- Notes, cautions, and warnings
- Revision history
- Preface
- Getting Started
- Introducing DDVE
- Deploying DDVE
- Completing Initial DDVE Configuration
- Administering DDVE
- Best Practices for Working with DDVE in the Cloud
- Networking Best Practices for DDVE in the Cloud
- Installing and Configuring DDVE on Block Storage in the Cloud
Dell EMC PowerProtect DDVE on Amazon Web Services 7.9 Installation and Administration Guide
Network infrastructure setup
This section describes security group restrictions for AWS.
Security groups
The security groups restrict access to an instance based on
- Port
- IP range
- Security group (its own or another)
Inbound control
The security groups are stateful which means that the responses to the inbound traffic will be allowed to go out regardless of outbound rules. The following are the inbound ports that are allowed for DDVE.| Port | Service | Description |
|---|---|---|
| TCP 22 | SSH | Used for SSH (CLI) access and for configuring DDVE. |
| TCP 443 | HTTPS | Used for DDSM (GUI) access and for configuring DDVE. |
| TCP 2049 | DD Boost/NFS | Main port used by NFS - can be modified using the nfs set server-port command which requires SE mode. |
| TCP 2051 | Replication/DD Boost/Optimized Duplication | Used only if replication is configured (run replication show config on DD system to determine).This port can be modified using replication modify. |
| TCP 3009 | SMS (system management) | Used for managing a system remotely using DD System Manager. This port cannot be modified. This port is used only on DD systems running DDOS 4.7.x or later. This port will also need to be opened if you plan to configure replication from within the DD System Manager, as the replication partner needs to be added to the DD System Manager. |
Depending on the protocol that is used to backup data to DDVE, additional ports will be allowed with inbound security group rules.
Outbound control
As stated earlier the security groups are stateful, which means that if a request is allowed to be sent out of a DDVE, its responses will be allowed regardless of inbound rules. The following are the outbound ports that shall be allowed for DDVE.
| Port | Service | Description |
|---|---|---|
| UDP 123 | NTP | Used by the DD system to synchronize to a time server. |
| TCP 443 | HTTPS | Used for DDVE to be able to communicate with Object store (S3). |
| TCP 2049 | DD Boost/NFS | Main port used by NFS - can be modified using the nfs set server-port command which requires SE mode. |
| TCP 2051 | Replication/DD Boost/Optimized Duplication | Used only if replication is configured (run replication show config on DD system to determine). This port can be modified using replication modify. |
| TCP 3009 | SMS (system management) | Used for managing a system remotely using DD System Manager. This port cannot be modified. This port is used only on DD systems running DDOS 4.7.x or later. This port will also need to be opened if you plan to configure replication from within the DD System Manager, as the replication partner needs to be added to the DD System Manager. |
Depending on the other applications/services that are being used, additional ports shall be allowed.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\