This diagram shows the typical Navigator architecture with default ports. There ports are used for communication between components and can all be changed.
The Enterprise Manager is used to configure the environment and can be used to create policies for monitoring the environment. This interface is typically used by the administrator. This console connects to the Domain server (2323) to login and get connectivity information for the other services and then connects to each directly (3000, 3005, 3010) to interact with those services.
The Navigator web browser is the interface used by the majority of users. It connects to the back end services via a web server, provided by Navigator or by the customer and can run HTTP (8080) or HTTPS (443).
The Navigator Explorer (also known as the APWMQ Explorer) is a windows application that is installed on every user computer. Today, most customers prefer web interfaces, but it is still in use at some customers. This interface connects to the Workgroup Server (5010)
There are also utility programs that can connect into the Navigator components but these use the same ports as identified above.
The Domain server acts as registry and security server for the environment. When using LDAP (Active Directory) for authentication, it is the service that makes those requests. As mentioned above, there are 2 ports for the Domain server. A registry service (2323) which is used when connecting. It also hosts services, which are exposed via their own port (3000).
The CEP Server runs the Navigator services and policies. There can be multiple CEP servers, hosting other workgroup servers or completely different components, such as XRay. In older versions, the workgroup server ran externally to the CEP but now runs as a single environment. Each workgroup provides a port that the GUI and utility programs use (4010). Optionally, it supports a REST interface (8019). The workgroup connects to a database server to store configuration, statistics and events as well as to load security settings. Policies can also be configured to write to a database and they typically use the same database instance but different tables, although it is also possible to use a completely different database.
The web server hosts the web applications as noted above. It can be configured for both HTTP and HTTPS access.
The data collectors for Navigator connect to the middleware components, MQ queue managers, EMS brokers or Kafka clusters. There can be many agents or connection managers running, and they can run locally with the server components or on other servers. They could manage from one to hundreds of middleware servers. When running as an agent, the workgroup server connects to it (5010) which then directly connects to the manager. When running as a connection manager, the WGS connects to it (5020) and then it connects using a network interface to the managed application. These ports vary by the type of managed application.
See the related article Where are the port locations configured? on where the ports are defined and used.