Chapter 10 445
Tuning, Troubleshooting, Security, and Maintenance
ITO Security
ITO assigns port numbers dynamically to those processes that are
granted an RPC connection. The port numbers are configurable and are
checked against the range defined in the GUI each time an RPC server
registers itself. Information relating to the assignment of ITO-specific
port numbers may be found in:
❏ the llbd (for NCS)
❏ the rpcd/ dced (for DCE)
NOTE NCS agents will not run on managed nodes where a DCE agent is
installed and running unless NCS support is built into the rpcd/ dced.
Table 10-8 on page 445 lists the ports that ITO requires. For more
information on port restrictions in a firewall environment, see Figure
10-2 on page 449.
Table 10-8 Port Allocation in ITO
If a service request for a port number within the range specified is
refused because none is available, the process will not start. If such an
occurrence arises, you can stop the ITO server processes and use the
utility /opt/OV/bin/OpC/utils/opc_reset_ports to delete the
Service Protocol Inbound Ports Outbound Ports
NCS llbd UDP 135 above 1023
NCS glbd (licensing) UDP (broadcast) above 1023
DCE rpcd UDP/TCP 135 above 1023
ftpd TCP 20 (data transfer)
21 (control)
above 1023
rexecd TCP 512 below 1023
rlogind TCP 513 below 1023
telnetd TCP 23 above 1023
remshd TCP 514 below 1023
DCE/NCS RPC server processes UDP/TCP configurable;
recommended: >1023
above 1023
ITO heartbeat polling ICMP - -
