink.com

HTTPS / TCP OUT Connection to automatic updates

updates‑v6.nexthink.com updates‑centos‑v6.nexthink.com

636 LDAPs / TCP OUT Connection to Active Directory (secure)  
999 TCP OUT Connection to the Engine  

7000 7001 7002 7003

TCP IN Communication channels with the Engine  
8100 HTTP / TCP OUT Send license information to Local License Manager  

8300 8301

TCP & UDP IN
OUT
Communication with Engines for Collector assignment  
8443 WebSocket / TCP IN Collector TCP channel to the Portal  
10402 TCP IN
OUT
Additional communication with Engines for Collector assignment  

Local License Manager

The Local License Manager resides in the same machine as the Portal.

Port

Number

Protocol Direction

(IN/OUT)

Reason
8100 HTTP / TCP IN Get license information from the Portal

Mobile Bridge

The Mobile Bridge needs to connect to the Exchange CAS to get mobile information. In turn, it offers a REST interface for the Engine to use to retrieve the collected information.

Port

Number

Protocol Direction

(IN/OUT)

Reason
80 HTTP / TCP OUT Communication with Exchange (non secure)
443 HTTPS / TCP OUT Communication with Exchange (secure)
11031 HTTP / TCP IN REST interface for the Engine

Finder

In the following table, we describe the different ports that must be opened on the computers running the Finder to communicate seamlessly with the other Nexthink components.

Port

Number

Protocol Direction

(IN/OUT)

Reason Domains
25 SMTP / TCP OUT Send email in case of error  
80 HTTP / TCP OUT Connection to the documentation web site doc.nexthink.com
HTTP / TCP OUT Verification of security certificates ocsp.verisign.com
HTTP / TCP OUT Optional: Feedback for the customer experience program report.nexthink.com
443 WebSocket / TCP OUT User connection to the Portal  
HTTPS / TCP OUT Installation and updates of the Finder from the Portal Portal address
HTTPS / TCP OUT Connection to the customer improvement program site finder‑analytics.nexthink.com
HTTPS / TCP OUT Connection to the Library library.nexthink.com
999 TCP OUT User connection to the Engine  

Collector

In the following table, we describe the different ports that must be opened on the computers running the Nexthink Collector to send data seamlessly with the Nexthink Engine.

Port

Number

Protocol Direction

(IN/OUT)

Reason
999 UDP OUT Collector UDP channel to the Engine
8443 WebSocket / TCP OUT Collector TCP channel to the Engine and, if rule-based Collector assignment is turned on, to the Portal