- 8 minutes to read

Release Notes

Prerequisites for the Nodinite Message Queueing Monitoring Agent

💡This page describes the prerequisites for installing and running the Nodinite Message Queueing Monitoring Agent.

Unlock seamless monitoring of your enterprise message queues with the Nodinite Message Queueing Monitoring Agent. This page guides you through all prerequisites to ensure a smooth installation and optimal performance for ActiveMQ, MSMQ, and Azure Service Bus environments.

✅ Effortless integration with leading message queue platforms
✅ Centralized, real-time monitoring for on-premise and cloud deployments
✅ Enhanced security and compliance with granular user rights
✅ Scalable architecture for enterprise-grade reliability

graph LR subgraph "Nodinite" roNI(fal:fa-code-commit Message Queueing Monitoring Agent)--- roMonitor[fal:fa-monitor-waveform Monitoring] end subgraph "Apache" roMonitor --- ro1(fal:fa-list ActiveMQ) end subgraph "Azure" roMonitor --- ro2(fal:fa-list Service Bus Queues) roMonitor --- ro3(fal:fa-list Service Bus Topics) end subgraph "Microsoft/Windows" roMonitor --- ro4(fal:fa-list MSMQ) end subgraph "MuleSoft" roMonitor --- ro5(fal:fa-list AnypointMQ) end

Architecture overview: The Nodinite Message Queueing Monitoring Agent connects to multiple queueing technologies for unified monitoring.

Instances of this agent can be installed on-premise using TCP/IP for local network access and/or in the cloud/off-site using Service Bus Relaying (see also the external link for additional information 'Azure Relay FAQs').

We recommend that you keep this agent close to Nodinite Core Services. This documentation covers local network setup (usually on the Nodinite application server)

Verified Topic
Software Requirements
What Windows User Rights does the Message Queueing Monitoring Agent require?
What ActiveMQ User rights are required?
What MSMQ User rights are required?
What Azure ServiceBus User rights are required?
What Firewall settings are required ?

Software Requirements

The Message Queueing Monitoring Agent is a Windows Service, typically installed on the Nodinite application server for best performance and security.

Product Version/Edition
Windows Server Windows 2025
Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012
.NET Framework .NET Framework 4.8 or later New 6.0
Our recommendation is .NET Framework 4.8.1 or later
ActiveMQ 5.14.0 and later
MSMQ For supported Windows versions. NOTE: Additional roles and features may be required depending on the intended usage
Azure Service Bus Current public (GA) version by Microsoft in Azure

Versions 6.0 and later require .NET Framework 4.8 or later.
Versions 5.4 and later require .NET Framework 4.6.2 or later.
Versions before 5.4 require .NET Framework 4.5.2 or later.

What Windows User Rights does the Message Queueing Monitoring Agent require?

The agent installs as a Windows Service—usually on the Nodinite application server or a supported virtual machine.

What ActiveMQ User rights does the Message Queueing Monitoring Agent require

Review the Apache ActiveMQ Security guide for best practices on securing your message queues.

What MSMQ User rights does the Message Queueing Monitoring Agent require

For MSMQ, refer to the Securing Messages Using Transport Security user guide for configuration and security recommendations.

What Azure ServiceBus User rights does the Message Queueing Monitoring Agent require

The Nodinite Message Queueing Monitoring Agent requires the following Azure Roles to be set on the ClientId/ApplicationId used to connect with the Azure REST API:

Service Name Permission Comment
Service Bus Namespace Azure Service Bus Data Owner Allows for full access to Azure Service Bus resources. Set on Subscription, or Resource Group Level
Subscription Reader Show Details and Match/Validate the Subscription Id with the current configuration.
NOTE: This right inherits to all other Resources in selected Subscription

You can apply these rights on different scopes. For more details, review the Authenticate and authorize an application with Azure Active Directory to access Azure Service Bus entities user guide.

Firewall

Depending on where you install the Nodinite Message Queueing Monitoring Agent in relation to Nodinite Monitoring Service and your network's Internet access, you may need to configure firewalls on different servers. The following diagram illustrates the agent installed on its own server.

Network communication overview: The agent requires specific ports for secure and reliable monitoring across platforms.

graph LR subgraph "Nodinite Core Services Server" roMonitoringService(fal:fa-watch-fitness Monitoring Service) end subgraph "Nodinite Monitoring Agents Server" roNI(fal:fa-monitor-waveform Message Queuing Monitoring agent) end subgraph "ActiveMQ" roMonitoringService --> |8000| roNI ro1(fal:fa-list ActiveMQ Broker) roNI --> |61616| ro1 end subgraph "MSMQ" roNI --> |1801, ...| ro2(fal:fa-cloud ServiceBus) end subgraph "Azure Service Bus" roNI --> |443|ro3(fal:fa-list Queues) roNI --> |443|ro4(fal:fa-list Topics) end subgraph "MuleSoft AnypointMQ" roNI --> |443|ro5(fal:fa-list MuleSoft AnypointMQ) end

1. Between the Message Queueing Monitoring Agent and ActiveMQ Broker

Server types: Agent Server (Message Queueing Monitoring Agent), ActiveMQ Server (Apache ActiveMQ Broker).

ActiveMQ Connection (Agent → ActiveMQ Broker)

The agent connects to the ActiveMQ Broker to monitor queues and topics.

Direction Source Destination Protocol Port(s) Purpose Notes
Outbound Agent Server ActiveMQ Server TCP 61616 ActiveMQ remote connection Default OpenWire protocol port
Inbound ActiveMQ Server Agent Server TCP 61616 Response traffic Allowed automatically by stateful firewalls

Tip

Custom Ports: The ActiveMQ Broker port can be configured in activemq.xml. Common configurations include port 61616 (OpenWire), 8161 (Web Console), 5672 (AMQP), or custom ports. Adjust firewall rules to match your configuration.

Tip

SSL/TLS: For secure ActiveMQ connections, configure SSL on a custom port (e.g., 61617). Ensure the Agent Server trusts the ActiveMQ SSL certificate. See Apache ActiveMQ Security guide for details.

2. Between the Message Queueing Monitoring Agent and MSMQ Service

Server types: Agent Server (Message Queueing Monitoring Agent), MSMQ Server (Microsoft Message Queuing service).

MSMQ Connection (Agent → MSMQ Service)

The agent connects to MSMQ servers to monitor message queues.

Direction Source Destination Protocol Port(s) Purpose Notes
Outbound Agent Server MSMQ Server TCP 1801 MSMQ TCP connection Primary MSMQ port
Outbound Agent Server MSMQ Server UDP 1801 MSMQ UDP connection Alternative MSMQ protocol
Outbound Agent Server MSMQ Server TCP/UDP 135 RPC Endpoint Mapper Maps RPC requests to MSMQ services
Outbound Agent Server MSMQ Server TCP 2101, 2103, 2105 MSMQ RPC Additional MSMQ RPC ports
Outbound Agent Server MSMQ Server UDP 3527 MSMQ Ping MSMQ discovery protocol
Inbound MSMQ Server Agent Server TCP/UDP 135, 1801, 2101, 2103, 2105, 3527 Response traffic Allowed automatically by stateful firewalls

Tip

MSMQ Port List: For a comprehensive list of MSMQ ports, review the Microsoft guide 'Network Ports Used by Message Queuing'.

Tip

MSMQ Security: For production environments, enable MSMQ transport security with encryption and authentication.

3. Between the Message Queueing Monitoring Agent and Azure Service Bus

Server types: Agent Server (Message Queueing Monitoring Agent), Azure Cloud (Azure Service Bus namespace).

Azure Service Bus Connection (Agent → Azure Cloud)

The agent connects to Azure Service Bus to monitor queues and topics using HTTPS and AMQP protocols.

Direction Source Destination Protocol Port(s) Purpose Notes
Outbound Agent Server Azure Cloud (Service Bus) TCP 443 HTTPS Azure REST API Service Bus management and monitoring
Outbound Agent Server Azure Cloud (Service Bus) TCP 5671, 5672 AMQP with TLS Advanced Message Queuing Protocol
Inbound Azure Cloud Agent Server TCP 443, 5671, 5672 Response traffic Allowed automatically by stateful firewalls

Tip

Azure Service Bus Ports: Azure Service Bus supports both HTTPS (port 443) and AMQP (ports 5671, 5672). For details, see Azure Service Bus FAQ - What ports do I need to open on the firewall?

Tip

Connectivity Testing: Use PowerShell to verify connectivity:

Test-NetConnection -ComputerName [service bus name].servicebus.windows.net -Port 5671
Test-NetConnection -ComputerName [service bus name].servicebus.windows.net -Port 5672

Repeat for each unique Azure Service Bus namespace in use.

Tip

Azure Authentication: The agent requires Azure Active Directory authentication. Ensure the ClientId/ApplicationId has Azure Service Bus Data Owner role and Reader role on the Subscription. See Authenticate and authorize an application with Azure Active Directory to access Azure Service Bus entities.

Note

No Inbound Rules on Azure: Azure Service Bus is a cloud service accessed outbound from the Agent Server. No inbound firewall rules are required on the Azure side.

4. Between the Monitoring Service and the Nodinite Message Queueing Monitoring Agent

The following ports must be allowed on the Windows server where the agent is installed and running:

Port Name Inbound Outbound TCP UDP Nodinite Version Comment
53 DNS All The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file)

And further with 'Option 1' or 'Option 2' as documented next:

Option 1a (Nodinite v7 - IIS hosted on local network)

Port Name Inbound Outbound TCP UDP Nodinite Version Comment
Custom HTTP/HTTPS v7 Agent IIS site port (configured during installation in the Portal). Only required if agent is on a remote IIS server

Note

Nodinite v7 IIS Hosting: When agents are hosted in IIS on the same server as the Nodinite application (typical installation), firewall rules are not required between the Monitoring Service and the agent. The custom port is assigned during installation via the Nodinite Portal and only needs to be opened if the agent is hosted on a remote IIS Windows Server.

Option 1b (Nodinite v6 and earlier - Windows Service on local network)

Port Name Inbound Outbound TCP UDP Nodinite Version Comment
8000 RPC v6 and earlier Communication is initiated by the Monitoring Service. Only used with legacy MSI installer on remote Windows servers

Note

Nodinite v6 Legacy: Port 8000 is only used when agents have default installations on remote Windows servers using the legacy MSI installer. This port is not required for Nodinite v7 IIS-hosted agents.

Option 2 (Cloud/Hybrid - All versions)

Use Service Bus Relayed connections when Nodinite and the agent are on totally different networks.

Nodinite uses the same principle technique as the On-Premise data gateway, see 'Adjust communication settings for the on-premises data gateway' user guide.

Port Name Inbound Outbound TCP UDP Nodinite Version Comment
443 HTTPS All Secure outbound traffic
5671, 5672 Secure AMQP All
9350 - 9354 Net.TCP All

Note

DNS Resolution: All servers (Agent Server, ActiveMQ Server, MSMQ Server) require outbound access to DNS on TCP/UDP port 53 for name resolution. This is already listed in section 4 and applies universally. You can optionally solve this using entries in the local hosts file on each server.

Important

Stateful Firewalls: Most modern Windows Firewall implementations are stateful, meaning inbound response traffic for established outbound connections is automatically allowed. The inbound rules listed above are primarily for reference and troubleshooting scenarios where stateful inspection may be disabled or restricted.

Release Notes

Release Notes

For detailed information about the features and bug fixes, please visit the Portal

Next Step

Install Message Queues Monitoring Agent

Add or manage a Monitoring Agent Configuration
Monitoring
Administration