This section describes security group restrictions for AWS.
Security groups
The security groups restrict access to an instance based on
Port
IP range
Security group (its own or another)
Inbound control
The security groups are stateful which means that the responses to the inbound traffic will be allowed to go out regardless of outbound rules. The following are the inbound ports that are allowed for DDVE.
Table 1. DDVE Inbound Ports
Port
Service
Description
TCP 22
SSH
Used for SSH (CLI) access and for configuring DDVE.
TCP 443
HTTPS
Used for DDSM (GUI) access and for configuring DDVE.
TCP 2049
DD Boost/NFS
Main port used by NFS - can be modified using the nfs set server-port
command which requires SE mode.
TCP 2051
Replication/DD Boost/Optimized Duplication
Used only if replication is configured (run replication show config on DD system to determine).This port can be modified using
replication modify.
TCP 3009
SMS (system management)
Used for managing a system remotely using DD System Manager. This port cannot be modified. This port is used only on DD systems running DDOS 4.7.x or later. This port will also need to be opened if you plan to configure replication from within the DD System Manager, as the replication partner needs to be added to the DD System Manager.
Depending on the protocol that is used to backup data to DDVE, additional ports will be allowed with inbound security group rules.
Outbound control
As stated earlier the security groups are stateful, which means that if a request is allowed to be sent out of a DDVE, its responses will be allowed regardless of inbound rules. The following are the outbound ports that shall be allowed for DDVE.
Table 2. DDVE Outbound Ports
Port
Service
Description
UDP 123
NTP
Used by the DD system to synchronize to a time server.
TCP 443
HTTPS
Used for DDVE to be able to communicate with Object store (S3).
TCP 2049
DD Boost/NFS
Main port used by NFS - can be modified using the
nfs set server-port command which requires SE mode.
TCP 2051
Replication/DD Boost/Optimized Duplication
Used only if replication is configured (run replication show config on DD system to determine). This port can be modified using
replication modify.
TCP 3009
SMS (system management)
Used for managing a system remotely using DD System Manager. This port cannot be modified. This port is used only on DD systems running DDOS 4.7.x or later. This port will also need to be opened if you plan to configure replication from within the DD System Manager, as the replication partner needs to be added to the DD System Manager.
Depending on the other applications/services that are being used, additional ports shall be allowed.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\