Required ports
The following ports must be opened on the machine where IMS will be installed.
|
Component |
Source |
Destination |
Port |
Protocol |
Direction |
Required |
Description |
|---|---|---|---|---|---|---|---|
| Kafka | IMS Servers | IMS Kafka Server | 9092 | TCP | Outbound | true | Communication between IMS services through send and receive messages over Kafka |
| PostgreSQL | IMS Servers | IMS DB Server | 5432 | TCP/IP | Outbound | true | Communication between IMS services and IMS DB |
| PostgreSQL-PG Bouncer | IMS Servers | IMS DB Server | 6432 | TCP/IP | Outbound | true | Communication between IMS services and IMS DB through PG Bouncer which manages the PostgreSQL connection pooling |
| Identity | IMS Application Servers | IEE Tenant Management | 10800 | HTTPS | Outbound | true | Used for authentication and authorization for Monitoring Service, Hot Reading Query API |
| AMM SOAP Egress Transport | IMS Server | AMM | 3009 | HTTPS | Outbound | true | To connect to AMM system |
| JMS Ingress Transport | IMS Servers | JMS | 7243 | SSL | Outbound | true | To connect to JMS/TIBCO |
| AMM Command Egress Transform | IMS Servers | DMS | 7080 | HTTP | Outbound | false | To fetch ESN/MACID mappings from DMS in unsecured mode |
| AMM Command Egress Transform | IMS Servers | DMS | 7043 | HTTPS | Outbound | true | To fetch ESN/MACID mappings from DMS in secured mode |
| SOAP Ingress Transport | IEE Device Comm | IMS Server | 5000 | HTTPS | Inbound | true | Host the SOAP Transport in secured mode with Transport level certificate |
| SOAP Ingress Transport | IEE Device Comm | IMS Server | 5001 | HTTP | Inbound | true | Host the SOAP Transport in unsecured mode |
| Monitoring Service | IEE Web UI (Edge Explorer) | IMS Server | 8010 | HTTPS | Inbound | true | UI calls to Monitoring Service to get the metrics |
| Readings Metadata API | Any IMS Service | Readings Metadata API | 5010 | HTTPS, HTTP | Inbound | true | Host the Readings Metadata API |
| Hot Reading Query API | IEE Rest API or GRPC client | Hot Reading Query API | 9001 | HTTPS, TLS | Inbound | true | Host the Hot Reading Query API (GRPC Service) in secured mode with Transport level certificate |
| Hot Reading Query API | IEE Rest API or GRPC client | Hot Reading Query API | 9000 | HTTP2 | Inbound | true | Host the Hot Reading Query API (GRPC Service) in Unsecured mode with HTTP2 |
| AMM Portal | IMS Servers | AMM | 3010, 6343 | HTTPS | Outbound | False | This is to connect AMM Portal to Investigate any issues for troubleshooting |
| ADS Pipelines | IMS Servers | itron.visualstudio.com | 443 | HTTPS | Outbound | true | To perform installation through ADS release pipeline to the server/virtual machine |
| ADS Pipelines | IMS Servers | download.visualstudio.microsoft.com | 443 | HTTPS | Outbound | true | To download installer package from blob while performing remote installation through ADS pipeline to the server/virtual machine |
| ADS Pipelines | IMS Severs | str1use1ihc1prod.blob.core.windows.net | 443 | HTTPS, TLS | Outbound | true | To download installer package from blob while performing remote installation through ADS pipeline to the server/virtual machine |
| ADS Pipelines | IMS Servers | vstsagentpackage.azureedge.net | 443 | HTTPS, TLS | Outbound | true | To download the ADS Agent that performs the deployment tasks on the target machines (required only at initial install) |
Note: IMS also needs connectivity to https://vstsagentpackage.azureedge.net to download the VSTS agent. This is a one-time activity. Once the VSTS agent setup is complete, this connectivity is no longer needed, so it does not need to be added to the required list. It is required only if the installation is performed through the ADS release pipeline.
See also Port connectivity verification.