Issue:
What ports are utilized by PowerChute Network Shutdown, and how are they secured?
Product:
PowerChute Network Shutdown 4.x, 5.x
Environment:
All supported OS
Cause:
Informational:
Solution:
PowerChute Network Shutdown utilizes
TCP port 80, 443, 3052, 6547
UDP port 3052
PCNS web interface utilizes ports 3052 and 6547.
When logging in over port 3052, a user is redirected to port 6547 to utilize TLS. PCNS supports TLS 1.3 but will accept connections over TLS 1.2. TLS 1.1 and earlier are not supported except for AIX.
Users are required to provide a username and password. A strong password should be configured.
See PowerChute Network Shutdown Security Handbook for more information.
Optional ports 5000 - 32768 (when HTTP or HTTPS is selected). We recommend using the standard ports listed above; however, they are available if needed.
For PCNS communications to the Network Management Card (NMC):
The default port when PCNS registers with the NMC is 80 for HTTP or 443 for HTTPS. When port 80 is utilized, MD5 authentication is used. Do not change the port number within PCNS unless you change the port used by your NMC. Optional HTTPS ports are 5000 – 32768
When registering with the NMC, PCNS will provide authentication. The PCNS client passes a username and an authentication phrase to the NMC. The authentication phrase and username configured in the PCNS Agent and the NMC must match to allow communication.
When PCNS is restarted, it will communicate with the NMC using HTTP or HTTPS unless a change is made to pcnsconfig.ini. For more information on pcnsconfig.ini, see FAQ FA159757. Also, if Force negotiation is selected on the NMC, HTTP or HTTPS will be utilized to check PCNS settings.
The NMC communicates with PCNS over UDP port 3052. A UDP packet is sent every 25 seconds to ensure communication between the NMC and PCNS Agent. The NMC also sends an Individual Client Notification packet (MACONFIG packet) every 100 seconds. See Application Note 20 for more information. The UDP packets use MD5 authentication, ensuring that the password is never sent in plain text.
See Application Note 20 for more information.
NOTE: No UDP packets will be transmitted if no PowerChute clients are registered with the NMC.
