Upgrading from Site Manager v7.2.4091
The latest release of Site Manager makes some important changes to how the Site Manager Server and Agent communicate. Site Manager version 7.2.4091 and earlier use MSMQ (Microsoft Message Queuing) for communication with the Site Manager Agent, this has been changed. See the Changes section below for details.
Because of this, the TCP/IP ports used in communication have changed, please see below for the network rules required for the server and Agent.
The changes below should be reviewed before the upgrade is started - if a firewall change is required and not implemented before upgrade, it will cause upgraded Agents to be unable to connect to the Site Manager server until the change is made
Site Manager Server Networking
The following network ports are used for Site Manager communications. Firewall rules may need to be configured for the incoming traffic sections. Typically outgoing connections will not require firewall rules unless very restrictive firewall configurations are in place.
Site Manager Server - Incoming Traffic
These are ports which the Site Manager listens for TCP connections on. They will likely need firewall rules to be configured to allow access to them.
This port is the main listen port for Agent communications. Agent communications will fail if an Agent cannot connect to this port on the Site Manager server.
The default port of 51515 can be changed to a different port by following the instructions here
|2904||TCP/UDP||Site Manager Web Interface|
This is the default port for the Site Manager web interface. If this port is blocked by firewall, the web interface can only be accessed locally on the Site Manager server.
See Configuration and Security for instructions on how to change this port.
|1801||TCP/UDP||MSMQ communications for legacy agents||This port is used by MSMQ for communications. Older (7.2.4091) Agents will attempt to connect to this port. If all agents have been upgraded, then this port will not be used and can be blocked without affecting Site Manager|
Site Manager Server - Outgoing Traffic
In general, outgoing connections will not need firewall rules, but the types of traffic generated by Site Manager are:
- Site Manager Update and License Checks - HTTPS traffic to updates.macrium.com and api.macrium.com
- MultiSite Integration - If Remote Management is enabled, Site Manager will make HTTPS requests to tunnel.msadmin.macrium.com
- Legacy Agent MSMQ - If older agents are still connecting to Site Manager, MSMQ traffic will be generated (usually to port 1801 of the Agent, but this is part of MSMQ configuration)
- Domain Login - Logging in to the Site Manager web interface using an Active Directory domain account will cause LDAP traffic to be generated on ports 389 or 636.
Other outgoing connections may be made depending on user configuration of Site Manager - e.g. if mail notifications are enabled, SMTP traffic on the configured port will be generated.
Site Manager Agent - Incoming Traffic
The old Agent (version 7.2.4091 or earlier) required ports to be open for MSMQ traffic on each Agent. For the new Agent, no incoming ports are required.
Site Manager Agent - Outgoing Traffic
The new Agent will connect to port 51515 of the Site Manager server, or an alternate port if configured with one. It will also connect directly with the Repository it is backing up to using Windows File Sharing / SMB.
Overview of Changes
The old Site Manager release used Microsoft Message Queuing (MSMQ) to communicate with Agents. After v7.2.4091, the dependency on MSMQ has been dropped. This is to improve the flexibility of the Site Manager Agents on unusual network configurations and support future development.
Using MSMQ, firewall configuration had to be performed on both Agent and Server machines plus name lookup had to be performed in both directions.
Without MSMQ, the communication is all initiated from the Agent computer - this means that firewall configuration only needs to be done on the server end and the Agent can connect more flexibly, via NetBIOS name, DNS name or IP address.
Since the Site Manager server is no longer using the well-known port for MSMQ communications, it will need a new firewall rule to allow Agent traffic. See below for details.
Using a Different Port for Site Manager Traffic
The Site Manager server requires a new port to be open for incoming traffic. This should be set before the upgrade is started to minimize downtime during the upgrade. By default, the new communications for Site Manager requires incoming TCP traffic on port 51515.
If this port is acceptable, no further configuration is required. To use a different port, follow the procedure below before upgrade:
Launch regedit as administrator;
Go to "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Macrium\Site Manager";
Add a new DWORD value;
Rename it to TCPCommPort;
Modify the value to the port number you want to use (be sure the base is set to "Decimal");
The port can be changed after the upgrade is complete via the Site Manager UI, but this may cause disruption as port changes have to be propagated to each agent connected