• Overview
• • Common connections of the Appliance
  • Connections between Portal, Engine and other components
  • Connections required for rule-based Collector Assignment
• Engine
• Portal
• Local License Manager
• Mobile Bridge
• Finder
• Collector

Contents 1 Connectivity requirements 1.1 Overview 1.1.1 Common connections of the Appliance 1.1.2 Connections between Portal, Engine and other components 1.1.3 Connections required for rule-based Collector Assignment 1.2 Engine 1.3 Portal 1.4 Local License Manager 1.5 Mobile Bridge 1.6 Finder 1.7 Collector

Connectivity requirements

Overview

Find the connectivity requirements of every Nexthink product in the reference tables below. You can configure some of the products to use either a secure or a non secure channel for specific services (see the column Reason). Depending on their configuration, note that you may require to allow connections through a different port number.

Starting from 6.19, if rule-based Collector assignment is turned on, the TCP channel of the Collector also connects to the Portal. Collectors use this connection to ask for their assigned Engine. From V6.20 on, if you change the default port number of the Collector TCP channel, modify accordingly the port number where the Portal is listening.

Starting from V6.21, the Collector no longer requires a separate UDP channel to send end-user analytics to the Engine. Instead, end-user analytics, as well as coordination data and updates, may be optionally transmitted through the TCP channel. If you change the default port numbers that the Collector uses for communicating with the Engine, change as well the default port numbers in the Engine through the Web Console.

For each connection, the tables indicate the transport protocol used. When an application protocol handles the connection over the transport layer, the name of the application protocol precedes the name of the transport protocol.

First, find in this overview two diagrams:

• A diagram with the connections and default ports that are common to all Nexthink Appliances, regardless of the Appliance hosting the Portal, the Engine or both.
• A diagram with the default ports of the Portal and Engine Appliances separately, as well as the connections with other components.

Common connections of the Appliance

Connections between Portal, Engine and other components

Connections required for rule-based Collector Assignment

Starting from V6.19, the following additional connections are required if rule-based Collector assignment is turned on.

Federation of appliances is required before activating rule-based Collector assignment.

Engine

In the following table, we describe the different ports that must be open on the Engine appliance to communicate seamlessly with the other Nexthink components and with standard network services.

Port Number	Protocol	Direction (IN/OUT)	Reason	Domains
22	SSH / TCP	IN	Secure shell connection to the CLI
	SSH / TCP	IN OUT	Appliance federation
25	SMTP / TCP	OUT	Mail server for notifications
53	DNS / UDP	OUT	Resolving destination names by reverse IP
99	HTTPS / TCP	IN	Administration through the Web Console
123	NTP / UDP	OUT	Time synchronization	0.centos.pool.ntp.org 1.centos.pool.ntp.org 2.centos.pool.ntp.org
389	LDAP / TCP	OUT	Connection to Active Directory (non secure)
443	HTTPS / TCP	OUT	Connection to the Application Library	application‑library‑v5.nexthink.com application‑library‑v6.nexthink.com
	HTTPS / TCP	OUT	Connection to automatic updates	updates‑v6.nexthink.com updates‑centos‑v6.nexthink.com
636	LDAPs / TCP	OUT	Connection to Active Directory (secure)
999	UDP	IN	Optional: Collector analytics
	TCP	IN	User connection from the Finder or the Portal
1671	HTTPS / TCP	IN	Access to the Web API
7000 7001 7002 7003	TCP	OUT	Communication channels with the Portal
8300	TCP	IN OUT	Communication with Portal for Collector assignment
8301	TCP & UDP	IN OUT	Communication with Portal and peer Engines for Collector assignment
8443	WebSocket / TCP	IN	Collector TCP channel to the Engine
10402	TCP	OUT	Additional communication with Portal for Collector assignment
11031	HTTPS / TCP	OUT	Communication with the Mobile Bridge

Portal

In the following table, we describe the different ports that must be open in the Portal appliance to communicate seamlessly with the other Nexthink components.

Port Number	Protocol	Direction (IN/OUT)	Reason	Domains
22	SSH / TCP	IN	Secure shell connection to the CLI
	SSH / TCP	IN OUT	Appliance federation
25	SMTP / TCP	OUT	Mail server for notifications
53	DNS / UDP	OUT	Lookup name of AD servers
80	HTTP / TCP	IN	Access to the Portal (non secure)
88	TCP & UDP	OUT	Kerberos authentication of AD users
99	HTTPS / TCP	IN	Administration through the Web Console
	HTTPS / TCP	OUT	Centralized administration of the Engine
123	NTP / UDP	OUT	Time synchronization	0.centos.pool.ntp.org 1.centos.pool.ntp.org 2.centos.pool.ntp.org
389	LDAP / TCP	OUT	Connection to Active Directory (non secure)
443	HTTPS / TCP	IN	Access to the Portal (secure)
	WebSocket / TCP	IN	User connection from the Finder
	HTTPS / TCP	IN	Installation and updates of the Finder from the Portal	Portal address
	HTTPS / TCP	IN	API of remote actions	Portal address
	HTTPS / TCP	OUT	Connection to the Online License mechanism	license.nexthink.com
	HTTPS / TCP	OUT	Connection to the Application Library	application‑library‑v5.nexthink.com application‑library‑v6.nexthink.com
	HTTPS / TCP	OUT	Connection to automatic updates	updates‑v6.nexthink.com updates‑centos‑v6.nexthink.com
636	LDAPs / TCP	OUT	Connection to Active Directory (secure)
999	TCP	OUT	Connection to the Engine
7000 7001 7002 7003	TCP	IN	Communication channels with the Engine
8100	HTTP / TCP	OUT	Send license information to Local License Manager
8300	TCP	IN OUT	Communication with Engines for Collector assignment
8301	TCP & UDP	IN OUT	Communication with Engines for Collector assignment
8443	WebSocket / TCP	IN	Collector TCP channel to the Portal
10402	TCP	IN	Additional communication with Engines for Collector assignment

Local License Manager

The Local License Manager resides in the same machine as the Portal.

Port Number	Protocol	Direction (IN/OUT)	Reason
8100	HTTP / TCP	IN	Get license information from the Portal

Mobile Bridge

The Mobile Bridge needs to connect to the Exchange CAS to get mobile information. In turn, it offers a REST interface for the Engine to use to retrieve the collected information.

Port Number	Protocol	Direction (IN/OUT)	Reason
80	HTTP / TCP	OUT	Communication with Exchange (non secure)
443	HTTPS / TCP	OUT	Communication with Exchange (secure)
11031	HTTP / TCP	IN	REST interface for the Engine

Finder

In the following table, we describe the different ports that must be opened on the computers running the Finder to communicate seamlessly with the other Nexthink components.

Port Number	Protocol	Direction (IN/OUT)	Reason	Domains
25	SMTP / TCP	OUT	Send email in case of error
80	HTTP / TCP	OUT	Connection to the documentation web site	doc.nexthink.com
	HTTP / TCP	OUT	Verification of security certificates	ocsp.verisign.com
	HTTP / TCP	OUT	Optional: Feedback for the customer experience program	report.nexthink.com
443	WebSocket / TCP	OUT	User connection to the Portal
	HTTPS / TCP	OUT	Installation and updates of the Finder from the Portal	Portal address
	HTTPS / TCP	OUT	Connection to the customer improvement program site	finder‑analytics.nexthink.com
	HTTPS / TCP	OUT	Connection to the Library	library.nexthink.com
999	TCP	OUT	User connection to the Engine

Collector

In the following table, we describe the different ports that must be opened on the computers running the Nexthink Collector to send data seamlessly with the Nexthink Engine.

Port Number	Protocol	Direction (IN/OUT)	Reason
999	UDP	OUT	Optional: Collector UDP channel to the Engine
8443	WebSocket / TCP	OUT	Collector TCP channel to the Engine and, if rule-based Collector assignment is turned on, to the Portal