Communication Ports

For the configuration of a process integration (XI) landscape, it is necessary to know the network addresses, the ports, and further information such as Internet addresses, to be able to define rules for the security components of the network (such as firewalls and proxies).

According to the technical system landscape, there are several kinds of components within an XI landscape. These components can be partitioned into different network zones in many ways.

Simple Landscape

A simple landscape, for instance, may consist of all central components located within the same network zone and of some sender or receiver components located externally. This implies that all internal technical communication such as exchange profile access or cache refresh takes place internally.

For messaging components, you have to distinguish between push mode and pull mode. In push mode, the message is simply sent to the Integration Server triggered by an external sender. In pull mode, the message is written to a data store by the sender and actively fetched by the messaging component. This mode is implemented in technical adapters like the Mail, JMS, or JDBC adapter.

For push mode protocols and adapters, the following ports and addresses are used for incoming messages.

Ports and addresses for incoming messages:

Protocol/Adapter

Base Protocol

Server/Port

Further Data

XI protocol

HTTP

Integration Server (IS); HTTP and HTTPS port of the IS

Path:

/sap/xi/engine

Plain HTTP adapter

HTTP

IS; HTTP and HTTPS port of the IS

Path:

/sap/xi/adapter_plain

IDoc adapter

RFC

IS; port 33nn where nn is the instance number of the IS application server

(*)

SOAP adapter

HTTP

Central or non-central Adapter Engine (AE); HTTP and HTTPS port of the corresponding AE

Path:

/XISOAPAdapter/MessageServlet?channel=…

See also SAP Note 856597.

RFC adapter

RFC

Central or non-central AE; port 33nn where nn is the instance number of the used gateway

(*)

RNIF adapter

HTTP

Central or non-central AE; HTTP and HTTPS port of the corresponding AE

Path:

/MessagingSystem/receive/RNIFAdapter/RNIF

CIDX adapter

HTTP

Central or non-central AE; HTTP and HTTPS port of the corresponding AE

Path:

/MessagingSystem/receive/CIDXAdapter/CIDX

Marketplace adapter

HTTP

Central or non-central AE; HTTP and HTTPS port of the corresponding AE

Path:

/MessagingSystem/receive/MPA/MML

BC adapter

HTTP

Central or non-central AE; HTTP and HTTPS port of the corresponding AE

Path:

/MessagingSystem/receive/BCAdapter/BC

(*) See also the document TCP/IP Ports Used by SAP Server Software on SAP Service Marketplace at http://service.sap.com/security.

Each technical pull mode adapter running in the Adapter Engine is associated with a data store, for example, a file or database system, to which messages are written or from which messages are read. Consequently, both read and write requests are incoming requests for this message store, and its ports and protocols are therefore relevant for network configuration.

Read and write access

Adapter

Data Store

Read/Write Access Protocol

File adapter

File system

Operating system read/write access

FTP adapter

FTP server

FTP and FTPS; two ports each (see also FTP and FTPS)

Mail adapter

Mail server

SMTP (write access), POP3 (read access), IMAP4; dedicated TCP/IP port

JDBC adapter

Database

Operating system database read/write access

JMS adapter

JMS provider

Dedicated TCP/IP port

Landscape with Non-Central Adapter Engine

If a non-central Adapter Engine (ncAE) is placed in a different network zone, the following communication ports have to be enabled between the ncAE and the other XI components, in addition to the messaging connections of the ncAE.

Mechanisms and ports:

Mechanism

ncAE to XI Landscape

XI Landscape to ncAE

Messaging from/to the IS

HTTP(S) port of the IS

HTTP(S) port of the ncAE J2EE Engine

Cache refresh

HTTP(S) port of the IS J2EE Engine (Integration Directory/Repository)

HTTP(S) port of the ncAE J2EE Engine

SLD access

RFC port of SLD gateway

not applicable

UME user synchronization

RFC port of IS gateway

not applicable

Exchange profile access

RFC port of IS gateway

not applicable

Monitoring (RWB, GRMG, CCMS)

HTTP(S) port of the central monitoring server

HTTP(S) port of the ncAE J2EE Engine

Monitoring (PMI)

HTTP(S) port of the central monitoring server

HTTP(S) port of the ncAE J2EE Engine

Monitoring (alerting)

HTTP(S) port of the central monitoring server

not applicable

TREX (indexing)

HTTP(S) port of the TREX web server

TCP/IP port of the TREX name server (*)

not applicable

(*) See also the document TCP/IP Ports Used by SAP Applications on SAP Service Marketplace at http://service.sap.com/security.