Skip to main content
Waters Employee Login
 
Waters

What are the required ports for NuGenesis 9? - WKB61885

  1. Last updated
  2. Save as PDF
Article number: 61885

ENVIRONMENT

  • NuGenesis 9 SDMS
  • NuGenesis 9 LMS
  • For NuGenesis 8, see article WKB971

ANSWER

Various services and devices in NuGenesis listen for traffic on the following ports (Inbound traffic):

  • TCP 21: the default control port for FTP/S sites. NuGenesis uses FTP sites for managed storage and for the downloadable SDMS components. Can use FTPS over this port (or any other available port chosen for the FTP site in IIS)
    • Configurable: Yes
    • Encrypted: configurable
    • Where required: Servers which host FTP sites for SDMS Managed Store; SDMS Web servers, unless the WebVision downloads use HTTPS
  • TCP 80: the default port for the LMS web server and nonsecure SampleShare
    • Configurable: Yes
    • Encrypted: No
    • Where required: NuGenesis web servers
    • Comments: the primary purpose of TCP/80 is to receive connections from legacy WebVision URLs which were created prior to NuGenesis 8 SR2 and which are stored, uneditable, outside of NuGenesis.  The legacy SDMS WebVision app, starting in NG8 SR2, requires HTTPS for all web and SDK connections.  Users who attempt to follow a legacy WebVision URL would be redirected to the new WebVision service via HTTPS per the IIS configuration
  • TCP 443: the default port for the SDMS WebVision site and the secure SampleShare site
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis web servers
  • TCP 444: the default port for the new SDMS Audit Trail Viewer user interface introduced in NuGenesis 9.1
    • Configurable: Yes
    • Encrypted: No
    • Where required: NuGenesis web servers
  • TCP 445: the port for the Windows Server Message Block 2 (SMB2) protocol
    • Configurable: No
    • Encrypted: No
    • Where required: hosts which will be scanned by the NuGenesis Archive Agent and Data Management modules
  • TCP 446: the default port for the new SDMS WebVision service as introduced in NuGenesis 9.3.  Not applicable to prior versions of NuGenesis
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis web servers
  • TCP 515: the listener port for the Line Printer Daemon (LPD) service. NuGenesis UNIFYps uses this service to receive print jobs from Unix and Linux machines
    • Configurable: No
    • Encrypted: No
    • Where required: NuGenesis UNIFYps servers
  • TCP 1001: the default port for Tibbo device servers. This port must be open on any network firewalls between the Tibbo devices and the LMS clients. The port number can be changed within individual Tibbo devices using the Tibbo DS Manager software
    • Configurable: Yes
    • Encrypted: No
    • Where required: Tibbo device servers
  • TCP 1521: the default port for the Oracle Database TNS Listener service
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis databases
  • TCP 2500-2504: the default ports for the NuGenesis RPC service
  • TCP 8080: the default port for the Apache Tomcat service
    • Configurable: No
    • Encrypted: Yes
    • Where required: NuGenesis Web servers (legacy WebVision and SDMS Audit Trail web apps)
  • TCP 8180: the default port for the NuGenesis LMS Server, up to NuGenesis 9.2.  Replaced by TCP/8443 in NuGenesis 9.3
    • Configurable: yes
    • Encrypted: No
    • Where required: NuGenesis LMS servers
  • TCP 8181: the default HTTP listener port for the Waters Database Manager. This port is used only if the WDM software is installed on the NuGenesis database
    • Configurable: No
    • Encrypted: No
    • Where required: NuGenesis database servers where WDM is present
  • TCP 8443: the default HTTPS listener port the NuGenesis LMS Server as of NuGenesis 9.3.  Not applicable to prior versions of NuGenesis
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis LMS servers
  • TCP 9992 and 9993: the default ports for the Empower data adapters.  9992 is for project capture and 9993 is for project deletion
    • Configurable: Yes
    • Encrypted: No
    • Where required: Empower machines where the Remote half of the Empower Data Adapter is present
  • ICMP Type 0 (Echo Request / ping)
    • Configurable: No
    • Encrypted: No
    • Where required: on machines which run the Waters SDMS Empower DataExchange services
  • TCP 9996 and 9997: the default ports for the Chromeleon data adapters
    • Configurable: Yes
    • Encrypted: No
    • Where required: Chromeleon machines where the Remote half of the Chromeleon Data Adapter is present
  • TCP 12020: the port used for communication between the NuGenesis VISION listener process (ngwvls.exe) and local or remote VISION daemons
    • Configurable: No
    • Encrypted: No
    • Where required: NuGenesis web servers
  • TCP 54822: the default port used for the new SDMS Audit Trail web server introduced in NuGenesis 9.1
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis web servers (versions 9.1 or later)
  • TCP 54823: the default port used for the new SDMS WebVision (SDMSIdentity) introduced in NuGenesis 9.3
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis web servers (version 9.3 and later)
  • TCP 54824: the default port used for the new SDMS WebVision (SDMSProjects) introduced in NuGenesis 9.3
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis web servers (version 9.3 and later)
  • TCP 54825: the default port used for the new SDMS WebVision (SDMSProjectServers) introduced in NuGenesis 9.3
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis web servers (version 9.3 and later)
  • TCP 54826: the default port used for the new SDMS WebVision (SDMSUserPreferences) introduced in NuGenesis 9.3
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis web servers (version 9.3 and later)
  • TCP 54827: the default port used for the new SDMS SDK introduced in NuGenesis 9.3.1
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: NuGenesis web servers (version 9.3.1 and later)
  • TCP 61616 and 63637: the listener ports for the NuGenesis Instrument Agents
    • Configurable: No
    • Encrypted: No
    • Where required: machines where the SDMS Instrument Agents are installed

A few NuGenesis services send network traffic to other services via well-defined ports (Outbound traffic):

  • TCP 25: the default port for SMTP.  Both NuGenessis SDMS and LMS can send email notifications to users via SMTP
    • Configurable: No
    • Encrypted: No
    • Where required: in email servers
  • TCP 389: the default port for unencrypted LDAP and LDAP encrypted with the STARTTLS extension (as used in NuGenesis 9 SDMS)
    • Configurable: Yes
    • Encrypted: in SDMS, Yes if "Use TLS" is active, No if not; No in LMS
    • Where required: in LDAP servers
  • TCP 636: the default port for LDAPS.  NuGenesis 9 LMS uses LDAPS for encrypted authentication
    • Configurable: Yes
    • Encrypted: Yes
    • Where required: in LDAP servers

ADDITIONAL INFORMATION

NuGenesis clients use the ports listed above as destination ports when connecting to the servers. The source port is a pseudo-random number in theIANA's ephemeral port range: 49152 to 65535. The server uses that source port as the destination port in its reply to the client. This is the normal and expected behavior of TCP/IP networking.

For example, when a NuGenesis LMS server connects to a NuGenesis Oracle database, it connects to the database's listener port, typically 1521, and the source port is in the number range noted above. The database, in its reply, has its source port as 1521, and the destination port is the source port used by the LMS server.

Any firewalls installed in the network should not block NuGenesis traffic based on the source port number. The source port cannot be predicted and is a poor choice for filtering network traffic. The best practice is to control access to the servers through their listener ports (as listed above) and, optionally, by source IP ranges. In other words, firewalls should allow traffic to the NuGenesis servers only through the listener port numbers and, secondarily, only from source IP addresses that should connect to the server. For example, a NuGenesis database could be configured to allow traffic only on port 1521 and, optionally, only from the IP addresses of the NuGenesis application servers (Web, File Capture, LMS). A NuGenesis LMS application server should allow traffic on port 8180 and, optionally, only from the IP ranges of the users' client machines.

NOTE: in NuGeneis 9.2 and prior versions, the NuGenesis LMS Server service will start but not be functional if another process is listening on port 8443.  NuGenesis LMS does not use this port, but the out-of-the-box configuration for the WildFly server in LMS specifies port 8443, and will block the service if it's unable to listen on that port.

For Empower Enterprise, see article WKB5512.

id61885, comms, NGLMS, NGLMSLIC, NGLMSOPT, SDMS, SDMS8, SDMS8NU, SUPISDMS, SUPNG

Not able to find a solution? Click here to request help.