What are the required ports for NuGenesis 8? - WKB971

ENVIRONMENT

• NuGenesis 8 SDMS
• NuGenesis 8 LMS
• NuGenesis 8 ELN
• For NuGenesis 9, see article WKB61885

ANSWER

Various services or devices in NuGenesis LMS listen for traffic on the following ports (Inbound traffic):

• TCP 21: the default port for FTP sites.  NuGenesis uses FTP sites for Managed Storage and for the downloadable SDMS components
• TCP 80: the default port for the SDMS WebVision site and the LMS web server in NuGenesis 8 SR1 and FR1
• UDP 161: the default port for the SNMP service. This port is optional, necessary only if the NuGenesis server is monitored by SolarWinds
• TCP 443: the default port for the SDMS WebVision site and the LMS web server in NuGenesis 8 SR2
• TCP 445: the port for Windows' Server Message Block 2 (SMB2) protocol. This port must be open on any machine that is accessed by the Archive Agent or Data Management modules for NuGenesis SDMS File Capture
• TCP 515: the listener port for the Line Printer Daemon (LPD) service. NuGenesis UNIFYps uses this service to receive print jobs from Unix and Linux machines
• TCP 1001: the default port for Tibbo device servers. This port must be open on any network firewalls between the Tibbo devices and the LMS clients. The port number can be changed within individual Tibbo devices using the Tibbo DS Manager software
• TCP 1521: the default port for the Oracle Database TNS Listener service
• TCP 2500-2504: the default ports for the NuGenesis RPC service
• TCP 8002: the default port for the Spectra/Structure Search server
• TCP 8080: the default port for the Apache Tomcat service
• TCP 8180: the default port for the NuGenesis LMS Server
• TCP 8181: the default HTTP listener port for the Waters Database Manager.  This port is used only if the WDM software is installed on the NuGenesis database
• TCP 9992 and 9993: the default ports for the WCF-based Empower data adapters. These adapters were introduced in Data Adapters Release 2 to replace the DCOM-based adapters
• TCP 9996 and 9997: the default ports for the WCF-based Chromeleon data adapters. These adapters were introduced in Data Adapters Release 3 to replace the DCOM-based adapters
• TCP 12020: the port used for communication between the NuGenesis VISION listener process (ng80wvls.exe) and local or remote VISION daemons
• TCP 61616 and 63637: the listener ports for the NuGenesis Instrument Agents

A few NuGenesis services send network traffic to other services via well-defined ports (Outbound traffic):

• TCP 25: the default port for SMTP.  Both NuGenessis SDMS and LMS can send email notifications to users via SMTP
• TCP 389: the default port for unencrypted LDAP
• TCP 636: the default port for LDAPS.  NuGenesis 9 LMS and SDMS both use LDAPS for encrypted authentication

ADDITIONAL INFORMATION

NuGenesis clients use the above ports as the destination port when connecting to the servers.  The source port is often a pseudo-random number in the range 49000 to 65535.  The server will use that source port as the destination port in it's reply to the client.  This is the normal and expected behavior of TCP/IP networking.

For example, when a NuGenesis LMS server connects to a NuGenesis Oracle database, it will connect to the database's listener port, typically 1521, and the source port will be in the number range given above.  The database, in it's reply, will have it's source port as 1521 and the destination port will be the source port used by the LMS server.

Any firewalls installed in the network should not block NuGenesis traffic based on the source port number.  The source port cannot be predicted and is a poor choice for filtering network traffic.  The best practice is to control access to the servers through their listener ports (as listed above) and optionally also by source IP ranges.  In other words, firewalls should allow traffic to the NuGenesis servers only through the listener port numbers, and secondarily, only from source IP addresses which should connect to the server.  For example, a NuGenesis database could be configured to allow traffic only on port 1521, and optionally only from the IP addresses for the NuGenesis application servers (Web, File Capture, LMS).  A NuGenesis LMS application server should allow traffic on port 8180 and optionally only from the IP ranges for the users' client machines.

For Empower Enterprise, see article WKB5512.