Best Practices for Port Management in Retail Pro Prism
Understanding and managing ports correctly will allow Retail Pro Prism to work as intended. Specific ports must be open to servers outside of the local store installation of Retail Pro Prism. Use this guide to check for correct port management and for troubleshooting.
1. Apache 80 and 443
Use port 80 for non-SSL connection and port 443 for SSL connections. The Apache ports can be accessed by Prism Proxy and Prism customizations. Also, it can be accessed by Prism TTK when you select REST connection type. If EVERYTHING that connects to Apache runs on a local network you do not have to open it to the world (unless you plan to connect to Prism from the outside while bypassing Proxy, or through Prism TTK).
2. Oracle 1521
Port 1521 is the main port used when the client application connects to Oracle. It could be used by RIL's PrismMgmt.exe, RIL tools (license server included), RIL TTK, reports, etc. It is also used by all Prism services and RIL/Prism customizations. Just as with Apache, if everything runs on a local network you do not need to keep this port open.
3. Prism License Server 6470
Usually, you do not need to open this port. It is accessed by the POSV1 service only, which typically runs on the same box as license server itself. There is no need to connect to it from outside.
5. RIL License Service 6469
The RIL License Server is accessed in two ways. First is via RIL's PrismMgmt.exe when trying to seat a workstation. If you do not expect to run RIL outside the store's network, you do not have to open the port. This port number is also used to establish connection between primary and secondary license servers in RIL to synchronize license data. If you have secondary license servers, keep this port open.
6. RPro ECM 20000
The ECM port number is configurable in ECM. This port is used by EcmExchange when it needs to connect to another EcmExchange. If you do not use EcmExchange for transferring files between locations and only use ECM to run EcmProc locally, this port can remained closed. Otherwise, keep it open.
7. Centrals 50025
This port can be configured in the service manager. Port 50025 is used by RIL's PrismMgmt.exe and Prism (POSV1, BackOffice and Common). It is used for central payments, loyalty, central store credit, central returns, etc. Centrals should be run at the HQ installation, not at the store, so keep this port open at the HQ level. At the store level, it is only an outgoing connection. There is no need to keep this port open in the store network.
8. Prism Proxy 443 (outgoing connection to Apache) and 8080-8089 (configurable, depends on number of Proxies)
For an outgoing connection to Apache there is no need to open the corresponding port. Apache does not open connection to Proxy; it only RECEIVES connection FROM Proxy. In other words, ports 80/443 need to be open if you plan to run Proxy OUTSIDE of a store's network, but this is because Apache will need to have it open (see the comments about Apache above), not because Proxy needs it. The incoming port numbers need to be open only if you plan to have browsers connect to the Proxy that runs in the store's network from outside. If all browsers are running on local computers at the store, you do not need to keep 8080-80XX ports open. The ports may be kept open for use in troubleshooting from outside.
9. AMQ 5671, 5672
5671 is for SSL connections and 5672 is for non-SSL. These are RabbitMQ's ports. These ports are used for federated connections between two RabbitMQs. They are used to transfer data replicated by one PrismMQ to another through two RabbitMQs that are connected. You MUST keep it open if you use Prism replication.
10. RabbitMQ (erl.exe) 4369,5671-5672,25672, 35672-35682, 61613, 61614
These ports are used by RabbitMQ for various tasks. We recommend keeping these ports open because they can be used for communication between stores and the POA (for example, to run remote actions or access remote resources, and, of course, for replication, connection dashboard, etc.).
- 5671 and 5672 For federated connections
- 4369 and 25672 For communicating between multiple RMQ nodes when they work in parallel
- 35672-35682 For RMQ's configuration tools
- 61613 and 61614 For STOMP connections where Prism services connect to RabbitMQ (61614 for SSL connection, 61613 for non-SSL)
11. RabbitMQ Console 15672
This port is used by the RMQ console UI and PrismServices (PrismMQ and others) when they configure queues in RMQ. If you plan to use the RMQ console from outside of the store's network or run Prism services from outside, keep this port open.
12. Krunch 8090
Users will access Krunch Reports using this port by default.