To ensure that the Application Real-Time Monitoring Service (ARMS) agent can run as expected, you must connect the ARMS agent to the ARMS server. This topic describes the ports, endpoints, and CIDR blocks that must be enabled to use Application Monitoring.
ARMS agent V3.X and later
Ports
When you use Application Monitoring, you must ensure the connectivity of the following ports to keep the ARMS agent running as expected.
Port | Description |
8080 | The port is provided by Application Configuration Management (ACM). |
8848 | The port is provided by ACM. |
9990 | The port is provided by the trace and metadata endpoints for metadata reporting. |
80 | The port is provided by the trace and metadata endpoints, metric endpoints, and continuous profiling endpoints for trace, metric, and continuous profiling data reporting. |
9092 | The port is provided by the trace and metadata endpoints for application diagnostics. |
9093 | The port is provided by the trace and metadata endpoints for application security. |
Endpoints
To connect your application to Application Monitoring, you must enable the endpoints of ARMS and ACM. The following table lists the ARMS and ACM endpoints in different regions. If the application is deployed in an Alibaba Cloud virtual private cloud (VPC) or connected to a VPC by using an Express Connect circuit, use the internal endpoints of ARMS and ACM. If the application is deployed in a data center or a third-party cloud service, use the public endpoints of ARMS and ACM.
View the endpoints of ARMS and ACM in each region
You can run the Curl command to check whether the host on which your application is deployed is connected to the endpoints of ARMS and ACM. Take the China (Hangzhou) region as an example. Log on to the host where the application is deployed and run the following command to test the network connectivity:
# Test the endpoint of traces and metadata. The HTTP code 200 indicates that the network is accessible.
curl -I -w "%{http_code}" http://arms-dc-hz.aliyuncs.com/api/checkHealth
# Test the endpoint of metadata. The HTTP code 200 indicates that the network is accessible.
curl -I -w "%{http_code}" http://arms-dc-hz.aliyuncs.com:9990/api/checkHealth
# Test the endpoint of metrics. The HTTP code 200 indicates that the network is accessible.
curl -I -w "%{http_code}" http://cn-hangzhou.arms.aliyuncs.com/health/readiness
In some regions where the internal endpoints of ACM are not provided, you must use the public endpoints. In this case, the application must be able to access the Internet.
ARMS CIDR blocks
If the application is deployed in a VPC or connected to a VPC by using an Express Connect circuit, you must enable the ARMS internal endpoints and the 100.0.0.0/8 CIDR block. If the application is deployed in a data center or a third-party cloud service, make sure that the ARMS public endpoints are enabled. However, ARMS does not provide details about the CIDR blocks of the public endpoints.
ACM CIDR blocks
The ARMS agent must connect to the ACM engine to obtain the configurations. The CIDR blocks of the ACM engine can be obtained based on the HTTP APIs provided by ACM and ACM endpoints in different regions. The CIDR blocks remain unchanged for a long time.
curl 'acm.aliyun.com:8080/diamond-server/diamond'
Run the following command to check whether the firewall allows access from the CIDR blocks of the ACM engine.
curl -X GET "http://139.196.XX.XX:8080/diamond-server/config.co?dataId=com.ali.art.logicregion.flow.control.icbu&group=art-control-service" -i
If the relevant configurations cannot be queried, the ACM engine cannot be accessed.
ARMS agent V2.X
Ports
When you use Application Monitoring, you must ensure the connectivity of the following ports to keep the ARMS agent running as expected.
Port | Description |
8080 | The port is provided by ACM. |
8442 | The port is provided by the ARMS endpoints for metadata reporting. |
8443 | The port is provided by the ARMS endpoints for statistical data reporting. |
8883 | The port is provided by the ARMS endpoint for detailed data reporting. |
8848 | The port is provided by the ARMS endpoints for microservice data reporting. |
9092 | The port is provided by the ARMS endpoints for application diagnostics. |
9093 | The port is provided by ARMS endpoints for application security. |
Endpoints
To connect your application to Application Monitoring, you must enable the endpoints of ARMS and ACM. The following table lists the ARMS and ACM endpoints in different regions. If the application is deployed in an Alibaba Cloud VPC or connected to a VPC by using an Express Connect circuit, use the internal endpoints of ARMS and ACM. If the application is deployed in a data center or a third-party cloud service, use the public endpoints of ARMS and ACM.
View the endpoints of ARMS and ACM in each region
You can run the Telnet command to check whether the host on which your application is deployed is connected to the endpoints of ARMS and ACM. Take the China (Hangzhou) region as an example. Log on to the host where the application is deployed and run the following command to test the network connectivity:
telnet arms-dc-hz-internal.aliyuncs.com 8442
telnet arms-dc-hz-internal.aliyuncs.com 8443
telnet arms-dc-hz-internal.aliyuncs.com 8883
telnet arms-dc-hz-internal.aliyuncs.com 9092
telnet arms-dc-hz-internal.aliyuncs.com 9093
telnet addr-hz-internal.edas.aliyun.com 8080
In some regions where the internal endpoints of ACM are not provided, you must use the public endpoints. In this case, the application must be able to access the Internet.
ARMS CIDR blocks
If the application is deployed in a VPC or connected to a VPC by using an Express Connect circuit, you must enable the ARMS internal endpoints and the 100.0.0.0/8 CIDR block. If the application is deployed in a data center or a third-party cloud service, make sure that the ARMS public endpoints are enabled. However, ARMS does not provide details about the CIDR blocks of the public endpoints.
ACM CIDR blocks
The ARMS agent must connect to the ACM engine to obtain the configurations. The CIDR blocks of the ACM engine can be obtained based on the HTTP APIs provided by ACM and ACM endpoints in different regions. The CIDR blocks remain unchanged for a long time.
curl 'acm.aliyun.com:8080/diamond-server/diamond'
Run the following command to check whether the firewall allows access from the CIDR blocks of the ACM engine.
curl -X GET "http://139.196.XX.XX:8080/diamond-server/config.co?dataId=com.ali.art.logicregion.flow.control.icbu&group=art-control-service" -i
If the relevant configurations cannot be queried, the ACM engine cannot be accessed.
References
For more information about the network, see Network.