Communication Ports

If you want to configure a PI landscape, you must know the network addresses, the ports, and further information such as Internet addresses. With this information you are able to define rules for the security components of the network (such as firewalls and proxies).

According to the Technical System Landscape, there are several kinds of components within an PI landscape. These components can be partitioned into different network zones in many ways.

Simple Landscape

A simple landscape, for instance, may consist of all central components located within the same network zone and of some sender or receiver components located externally. This implies that all internal technical communication such as exchange profile access or cache refresh takes place internally.

For messaging components, you have to distinguish between push mode and pull mode. In push mode, the message is simply sent to the Integration Server triggered by an external sender. In pull mode, the message is written to a data store by the sender and actively fetched by the messaging component. This mode is implemented in technical adapters like the Mail, JMS, or JDBC adapter.

For push mode protocols and adapters, the following ports and addresses are used for incoming messages.

Ports and addresses for incoming messages:
Protocol/Adapter	Base Protocol	Server/Port	Further Data
SOAP adapter	HTTP	Central or non-central Advanced Adapter Engine (AAE); HTTP and HTTPS port of the corresponding AAE	Path: /XISOAPAdapter/MessageServlet?channel=... More information: SAP Note 856597.
RFC adapter	RFC	Central or non-central AAE; port 33nn where nn is the instance number of the used gateway	(*)
RNIF adapter	HTTP	Central or non-central AAE; HTTP and HTTPS port of the corresponding AAE	Path: /MessagingSystem/receive/RNIFAdapter/RNIF
CIDX adapter	HTTP	Central or non-central AE; HTTP and HTTPS port of the corresponding AE	Path: /MessagingSystem/receive/CIDXAdapter/CIDX
Marketplace adapter	HTTP	Central or non-central AAE; HTTP and HTTPS port of the corresponding AAE	Path: /MessagingSystem/receive/MPA/MML
BC adapter	HTTP	Central or non-central AAE; HTTP and HTTPS port of the corresponding AAE	Path: /MessagingSystem/receive/BCAdapter/BC

(*) More information: TCP/IP Ports Used by SAP Server Software on SAP Service Marketplace at http://service.sap.com/security.

Each technical pull mode adapter running in the Advanced Adapter Engine is associated with a data store, for example, a file or database system, to which messages are written or from which messages are read. Consequently, both read and write requests are incoming requests for this message store, and its ports and protocols are therefore relevant for network configuration.

Read and write access
Adapter	Data Store	Read/Write Access Protocol
File adapter	File system	Operating system read/write access
FTP adapter	FTP server	FTP and FTPS; two ports each (more information: FTP and FTPS)
Mail adapter	Mail server	SMTP (write access), POP3 (read access), IMAP4; dedicated TCP/IP port
JDBC adapter	Database	Operating system database read/write access
JMS adapter	JMS provider	Dedicated TCP/IP port

Landscape with Non-Central Advanced Adapter Engine

If a non-central Advanced Adapter Engine (ncAAE) is placed in a different network zone, the following communication ports have to be enabled between the ncAAE and the other PI components, in addition to the messaging connections of the ncAAE.

Mechanisms and ports:
Mechanism	ncAAE to PI Landscape	PI Landscape to ncAAE
Cache refresh	HTTP(S) port of the AS Java (Integration Directory and Enterprise Services Repository)	HTTP(S) port of the ncAAE AS Java
SLD access	RFC port of SLD gateway	not applicable
UME user replication	RFC port of IS gateway	not applicable
Monitoring (PMI)	HTTP(S) port of the central monitoring server	HTTP(S) port of the ncAAE AS Java
Monitoring (alerting)	HTTP(S) port of the central monitoring server	not applicable

(*) More information: TCP/IP Ports Used by SAP Applications on SAP Service Marketplace at http://service.sap.com/security.