N/A
|
ICMP Types 3, 8, and 11
|
- Protection Software clients
- Other
Protection Software servers
- Protection Storage system
|
Protection Software clients periodically ping the
Protection Software server to determine the best interface for communicating with the MCS. The
Protection Software server sends an ICMP response.
Protection Software servers also ping associated systems, such as replication destinations and
Protection Storage.
|
7
|
TCP
|
Protection Storage system
|
Required to register a
Protection Storage system for storing
Protection Software client backups.
|
23
|
TCP
|
Internal
|
Required for communication with internal switches and for firmware upgrades.
|
25
|
TCP
|
Protection Software Customer Support
|
Required to allow ConnectEMC to make an SMTP connection with Customer Support.
|
53
|
TCP/UDP
|
DNS
|
Required for name resolution and DNS zone transfers. VMware proxy nodes require the TCP connection to DNS.
|
88
|
TCP/UDP
|
Key Distribution Center (KDC)
|
Required for access to Kerberos authentication system.
|
111
|
TCP/UDP
|
RPC port mapper service on the
Protection Storage system
|
Only required when backups are stored on a
Protection Storage system. Access to RPC and NFS port mapper functionality on a
Protection Storage system.
|
123
|
TCP/UDP
|
NTP time servers
|
Provides synchronization of system time from network time protocol servers.
|
161
|
UDP
|
SNMP service on the
Protection Storage system
|
Only required when backups are stored on a
Protection Storage system.
|
389
|
TCP/UDP
|
LDAP
|
Provides access to directory services.
|
443
|
- Hypervisor Platform API
- TCP
|
- Hypervisor Manager
- Protection Software Key Manager
|
-
|
464
|
TCP
|
Key Distribution Center (KDC)
|
Required for access to the Kerberos Change/Set password.
|
902
|
TCP
|
Hypervisor server proxy service
|
-
|
2049
|
TCP/UDP
|
NFS daemon on the
Protection Storage system
|
Only required when backups are stored on a
Protection Storage system.
|
2052
|
TCP/UDP
|
NFS mountd process on the
Protection Storage system
|
Only required when backups are stored on a
Protection Storage system. Outbound communication must be open for both TCP and UDP protocols.
|
5671
|
TCP
|
- localhost
- Other
Protection Software utility nodes
- Protection Software Extended Retention computers
- Backup and Recovery Manager computers
|
Message Bus messaging. Message Bus is a message broker used to enhance asynchronous interprocess communication.
|
5696
|
TCP
|
KMIP-compliant key management server
|
Recommended port for AKM external key management operation.
|
7443
|
TCP
|
Media Access node that hosts
Protection Software Extended Retention
|
Only required when using the
Protection Software Extended Retention feature.
|
7444
|
TCP
|
Hypervisor Manager
|
For utility node configurations that also run the VMware Backup Appliance this port is opened by an if/then clause in the firewall rules. Otherwise, this port is not required. Used to test
Hypervisor Manager credentials.
|
7543
|
HTTPS/SSL
|
Update Manager
|
Web browser clients use this port to create HTTPS connections to
Protection Software Installation Manager. Limit access to trusted administrator computers.
|
7544
|
TCP
|
Update Manager
|
Jetty socket clients use this port to send a shutdown signal to its Jetty web server. Limit access to trusted administrator computers.
|
7543
|
HTTPS
|
Update Manager
|
Used for connections from the
Protection Software Downloader Service computer, and for access Update Manager from other web browser clients.
|
8080
|
TCP
|
NetWorker server
|
For utility node configurations that also run the VMware Backup Appliance this port is opened by an if/then clause in the firewall rules. Otherwise, this port is not required. Used to register with a NetWorker server.
|
8580
|
TCP
|
Computer running
Protection Software Downloader Service
|
Used to make requests for package downloads from the
Protection Software Downloader Service computer.
|
9443
|
TCP
|
Managed
Protection Software servers
|
Protection Software Management Console web services use this outbound port for RMI communication via a dynamically assigned port on managed
Protection Software servers.
|
19000
|
TCP/UDP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
19500
|
TCP/UDP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
20000
|
TCP/UDP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
20500
|
TCP/UDP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
25000
|
TCP/UDP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
25500
|
TCP/UDP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
26000
|
TCP/UDP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
26500
|
TCP/UDP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
27000
|
TCP
|
Protection Software server nodes
|
Protection Software subsystem communication.
|
28001
|
TCP
|
Replication source system and replication target system
|
Replication requires bi-directional access between the replication source
Protection Software server and the replication destination
Protection Software server to permit authentication key exchange.
|
28009
|
TCP
|
VMware proxy
|
MCS access to proxy logs.
|
28011
|
TCP
|
Protection Software Extended Retention Media Access Node
|
The firewall rules open this port when you install support for
Protection Software Extended Retention.
|
29000
|
TCP
|
Protection Software server nodes
|
Protection Software subsystem communication over SSL.
|
30001
|
TCP
|
Protection Software server nodes
|
MCS communication over SSL.
|
30002
|
TCP
|
Protection Software client computers
|
Communication with avagent.
|
30003
|
TCP
|
Protection Software server nodes
|
MCS communication over SSL.
|
30002 - 30009
|
TCP
|
VMware proxy
|
Avagent paging port. Secured communication with VMware proxy.
|
30102
|
TCP
|
VMware proxy
|
Avagent paging port. Secure communication with VMware proxy.
|
61617
|
TCP
|
Media Access node that hosts
Protection Software Extended Retention
|
Only required when using the
Protection Software Extended Retention feature.
|
61619
|
TCP
|
Computer running Backup and Recovery Manager.
|
Required to permit communication with Backup and Recovery Manager.
|