—

APPLICATION NOTE

UNEM in Firewalled Environment

Configuration and Operation
UNEM in Firewalled Environment - Application Note
Document ID 1KHW028766

Document edition UNEM System Release: R14B

Revision: B
Date: 2021-01-15

Copyright and confidentiality
Copyright in this document vests in Hitachi Power Grids.
Manuals and software are protected by copyright. All rights reserved. The copy-
ing, reproduction, translation, conversion into any electronic medium or
machine scannable form is not permitted, either in whole or in part. The con-
tents of the manual may not be disclosed by the recipient to any third party,
without the prior written agreement of Hitachi Power Grids.
An exception is the preparation of a backup copy of the software for your own
use. For devices with embedded software, the end-user license agreement on
the enclosed CD applies.
This document may not be used for any purposes except those specifically
authorized by contract or otherwise in writing by Hitachi Power Grids.

Disclaimer ABB is a registered trademark of ABB Asea Brown Boveri Ltd.

Manufactured by/for a Hitachi Power Grids company.
ABB Power Grids Switzerland Ltd (hereinafter referred to as ABB Power Grids)
has taken reasonable care in compiling this document, however ABB Power
Grids accepts no liability whatsoever for any error or omission in the informa-
tion contained herein and gives no other warranty or undertaking as to its accu-
racy.
ABB Power Grids can accept no responsibility for damages, resulting from the
use of the network components or the associated operating software. In addi-
tion, we refer to the conditions of use specified in the license contract.
ABB Power Grids reserves the right to amend this document at any time without
prior notice.
The product/software/firmware or the resulting overall solution are designed
for data processing and data transmission and may therefore be connected to
communication networks. It is your sole responsibility to provide and continu-
ously ensure a secure connection between the product/software/firmware or
the resulting overall solution and your network or any other networks (as the
case may be). You shall establish and maintain any appropriate measures (such
as but not limited to the installation of firewalls, application of authentication
measures, encryption of data, installation of anti-virus programs, etc.) to pro-
tect the product/software/firmware or the resulting overall solution, the net-
work, its system and all the interfaces against any kind of security breaches,
unauthorized access, interference, intrusion, leakage and/or theft of data or
information. ABB Power Grids and its affiliates are not liable for damages and/
or losses related to such security breaches, any unauthorized access, interfer-
ence, intrusion, leakage and/or theft of data or information.
Although ABB Power Grids provides functionality testing on the products
including related firmware and software that we release, you should institute
your own testing program for any product updates or other major system
updates (to include but not limited to firmware/software changes, configura-
tion file changes, third party software updates or patches, hardware exchanges,
etc.) to ensure that the security measures that you have implemented have not
been compromised and system functionality in your environment is as
expected.

Copyright 2021 Hitachi Power Grids. All rights reserved. 2

UNEM | R14B

Contents
1 Purpose and Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1 General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 UNEM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.1 UNEM Core component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.2 UNEM Element Agent (EA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.3 UNEM Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
1.3 Inter-Processes Communication between UNEM Components . . . . . . . . . . . . . . . . . . .5
1.3.1 Internal Behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
1.4 Fixed TCP Ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
1.5 UNEM Server - XMC20 Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
1.6 DIRAC to XMC20 Encryption Unit Communication . . . . . . . . . . . . . . . . . . . . . . . . . . .7
1.7 UNEM Server - DIRAC Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
1.8 UNEM Server - UMUX Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
1.9 UNEM Main - Standby Server Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
2 UNEM Firewall Configuration File: firewall.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1 firewall.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1.1 GUI Client Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.2 Linux Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2.1 Firewall Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2.2 Firewalld Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4 Annex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.1 List of Open Ports on UNEM Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
5 Document history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Copyright 2021 Hitachi Power Grids. All rights reserved. 3

UNEM | R14B PURPOSE AND SCOPE

1 Purpose and Scope

1.1 General
The UNEM system can be deployed in a firewalled environment. This feature was intro-
duced starting from release version UNEM R9B.
The UNEM components (Client, Core) can be deployed on different nodes, which in turn
can be separated by firewalls.
These firewalls should be configured to allow communications between the UNEM com-
ponents. The security risk can be minimized by opening only restricted port ranges.
This Application Note provides information for the firewall administrator to configure the
firewalls in the following deployments:
• firewall between UNEM Core and UNEM Client,
• firewall between UNEM Core and XMC20 network.
Deploying the UNEM system in a firewalled environment raises the question of listening
TCP/UDP ports used by applications on both sides of the firewall.
To provide answer to this question, the following major topics are covered:
• Overview of communications between the UNEM components, focusing on the core/
client processes and their corresponding port range to be opened in the firewall.
• Factors/considerations to estimate the number of ports to be opened based on your
UNEM specific implementation.

Please note:
• The actual firewall configuration procedures are beyond the scope of this
document. It is up to the firewall administrator to use the UNEM specific
information provided in this document to configure his network firewalls
accordingly.
• The current implementation of UNEM restricts destination ports and some
of the source ports.
• For SELinux some specific settings are required; see section 2.2 Linux Set-
tings (on page 9).

1.2 UNEM Components

UNEM uses the Client/Server architecture. It consists of the following software compo-
nents:
• UNEM Core
• UNEM Element Agent (EA)
• UNEM GUI Client

1.2.1 UNEM Core component

The core component can only exist once in every UNEM system.
It implements the business logic processing, the data storage, the network modeling and
the data distribution towards user’s GUI.
The core shares its resources with one or several UNEM Clients.

1.2.2 UNEM Element Agent (EA)

The agent component organizes the communication between the UNEM Core and man-
aged NEs.

Copyright 2021 Hitachi Power Grids. All rights reserved. 4

UNEM | R14B PURPOSE AND SCOPE

It acts as a proxy, talking with NE in a specific manner, and dealing with the Core in a uni-
formed protocol.
A single EA may act with hundreds of NE, but only with one Core. Several EA may work for
the same Core.

1.2.3 UNEM Client

UNEM Client offers a set of graphical user interfaces for operating the network, mainly for
Fault, Configuration, Inventory, Performance and Security.
The main GUI interfaces are:
• NEM Desktop
• NEM Configurator
• NEM Network Browser
Depending on the network management deployment, these components can be installed
on a centralized system or distributed systems.
In the context of UNEM deployment in a firewalled environment, this document focuses
on implementing a firewall between
• Client and Core, and
• Agent and managed Network Elements.

Please note:
When a UNEM client is closed, the TCP connection on the client goes into the
state “Waiting”. If the client is restarted immediately, the client recognized
the “Waiting” ports as occupied and takes the next free ports. If the firewall is
enabled, the ea_server_range is limited and there might not be enough free
ports left. This will lead to a starting client which may announce that the con-
nection to the server has been lost. Waiting 75 seconds before starting the
UNEM client again will not lead to connection losses.

1.3 Inter-Processes Communication between UNEM

Components
UNEM uses CORBA and REST technologies for inter-processes communication getting rid
of implementation language and platform specific properties. However, CORBA and REST
technologies work on top of TCP/IP connections, making them subject to restrictions
driven by firewall setup.
The UNEM firewall configuration file, firewall.conf, defines the UNEM CORBA and
REST processes listening port ranges that need to be opened in the firewall.
For details refer to section 2 UNEM Firewall Configuration File: firewall.conf.

1.3.1 Internal Behavior

In this scenario, the UNEM Core and EA components reside in one hardware, which shall
be referred to as the UNEM Server, while the UNEM Client is installed in a separate hard-
ware.
An overview of the communication between UNEM Server and UNEM Client is explained
below:
1 The UNEM Server actively listens for incoming requests from the UNEM Client on TCP
port 5671 (rabbitmq), by default no restriction is applied.
2 The UNEM Server actively listens for incoming requests from the UNEM Client on TCP
port 2809, by default no restriction is applied.

Copyright 2021 Hitachi Power Grids. All rights reserved. 5

UNEM | R14B PURPOSE AND SCOPE

3 The UNEM Client gets references through port 2809 to CORE services in the range
specified by the parameter core_server_range. This range includes TCP listening
ports on the Server.
Note:
In steps 2 and 3 the source TCP ports are controlled by the following configuration
parameters:
− nemdesktop_client_range
− cst_client_range
4 The UNEM Client makes connections to the UNEM Server services.
This requires several TCP port connections from the NEM Desktop to the UNEM Core
Server.

Figure 1: UNEM Server listens, UNEM Client initiates requests

5 The UNEM Client actively listens for notifications and callbacks from the UNEM Server
on any available TCP ports, by default no restriction is applied.
Note:
As basic configuration, the UNEM firewall configuration file proposes the port range
55000-55200 controlled by the following parameters:
− nemdesktop_server_range
− cst_server_range
− hwview_server_range
− ucst_server_range

Figure 2: UNEM Client listens, UNEM Server initiates callbacks

6 Whenever the UNEM administrator opens up new Client Application, e.g. NEM Network
Browser, new TCP port connection is established between the two systems.
All these TCP ports or port ranges must be opened in the firewall in order to establish
communications between UNEM Client and UNEM Server components.

Copyright 2021 Hitachi Power Grids. All rights reserved. 6

UNEM | R14B PURPOSE AND SCOPE

1.4 Fixed TCP Ports

Table 1: UNEM Core Process, fixed TCP ports
Process Destination Port Comment
NS, Corbaloc 2809 CORBA Naming Service
bpreportmgrd 2500 CLI to inventory database
bplinetestmgrd 2700 CLI for POTS line testing (SUBH, SUPC,
SUPM)
ecliproxyd 2600 CLI proxy to XMC20
Key Manager 443 ENP to DIRAC
RabbitMQ 5671 RabbitMQ TLS
Voyager 9005 NEM Voyager APIgateway
apigateway 9443 Public APIgateway
CORBA 40000-40099 CORBA process

1.5 UNEM Server - XMC20 Communication

The UNEM Server communication to the XMC20 network is based on
• TCP connections from UNEM to the ports 5556 and 5558 on the XMC20 side,
• UDP notifications from XMC20 to the UNEM Server on ports specified inside the UNEM
Agent properties (Agent Type “XMC20”, default port is 20736).

1.6 DIRAC to XMC20 Encryption Unit Communication

The key manager DIRAC may be installed on the same server as UNEM and is therefore to
be considered in the firewall rules if applicable. The communication of the key manager
DIRAC to the XMC20 Encryption Unit of the “SECU1” series is based on
• TCP connections from DIRAC to the ports 9009 on the XMC20 (SECU1) side,
• TCP connections (SSH) from DIRAC to the port 22 on the XMC20 (SECU1) side.

1.7 UNEM Server - DIRAC Communication

The UNEM Server communication with the DIRAC key manager is based on
• TCP connections from UNEM to the port 443 on the DIRAC side.

1.8 UNEM Server - UMUX Communication

The UNEM Server communication to the UMUX network is based on
• FTP connections from UNEM to the FTP port 21 and Telnet port 23 on the UMUX
(COBUX) side,
• FTP connection from UMUX to the UNEM Server on ports that cannot be reasonably
narrowed down. You therefore need a stateful firewall and allow the FTP protocol for
such connections, independent of the port.

1.9 UNEM Main - Standby Server Communication

In a redundancy setup with UNEM Main and Standby servers the communication between
the Main and the Standby servers is based on
• TCP connections from any port of the Main server to the port 9005 on the Standby
server, and from any port of the Standby server to the port 9005 on the Main server.

Copyright 2021 Hitachi Power Grids. All rights reserved. 7

UNEM | R14B UNEM FIREWALL CONFIGURATION FILE: FIREWALL.CONF

2 UNEM Firewall Configuration File:

firewall.conf
For SELinux also see section 2.2 Linux Settings (on page 9).

2.1 firewall.conf
To fit the UNEM processes in a firewalled deployment, the port ranges of the UNEM pro-
cesses can be defined and activated:
− UNEM core:
/opt/nem/etc/firewall.conf.
− UNEM Windows client:
C:\Program Files (x86)\UNEM_UI_R14A\etc\firewall.conf
Note:
To activate entries, remove the comment (hash) symbol at the beginning of the line
when editing the firewall.conf file. The UNEM processes need to be restarted (nem-
start) in order for the changes to take effect.
The proposed basic configuration values are shown below:

# for the GUI clients that listen for notifications and

# callbacks, the ORB is listening on a port in the
# ranges defined below. It is possible to define the same
# range for all the GUI client; in this case the next
# available port is used.
# No definition means any port.
# ---------------------------------------
nemdesktop_server_range 54200-55200
hwview_server_range 55000-55200
ucst_server_range 55000-55200

# for the GUI clients that connect to the core, the ORB
# will use the ports in the defined ranges; as each
# process of the core has its own ORB, the GUI client
# uses as many ports as ORB it connects to.
# No definition means any ports.
# ---------------------------------------
nemdesktop_client_range 48000-48020
Note:
Increase the “nemdesktop_client_range” by 10 ports per additional user; e.g. for 5 con-
current users set the range to 48000-48060.

2.1.1 GUI Client Ranges

The UNEM GUI client port ranges define the ranges to be used by the UNEM Client pro-
cesses/applications as listening ports for callbacks and notifications from the UNEM
Core.
With the proposed configuration, all the client applications as listed on the table below,
listen for notifications and callbacks in any of the ports within the range 55000-55200.
This limits the number of simultaneously running client applications (using asynchronous
calls) to 200.
It is sufficient to have one listening port per client application, e.g. 1 listening port per
NEM Desktop client, 1 listening port per map browser, 1 listening port per UCST client, etc.

Copyright 2021 Hitachi Power Grids. All rights reserved. 8

UNEM | R14B UNEM FIREWALL CONFIGURATION FILE: FIREWALL.CONF

It is possible to define the port range per client application to limit the number of
instances an individual application can run simultaneously, e.g. setting the <<nem_desk-
top_server_range>> to 55000-55010 limits the NEM Desktop clients that can simultane-
ously connect to UNEM Core to 10. Likewise, setting the <<ucst_server_range>> to 55061-
55080 allows only a maximum of 20 UCST GUIs to be opened simultaneously.

Table 2: UNEM Client Processes/Applications

Client process port range parameters Purpose
nemdesktop_server_range - Defines the port range that can be used by NEM
Desktop process as listening port for callbacks and
notifications from UNEM Core.
- Defines the number of NEM Desktop clients that can
simultaneously connect to UNEM Core.
- 1 listening port/NEM Desktop client.
hwview_server_range - Defines the number of allowed simultaneously
opened UMUX Hardware Views. Only required for net-
works that include UMUX nodes.
- 1 listening port per Hardware View.
ucst_server_range - Defines the number of allowed simultaneously
opened UCST GUIs. Only required for networks that
include UMUX nodes.
- 1 listening port per UCST GUI.

2.2 Linux Settings

2.2.1 Firewall Settings

The following settings are required. During installation the nem.firewalld file is copied
from “/opt/nem/share/install/lib/nem.firewalld” to “/etc/firewalld/services/nem.xml”.
Make sure the contents of the file “nem.xml” are as follows:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NEM Core Services</short>
<description>NEM Core Service required by NEM Software</description>
<port protocol="tcp" port="2809"/>
<port protocol="tcp" port="40000-40099"/>
<port protocol="udp" port="20736-20756"/>
<port protocol="tcp" port="10161"/>
<port protocol="udp" port="10162"/>
<port protocol="tcp" port="9005"/>
<port protocol="tcp" port="9443"/>
<port protocol="tcp" port="5671"/>
</service>
If you want to use CLIs you need the following additional entries in “nem.xml” as required:
<port protocol="tcp" port="2500"/>
<port protocol="tcp" port="2600"/>
<port protocol="tcp" port="2700"/>

2.2.2 Firewalld Setup

The following specific script is required for the firewall daemon (firewalld). The script
requires the above “nem.xml” file (see Firewall Settings) and has to be executed to apply
the firewall rules:
#!/bin/bash
# Activate / Start firewalld service

Copyright 2021 Hitachi Power Grids. All rights reserved. 9

UNEM | R14B UNEM FIREWALL CONFIGURATION FILE: FIREWALL.CONF

systemctl enable firewalld

systemctl start firewalld

# Apply firewalld rules for the NEM Core Services

firewall-cmd --zone=public --add-service=nem

# Make it persistent
firewall-cmd --zone=public --permanent --add-service=nem

# Exclude UMUX network e.g. eth1 (avoid problems with ftp protocol)
firewall-cmd --zone=trusted --change-interface=eth1

Copyright 2021 Hitachi Power Grids. All rights reserved. 10

UNEM | R14B SUMMARY

3 Summary
The following tables summarize the proposed firewall concept.

Table 3: UNEM Main - Standby Servers Communication

UNEM Main Server Ports UNEM Standby Server Ports
REST Interface HTTPS
Main-Standby communication any TCP 9005
→
Standby-Main communication 9005 TCP any
←

Table 4: UNEM Client - Server Communication

UNEM Client Ports UNEM Server Ports
CORBA Naming Service
nemdesktop_client_range 48000 - 480201 TCP 2809
→
REST Interface HTTPS
any any TCP 9005
any any → 9443
Client Operations
nemdesktop_client_range 48000 - 48020 TCP 40000 - 40099
→
Keep Alive
nemdesktop_client_range 48000 - 48020 TCP any
hwview_server_range 55000 - 55200 ←

ucst_server_range 55000 - 55200

Advanced Message Queuing Protocol (RabbitMQ)
any any TCP 5671
→

1. Expand the range by 10 ports per additional user; e.g. for 5 users set it to 48000 - 48060.

Table 5: UNEM Server - XMC20 Network Communication

UNEM Server Ports XMC20 Ports
Polling
any any TCP 5556
→
Port specified in Agents Agent ports UDP any
←
KOAP over SSH any TCP 5558
→

Table 6: UNEM Server - DIRAC Network Communication

UNEM Server Ports DIRAC Ports
Secure Communication
Secure communication any TCP 93431
→

1. Not required if UNEM Server and DIRAC run on the same machine, which is the recommended set-
up.

Copyright 2021 Hitachi Power Grids. All rights reserved. 11

UNEM | R14B SUMMARY

Table 7: DIRAC - XMC20 Network Communication

DIRAC Ports XMC20 (SECU1) Ports
GRPC Interface HTTPS
any any TCP 9009
→
SSH, SFTP any TCP 22
→

Table 8: UNEM Server - HLM/OSS Communication

UNEM Server Ports HLM Ports
Northbound SNMP interface 101611 TCP any
←
Northbound inventory CLI (if 2500 TCP any
required) ←
Northbound ECLI proxy dae- 2600 TCP any
mon (if required) ←
Northbound line test CLI (if 2700 TCP any
required) ←

1. This is the default port; the port can be configured in /opt/nem/etc/snmpagentd.conf

Copyright 2021 Hitachi Power Grids. All rights reserved. 12

UNEM | R14B ANNEX

4 Annex

4.1 List of Open Ports on UNEM Server

For all processes with “CORBA range 40000-40099”, a port is picked randomly in the
range and will be opened for a client/server CORBA communication.
The range is specified in “/opt/nem/share/install/lib/nem-systemd.env”.
In UNEM R14B the default range is 40000-40049. With UNEM R14B PC1, it will be increased
to 40000-40099 as proposed in this document.

Process Port Fire- Target Type Authen- conf/nem.conf Description

wall tication

nem-base
nem-prwd.service 4800 OFF nem- C++ procwatch_ctl_port
base tcpport
nem-omni-names.service 2809/tcp ON nem- C++ /opt/nem/etc/
base NMS.properties:ns_port
nem-omni-event.service CORBA range nem- C++
40000-40099 base
nem-bp-eventchannel.service nem- C++
base
nem-bp-cred.service nem- C++
base
nem-bp-rmqvh.service 5671/tcp OFF /etc/rabbitmq/rab- local
5672/tcp ON bitmq.conf
15671 OFF
nem-bp-securitymgrd.service CORBA range C++
40000-40099
9192 local rest com-
munication
(available only
from 127.0.0.1)
Agents
XMC agent CORBA range C++ KOAP notifica-
40000-40099 tion receiver.
One port per
range from:
agent.
20736/udp
UMUX agent CORBA range C++ One port per
40000-40099 agent.
range from:
20736/udp
21/ftp ON FTP ftp_port
23/telnet ON TEL- telnet_port
NET
SNMP agent CORBA range C++ SNMP trap
40000-40099 receiver.
default: 162/ One port per
udp agent.
OMS agent CORBA range C++ SNMP trap
40000-40099 receiver.
range from: One port per
20736/udp agent.
Voyager Java processes
nem-bp-discovery.service nem- java
base

Copyright 2021 Hitachi Power Grids. All rights reserved. 13

UNEM | R14B ANNEX

Process Port Fire- Target Type Authen- conf/nem.conf Description

wall tication
nem-bp-apigateway.service 9005 ON nem- java /opt/nem/etc/ client rest com-
base NMS.proper- munication
ties:rest_port Internal REST
router
nem-bp-nemcore.service nem- java
base
nem-bp-mainstandby.service nem- java
base
nem-bp-healthcheck.service nem- java provide REST
core interface for PM
data
nem-bp-publicgateway.ser- 9443 ON java 9443: swagger
vice web page
describing the
public REST API
nem-bp-qoste.service java Audit QoS TE
application
(ENP)
nem-bp-webfrontend.service 9420 java Web server for
PTP map service
management: (both locals
9421 available only
from 127.0.0.1)
nem-core
nem-bp-alarmmgr.service CORBA range C++
40000-40099
nem-bp-blm.service CORBA range C++
40000-40099
nem-bp-eventlogmgr.service CORBA range C++
40000-40099
9199 local rest com-
munication
nem-bp-reportmgr.service CORBA range nem- C++
40000-40099 core
2500 ON/ nbi_inventory_oss_port NEM inventory
OFF northbound
interface
nem-bp-ecliproxy.service 2600 ON/ nem- C++ nbi_eclip_oss_port
OFF core
nem-bp-linetestmgr.service 2700 ON/ nem- C++ nbi_linetest_oss_port
OFF core
nem-bp-networkmgr.service CORBA range C++
40000-40099
9193 local rest com-
munication
nem-bp-networkquery- CORBA range C++
mgr.service 40000-40099
9197 local rest com-
munication
nem-bp-pmasyncmgr.service CORBA range C++ Send PM
40000-40099 requests to
Nodes (XMC20,
UMUX)
nem-bp-pmcollector.service CORBA range java Schedule PM
40000-40099 jobs and write
PM records to
Postgres Data-
base

Copyright 2021 Hitachi Power Grids. All rights reserved. 14

UNEM | R14B ANNEX

Process Port Fire- Target Type Authen- conf/nem.conf Description

wall tication
nem-enp-mgr.service CORBA range C++
40000-40099
3400 OFF enp_cli_port telnet internal
CLI
9191 enp_rest_port local rest com-
munication
nem-enp-secmgr.service CORBA range C++ listening port of
40000-40099 DPM
9196 local rest com-
munication
nem-hlm-snmpnbi.service CORBA range C++ V1/V2/V3 snmp_request_port SNMP requests
40000-40099
default: 10161/ snmp_v1v2_support
tcp
nem-np-networkmgr.service CORBA range C++
40000-40099
9198 local rest com-
munication
nem-bp-taskmgr.service CORBA range C++
40000-40099
9194 local rest com-
munication;
provide task
framework for
the BLM applica-
tion
nem-bp-servicemgr.service CORBA range C++ local rest com-
40000-40099 munication
9195 Service Supervi-
sion application
nem-bp-ptpmap.service 9418 java PTP map Appli-
cation
management: (both locals
9419 available only
from 127.0.0.1)
DIRAC
DIRAC 9343/tcp OFF listening port of
dirac
80 OFF
Others
systemd/rpcbind 111 OFF
rsyslogd 514 OFF
rabbitmq/epmd 4369 OFF a peer discovery
service used by
RabbitMQ
nodes and CLI
tools
postgres 5432 OFF /opt/nem/etc/odbc.ini

Copyright 2021 Hitachi Power Grids. All rights reserved. 15

UNEM | R14B DOCUMENT HISTORY

5 Document history
Table 9: Document history
Document ID UNEM Rev. Date Changes since previous version
Release
1KHW028766 R14A A 2020-07-31 First revision for this product release.
1KHW028766 R14A B 2020-09-04 Extended CORBA / EA port range to 40099. Added list of
open ports per process in section 4.1.
1KHW028766 R14B A 2020-12-02 Updated for latest product release.

Copyright 2021 Hitachi Power Grids. All rights reserved. 16

—
ABB Power Grids Switzerland Ltd
Bruggerstrasse 72
5400 Baden - Switzerland

Phone: please refer to https://www.hitachi-powergrids.com/contact-us/Customer-Connect-Center

(Customer Contact Center)
E-Mail: communication.networks@hitachi-powergrids.com

www.hitachi-powergrids.com/communication-networks

Document ID: 1KHW028766

Copyright 2021 Hitachi Power Grids. All rights reserved.

Specifications subject to change without notice.