- Notes, cautions, and warnings
- Preface
- Introduction
- Access Control
- Access control settings
- Security for management access
- Authentication
- Authorization
- Component access controls
- Data security settings
- Password policy
- Physical security controls
- Login banner and message of the day
- Logging
- Communication Security
- Communication security settings
- Port usage
- Ports used by Unisphere components on VNX for block
- How VNX for file works on the network
- Network encryption
- Management support for TLS communications on VNX2 systems
- SSL certificates
- Planning considerations for Public Key Infrastructure on VNX for file
- IP packet reflect on VNX for file systems
- Effect of filtering management network
- vSphere Storage API for Storage Awareness (VASA) support
- Special configurations
- Secure Remote Procedure Call
- Other security considerations
- Data Security Settings
- Data at Rest Encryption overview
- Data at Rest Encryption feature activation
- Encryption status
- Backup keystore file
- Data in place upgrade
- Hot spare operations
- Adding a disk drive to a VNX with encryption activated
- Removing a disk drive from a VNX with encryption enabled
- Replacing a chassis and SPs from a VNX with encryption enabled
- Security Maintenance
- Advanced Management Capabilities
- Secure deployment and usage settings
- TLS cipher suites
- LDAP-based directory server configuration
- VNX for file CLI role-based access
- VNX for file CLI security configuration operations
- Configuring password policy
- Configuring session timeout
- Protect session tokens
- Configuring network encryption and authentication using the SSL protocol
- Configuring PKI
- Creating the certificate provided by the persona
- Using the Control Station as the CA
- Obtaining CA certificates
- Generate a key set and certificate request
- Send the certificate request to the CA
- Import a CA-signed certificate
- List the available CA certificates
- Acquire a CA certificate
- Import a CA certificate
- Generate a new Control Station CA certificate
- Display the certificate
- Distribute the Control Station CA certificate
- Request and Install Customer-Supplied Certificates for Control Station
- Managing PKI
- Customize a login banner
- Create a MOTD
- Restrict anonymous root login
- Locking accounts after a specific number of failed logins
- VNX for block SSL certificate import
EMC® VNX® Series Security Configuration Guide for VNX
Ports used by Unisphere components on VNX for block
VNX for block - Ports used by Unisphere components lists the Unisphere components and the ports that are used for communication.
| Source component | Destination component | Network port | Protocol | Functionality | Type |
|---|---|---|---|---|---|
| Unisphere | Storage management server | 80/443 or 2162/2163 | HTTP/SSL | Basic management | out-of-band |
| Storage management server | Storage management server | 443 or 2163 | HTTP/SSL | Storage system to Storage system domain communication | out-of-band |
| Storage management server | Host Agent | 6389 | TCP | LUN/volume mapping information displayed in Unisphere | out-of-band |
| SP Agent (or Host Agent) | SMTP server | 25 | TCP | Email alerts | out-of-band |
| Host Agent | SP Agent | 6389 | TCP | Central monitoring | out-of-band |
| Unisphere Service Manager | Storage management server | 443 or 2163 | TCP/SSL | Service Tasks | out-of-band |
| Block CLI | Storage management server | 443 or 2163 | TCP/SSL | Basic management | out-of-band |
| RemotelyAnywhere | RemotelyAnywhere Host | 9519, 22 | TCP | Remote Support, login, SSH access | out-of-band |
| Storage management server | LDAP Server | 389 | TCP | Unsecure LDAP queries | out-of-band |
| Storage management server | LDAP Server | 636 | TCP | Secure LDAP queries | out-of-band |
| Storage management server or iSCSI port | iSNS Server | 3205 | TCP | Internet storage naming service (iSNS) | out-of-band |
| iSCSI initiator | VNX OE for block | 3260 | TCP | iSCSI data connection | in-band |
| Unisphere Storage System Initialization Utility | Storage management server | 2162 | UDP | Array Discovery | out-of-band |
| Storage management server | Unisphere Storage System Initialization Utility | 2163 | UDP | Response to discovery request | out-of-band |
| Storage management server | NTP Server | 123 | UDP | NTP time synchronization | out-of-band |
| SP Agent (or Host Agent) | SNMP Manager | 161 | TCP/UDP | SNMP Traps | out-of-band |
| Storage management server | ESX or Virtual Center Server | 443 | HTTP/SSL | VM-aware Unisphere | out-of-band |
a 2162/2163 are alternate port pairs that may be used (not supported on VNX unified systems) to hide the VNX for block from attacks that target the default HTTP and SSL/TLS ports. Only the Java applet download is allowed over the unsecured HTTP port. All other communication to the storage system is with the secure SSL/TLS port.
b iSNS registrations will be sent through whichever port can successfully route the packet to the iSNS server.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\