- Notes, cautions, and warnings
- Introduction
- Upgrade the PowerProtect DP Series Appliance
- Supported upgrade paths
- Prerequisites
- Upgrade the PowerProtect DP Series Appliance
- Upgrade the external VM Proxy
- Update Storage Pool HCL database (applicable for DP5900 model only)
- Upgrade Cyber Recovery for DP4400 and DP5900
- Upgrade from SRS to SCG
- Troubleshoot upgrade validation and upgrade failures
- Troubleshoot Upgrade Validation failures
- Unable to access the ACM UI during appliance upgrade
- Protection Storage
- Used capacity of the / partition on Search exceeds 55 percent
- Used capacity of the partitions other than the / partition on Search exceeds 90 percent
- Protection Software
- Reporting and Analytics
- Data Protection Central
- Cloud DR
- ACM, Hypervisor Manager, and Hypervisor
- Troubleshoot Upgrade failures
- Possible errors with firmware upgrade
- Manual upgrade of PowerProtect DP Series Appliance Server Firmware
- Troubleshoot Upgrade Validation failures
- Network ports
- Protection Software
- Utility node required inbound ports
- Storage node required inbound ports
- Protection Software client required inbound ports
- Protection Software Downloader Service host required inbound port
- Required ports when using a Protection Storage system
- NDMP accelerator node required inbound ports
- Remote management interface inbound ports
- Protection Software VMware Combined Proxy inbound ports
- Inbound ports for the Azure network security group
- Protection Storage
- Data Protection Central
- Search
- Reporting & Analytics
- Secure Connect Gateway
- Remote server management (iDRAC)
- Cloud DR
- Cyber Recovery
- Protection Software
Dell EMC PowerProtect DP Series Appliance 2.7.7 Upgrade Guide for DP4400 and DP5900
Utility node required outbound ports
This section describes the outbound ports that must be accessible to network packets that are sent from an Protection Software utility node.
The following table describes the outbound ports that must be accessible to network packets that are sent from an Protection Software utility node. For each row, the utility node is the source computer that must have outgoing access to the listed port on the listed destination computer.
| Port | Protocol | Destination computer | Additional information |
|---|---|---|---|
| N/A |
ICMP |
|
Protection Software clients periodically ping the Protection Software server to determine the best interface for communicating with the MCS. The Protection Software server sends an ICMP response. Protection Software servers also ping associated systems, such as replication destinations and Protection Storage. |
| 7 | TCP | Protection Storage system | Required to register a Protection Storage system for storing Protection Software client backups. |
| 23 | TCP | Internal | Required for communication with internal switches and for firmware upgrades. |
| 25 | TCP | Protection Software Customer Support | Required to allow ConnectEMC to make an SMTP connection with Customer Support. |
| 53 | TCP/UDP | DNS | Required for name resolution and DNS zone transfers. VMware proxy nodes require the TCP connection to DNS. |
| 88 | TCP/UDP | Key Distribution Center (KDC) | Required for access to Kerberos authentication system. |
| 111 | TCP/UDP | RPC port mapper service on the Protection Storage system | Only required when backups are stored on a Protection Storage system. Access to RPC and NFS port mapper functionality on a Protection Storage system. |
| 123 | TCP/UDP | NTP time servers | Provides synchronization of system time from network time protocol servers. |
| 161 | UDP | SNMP service on the Protection Storage system | Only required when backups are stored on a Protection Storage system. |
| 389 | TCP/UDP | LDAP | Provides access to directory services. |
| 443 |
|
|
- |
| 464 | TCP | Key Distribution Center (KDC) | Required for access to the Kerberos Change/Set password. |
| 902 | TCP | Hypervisor server proxy service | - |
| 2049 | TCP/UDP | NFS daemon on the Protection Storage system | Only required when backups are stored on a Protection Storage system. |
| 2052 | TCP/UDP | NFS mountd process on the Protection Storage system | Only required when backups are stored on a Protection Storage system. Outbound communication must be open for both TCP and UDP protocols. |
| 5671 | TCP |
|
Message Bus messaging. Message Bus is a message broker used to enhance asynchronous interprocess communication. |
| 5696 | TCP | KMIP-compliant key management server | Recommended port for AKM external key management operation. |
| 7443 | TCP | Media Access node that hosts Protection Software Extended Retention | Only required when using the Protection Software Extended Retention feature. |
| 7444 | TCP | Hypervisor Manager | For utility node configurations that also run the VMware Backup Appliance this port is opened by an if/then clause in the firewall rules. Otherwise, this port is not required. Used to test Hypervisor Manager credentials. |
| 7543 | HTTPS/SSL | Update Manager | Web browser clients use this port to create HTTPS connections to Protection Software Installation Manager. Limit access to trusted administrator computers. |
| 7544 | TCP | Update Manager | Jetty socket clients use this port to send a shutdown signal to its Jetty web server. Limit access to trusted administrator computers. |
| 7543 | HTTPS | Update Manager | Used for connections from the Protection Software Downloader Service computer, and for access Update Manager from other web browser clients. |
| 8080 | TCP | NetWorker server | For utility node configurations that also run the VMware Backup Appliance this port is opened by an if/then clause in the firewall rules. Otherwise, this port is not required. Used to register with a NetWorker server. |
| 8580 | TCP | Computer running Protection Software Downloader Service | Used to make requests for package downloads from the Protection Software Downloader Service computer. |
| 9443 | TCP | Managed Protection Software servers | Protection Software Management Console web services use this outbound port for RMI communication via a dynamically assigned port on managed Protection Software servers. |
| 19000 | TCP/UDP | Protection Software server nodes | Protection Software subsystem communication. |
| 19500 | TCP/UDP | Protection Software server nodes | Protection Software subsystem communication. |
| 20000 | TCP/UDP | Protection Software server nodes | Protection Software subsystem communication. |
| 20500 | TCP/UDP | Protection Software server nodes | Protection Software subsystem communication. |
| 25000 | TCP/UDP | Protection Software server nodes | Protection Software subsystem communication. |
| 25500 | TCP/UDP | Protection Software server nodes | Protection Software subsystem communication. |
| 26000 | TCP/UDP | Protection Software server nodes | Protection Software subsystem communication. |
| 26500 | TCP/UDP | Protection Software server nodes | Protection Software subsystem communication. |
| 27000 | TCP | Protection Software server nodes | Protection Software subsystem communication. |
| 28001 | TCP | Replication source system and replication target system | Replication requires bi-directional access between the replication source Protection Software server and the replication destination Protection Software server to permit authentication key exchange. |
| 28009 | TCP | VMware proxy | MCS access to proxy logs. |
| 28011 | TCP | Protection Software Extended Retention Media Access Node | The firewall rules open this port when you install support for Protection Software Extended Retention. |
| 29000 | TCP | Protection Software server nodes | Protection Software subsystem communication over SSL. |
| 30001 | TCP | Protection Software server nodes | MCS communication over SSL. |
| 30002 | TCP | Protection Software client computers | Communication with avagent. |
| 30003 | TCP | Protection Software server nodes | MCS communication over SSL. |
| 30002 - 30009 | TCP | VMware proxy | Avagent paging port. Secured communication with VMware proxy. |
| 30102 | TCP | VMware proxy | Avagent paging port. Secure communication with VMware proxy. |
| 61617 | TCP | Media Access node that hosts Protection Software Extended Retention | Only required when using the Protection Software Extended Retention feature. |
| 61619 | TCP | Computer running Backup and Recovery Manager. | Required to permit communication with Backup and Recovery Manager. |
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\