The DataPower Monitoring Agent has the following prerequisites on the target environment
This page describes the prerequisites for installing and running the IBM DataPower Monitoring Agent.
Software Requirements
- Windows Server 2008 R2 or later
Versions 6.0 and later make use of the .NET Framework 4.8 or later.
Versions 5.4 and subsequently make use of the .NET Framework 4.6.2 or later.
Versions before 5.4 make use of the .NET Framework 4.5.2 or later.
- SQL Server
- Either access to an existing SQL Server instance or the free SQL Express edition.
- The Service account must have DBCreator, read and write access to the database.
Firewall
The IBM DataPower Monitoring Agent has both inbound and outbound communication:
- Between the Monitoring Service and the IBM DataPower Monitoring Agent
- Between the IBM DataPower Monitoring Agent and IBM DataPower Gateway
Server types: Nodinite Server (Monitoring Service), Agent Server (DataPower Monitoring Agent), DataPower Gateway (IBM DataPower appliance).
1. Between the Monitoring Service and DataPower Monitoring Agent
The following ports must be allowed on the Windows server where the agent is installed and running:
Option 1a (Nodinite v7 - IIS hosted on local network)
| Direction | Source | Destination | Protocol | Port(s) | Nodinite Version | Purpose | Notes |
|---|---|---|---|---|---|---|---|
| Inbound | Nodinite Server | Agent Server | TCP | Custom (HTTP/HTTPS) | v7 | Monitoring Service communication | Agent IIS site port configured during installation in the Portal. Only required if agent is on a remote IIS server |
| Outbound | Agent Server | Nodinite Server | TCP | Custom (HTTP/HTTPS) | v7 | Response traffic | Allowed automatically by stateful firewalls |
Note
Nodinite v7 IIS Hosting: When agents are hosted in IIS on the same server as the Nodinite application (typical installation), firewall rules are not required between the Monitoring Service and the agent. The custom port is assigned during installation via the Nodinite Portal and only needs to be opened if the agent is hosted on a remote IIS Windows Server.
Option 1b (Nodinite v6 and earlier - Windows Service on local network)
| Direction | Source | Destination | Protocol | Port(s) | Nodinite Version | Purpose | Notes |
|---|---|---|---|---|---|---|---|
| Inbound | Nodinite Server | Agent Server | TCP | 8000 | v6 and earlier | Monitoring Service communication | Communication initiated by Monitoring Service. Only used with legacy MSI installer on remote Windows servers |
| Outbound | Agent Server | Nodinite Server | TCP | 8000 | v6 and earlier | Response traffic | Allowed automatically by stateful firewalls |
Note
Nodinite v6 Legacy: Port 8000 is only used when agents have default installations on remote Windows servers using the legacy MSI installer. This port is not required for Nodinite v7 IIS-hosted agents.
2. Between the DataPower Monitoring Agent and IBM DataPower Gateway
SNMP Connection (Agent → DataPower Gateway)
The agent uses SNMP (Simple Network Management Protocol) to monitor IBM DataPower Gateway appliances.
| Direction | Source | Destination | Protocol | Port(s) | Purpose | Notes |
|---|---|---|---|---|---|---|
| Outbound | Agent Server | DataPower Gateway | UDP | 161 | SNMP requests | Agent queries DataPower status and metrics |
| Inbound | DataPower Gateway | Agent Server | UDP | 161 | SNMP responses | Allowed automatically by stateful firewalls |
| Inbound | DataPower Gateway | Agent Server | UDP | 162 | SNMP traps | DataPower sends unsolicited event notifications |
Tip
SNMP Versions: The agent supports both SNMP v2 and SNMP v3. For SNMP v2, configure Read Community and Write Community strings. For SNMP v3 (recommended for security), configure Security Name, Security Level, Context Name, and Context Engine ID.
Tip
SNMP v3 Security: SNMP v3 provides authentication and encryption. Use SNMPv3 with authentication (authNoPriv) or authentication + encryption (authPriv) for production environments. Configure the agent with matching credentials.
Tip
SNMP Traps: Port 162 is used for SNMP traps sent from DataPower Gateway to the Agent Server. Ensure inbound UDP 162 is allowed if you want to receive real-time event notifications from DataPower.
Tip
Multiple DataPower Gateways: If monitoring multiple DataPower Gateway appliances, ensure the Agent Server has connectivity to all target gateways on UDP ports 161 and can receive traps on UDP port 162.
Note
DNS Resolution: All servers (Agent Server and DataPower Gateway) require outbound access to DNS on TCP/UDP port 53 for name resolution. You can optionally solve this using entries in the local
hostsfile on each server.
Important
Stateful Firewalls: Most modern Windows Firewall implementations are stateful, meaning inbound response traffic for established outbound connections is automatically allowed. The inbound rules listed above are primarily for reference and troubleshooting scenarios where stateful inspection may be disabled or restricted.
Windows Rights
Local named account or domain account (preferred). Follow this guide 'How to set Logon as a Service right' for more information.
DataPower SNMP Settings
SNMP V2
- Read Community
- Write Community
SNMP V3
- Security Name
- Security Level
- Context Name
- Context Engine ID
Next Step
Add or manage Monitoring Agent
Install DataPower Monitoring Agent