The following are the communication ports used by Aranda Device Management (ADM). The network needs to be configured to allow communications over these ports.
ADM Console Server
The following are the ports and permissions required on the ADM console server for the connection of each of the following Components:
ADM Website
| 80 (HTTP) or 443 (HTTPS) | TCP, UDP | Input port: Required for connection of clients to the server |
⚐ Notes:
- For the update module, the server must have a complete output to the internet for downloading update patches, from the official sites of each provider and their subsequent distribution on managed devices.
Remote Control Notifications
| 443 (HTTPS) | TCP, UDP | Inbound port: Required for agents connection to notification server |
| 8081 | TCP | Input Port, intended for the connection of the Specialist Agent and the Workstation Agent with the Turn Server on the remote takeover, the use of SSL must be enabled on the server. |
| WebSockets | They establish a persistent two-way connection between the agent and the server. | |
| 3478 | TCP | Input Port, intended for connecting the Specialist Agent and Workstation Agent to the Stun Server in file transfer. |
| 49152-65535 | UDP | Input port, if you require it to operate as a webRTC turn to receive incoming connections. Configuring the Stun/Turn WebRTC Server |
⚐ Notes:
- It is required to configure the server, to view the site in case of having the Remote Control functionality. https://download.arandasoft.com/updates and download files
Repserver
| 80 (HTTP) or 443 (HTTPS) | TCP, UDP | Inbound port: Required for the connection of agents and/or Conserver depending on the implemented architecture |
| 1884 (Optional) | MQTT | Required for output only, used according to the implemented architecture |
Repserver Notifications
| WebSockets | They establish a persistent bidirectional connection between the ADM agent and the server, which is required for the Remote Administration |
⚐ Notes:
- - Remote administration functionality will only be supported on secure sites with protocol (Https).
- For remote administration functionality, you must have communication enabled by (TLS 1.2 or 1.3). For communication security, lower versions of TLS are not supported.
Servidor ADM Conserver
Machines on local networks can connect to a Conserver (server on the network local) to work with local connections and have additional functionalities.
| 80 (HTTP) or 443 (HTTPS) | TCP, UDP | Input port: Required for agents connection to the conserver server |
| 1884 | MQTT | Required for output only, intended for connection to the MQTT Broker |
⚐ Notes:
- For agent distribution devices must be within the same LAN, the devices are required to have the shared admin$ resource.
- It is required that the Windows User of Aranda with whom the installation and deployment of Agents will be carried out has Installation permissions, preferably administrator of the corresponding machines.
- For Linux and Mac operating systems, the use of the root user is required for the deployment of the agent.
Discovery Agent
When the client requires discovery functionality, it is must enable protocols so that equipment can be found and identified on the local network.
| 137 (Optional) | NETBIOS | Required for egress only, intended for device discovery by the NETBIOS protocol |
| 22 (Optional) | SSH | Required for egress only, intended for device discovery by SSH protocol |
| 389 (Optional) | TCP, UDP | Required for output only, intended for discovery by LDAP |
| 161 (Optional) | SMNP | Required for egress only, intended for device discovery by SMNP protocol |
⚐ Notes:
- Port 80 (HTTP) is required if the server is not configured with HTTPS and the appropriate SSL certificates. The client must enable the HTTPS protocol and not through the HTTP protocol.
- It is not necessary to always enable all protocols. The ADM Discovery Module allows you to enable the protocols that are required in the process.
Database Server
The ADM server stores the information on servers, in SQL Server or SQL Azure. If you are using SQL Server as a repository, you need to enable the communications to this server.
| 1433 | TCP | SQL Server protocol input port on the database server |
MQTT Broker
To generate real-time notifications to devices, you can use a MQTT server on the local network. As a result, you will need to enable the communications to the MQTT Broker.
| 1884 | MQTT | The port of the MQTT Broker can be modified if required. You will only have to enable the entry port on the machine where the MQTT Broker works, for cloud environments it is defined by the Aranda operations area |
ADM Gateway (Onpremises Architecture - ADM versions lower than 9.21.1)
To make remote control connections, it is possible to install an ADM Gateway that allow connection between computers that are on different local networks or when a connection of a computer on a local network with computers in the homes of employees.
| 4443 | TCP | The port of the ADM Gateway can be modified if required. You will only need to enable the inbound port on the machine where ADM Gateway works |
Aranda ADM Utils Installer (Onpremises Architecture - ADM versions lower than 9.21.1)
Remote Support Viewer is an application that allows you to take remote control of managed machines. It is installed on the users’ devices from which the connection is to be made by remote control, it applies to On-premises architectures
| 9125 (Optional) | TCP | Outbound Port: Required for remote control between devices that are on the same LAN when not using a Gateway |
| 4443 (Optional) | TCP | Required for egress only, intended for connection to ADM Gateway for remote control between computers on different local networks |
ADM Agents
The Agents are installed on each of the computers that are going to be managed through the through ADM. In conserver architectures, agents are installed on machines through a distributed process guided from the console, however, there are multiple deployment alternatives which can be combined to cover different infrastructure scenarios.
The ports used in ADM vary depending on the architecture and functionalities required.
ADM (Onpremises Architecture) Agent
| 80 (HTTP) or 443 (HTTPS) | TCP, UDP | Required for output only, intended for connection to ADM repserver or ADM Conserver |
| 1884 | MQTT | Required for output only, intended for connection to the MQTT Broker |
| 9025 (Optional) | TCP, UDP | Input port: required for server communication with the agent for Remote Management, used when the architecture does not allow the repserver notification server to be displayed for communication. : https://Dominio/repserver/Notificationmessage. |
| WebSockets (optional) | They establish a persistent bidirectional connection between the ADM agent and the repserver notification server, required for the Remote Management, used when the architecture allows the repserver notification server to be displayed for communication. : https://Dominio/repserver/Notificationmessage. | |
| 9125 (Optional) - ADM versions lower than 9.21.1 | TCP | Input Port: Required for remote control between devices that are on the same LAN when not using a Gateway |
| 4443 (Optional) - ADM versions lower than 9.21.1 | TCP | Required for egress only, intended for connection to ADM Gateway for remote control between computers on different local networks |
ADM Agent (With Discovery Capabilities)
| 137 (Optional) | NETBIOS | Ingress port, intended for device discovery by the NETBIOS protocol |
| 22 (Optional) | SSH | Input port, intended for device discovery via the SSH protocol |
| 389 (Optional) | TCP, UDP | Inbound port, intended for discovery by LDAP |
| 161 (Optional) | SMNP | Input port, intended for device discovery by SMNP protocol |
⚐ Notes:
- It is not necessary to always enable all protocols. The ADM discovery allows you to enable the protocols that are required in the process.
- The ADM agent uses two local ports to establish outbound connection (TCP) such as the connection to the MQTT Broker and communications between agent processes, it handles the ip of the localhost and is dynamic, chosen by the network card, usually ranges greater than 1023 to 65535 are used. It does not require you to do anything in the configuration.
ADM Agent (Cloud Architecture)
| 80 (HTTP) or 443 (HTTPS) | TCP, UDP | Required for output only, intended for connection to ADM repserver or ADM Conserver |
| 1884 | MQTT | Required for output only, intended for connection to the MQTT Broker |
| WebSockets | They establish a persistent bidirectional connection between the ADM agent and the server, required for remote management functionality. |
⚐ Notes:
- For remote administration functionality, the device where the agent is installed must be able to display the repserver’s notification server site: https://Dominio/repserver/Notificationmessage.
- View functionality Remote Management
ADM Agent (With Discovery Capabilities)
| 137 (Optional) | NETBIOS | Ingress port, intended for device discovery by the NETBIOS protocol |
| 22 (Optional) | SSH | Input port, intended for device discovery via the SSH protocol |
| 389 (Optional) | TCP, UDP | Inbound port, intended for discovery by LDAP |
| 161 (Optional) | SMNP | Input port, intended for device discovery by SMNP protocol |
⚐ Notes:
- It is not necessary to always enable all protocols. The ADM Discovery module allows you to enable the protocols that are required in the process.
- The ADM agent uses two local ports to establish outbound connection (TCP) such as the connection to the MQTT Broker and communications between agent processes, it handles the ip of the localhost and is dynamic, chosen by the network card, usually ranges greater than 1023 to 65535 are used. It does not require you to do anything in the configuration.
ADM Agent (With Remote Control Functionality)
For remote control functionality in a cloud and on-premises architecture, the ADM agent installs a Workstation Agent called “Aranda Remote Control Worksation”, for the automatic installation to be performed the ADM agent must be able to visualize the domain of the repserver and everything that is after the installation is performed. / : https://Dominio/repserver/api/ and download files from that site. To connect to these devices, install the Specialist Agent viewer, taking into account the following Requirements and ports for the two components of Remote Control Cloud and Onpremises ↪.
ADM Reference Architecture Diagrams
To visualize the Ports and iteration with the components you can check the following links.