Required TCP ports for Foglight for Virtualization Ent Edition 6.8?

GPI is still available in ver 6.8 We obviously prefer that customers start using IC agent to collect Processes data rather GPI since GPI will be retired at some point but we are not there yet.

Regads

HiPrasad,

John Maxwell advised me to drop GPI from my 6.8 courses even though it is still supported. He wanted me to focus on the Infrastructure cartridge instead.

One easy fix to the diagram is to leave what I have and add an Infrastructure Agent to the fglAM running GPI. I could then add a note that GPI is still supported but is going away and that the Infrastructure agent is preferred. However, I am not sure of the TCP ports for the Infrastructure Agent. Can anyone help me with the port numbers?

I will share what I know….. The ports for IC agent to monitored host are very similar to GPI agent since they both use the same collections methods.

IC agent by default tries WinRM method first over http/https protocol using ports either (80/443) or (5985/5986) depending upon version of WinRM. If this fails then it falls back to WMI/DCOM which uses the ports you already mentioned plus any Dynamic port. For Unix boxes it uses SSH over port 22.

Windows Firewall has a built-in Rule to allow WinRM communication, which can be enabled. So in scenarios where customers are using Windows Firewall or insist on secure communication, it is best to use WinRM rather than mucking around with configuring Dynamic ports for WMI/DCOM. Additionally, WinRM is usually much reliable in. Currently we use the same approach for GPI.

Hope this helps.

Thank you Prasad. This does help but I do have a WinRM question.

WIth GPI, we were recommending WMI, when possible, because WinRM had to be enabled/configured for every monitored host, a tedious task. The WInRM benefit was its ability to go through firewalls.

So has it changed in WIndows that WinRM is now automatically enabled? Because in your staqtement "Windows Firewall has a built-in Rule to allow WinRM communication, which can be enabled" I am not sure if WInRM must be enabled, the firewall rule must be enabled, or both.

Thanks, Michael

Starting with Windows 2008, WinRM is enabled by default however we may have to tweak some of the settings for our agents to work successfully (we have a KB article for that on Supportlink).

Even for WMI/DCOM we do need to fix REG key permissions. So there is manual work involved regardless of using WinRM or WMI/DCOM.

As far as the Firewall Rule, I am not sure if he it is enable by default.

Hi Prasad,

Is the KB article you mentined Knowledge Article 91652 "https://support.quest.com/SolutionDetail.aspx?id=SOL91652&pr=Foglight for Virtualization Enterprise Edition"?

If so, it looks like other than already having WinRM with Windows 2008 and above so that you don't have to download it, you still have to do the same WinRM configuring that you always had to do (e.g., run the winrm quickcofig command or similar using Ruin as Administrator).Yes?

Looking at the Infrastructure Cartridige WindowsAgent wizard to add an unmonitored host, I didn't see any requiremens to run a WinRM command on that unmonitored host to make the monitoring work. So when my trainining course discusses configuring the Infrastructure Agent for a Windows server, must I mention WinRM?

Thanks, Michael

Yes, that’s the KB article.