22
|
TCP
|
Open
|
SSH
|
SSH is the default method of getting a shell to use the Control Station CLI. Telnet and other related services are not enabled by default. SSH is the recommended method to access the Control Station. Authentication is handled by the SSH daemon and uses the local user account information on the Control Station.
NOTE: Although this port can be closed by running the command
/sbin/service sshd
stop followed by
/sbin/chkconfig
-levels 2345 sshd off, this is not recommended.
|
80
|
TCP
|
Open
|
HTTP
|
This is the standard HTTP port. All HTTP management traffic directed to this port is automatically redirected to the HTTPS port (443). No services are offered over port 80.
|
111
|
TCP
UDP
|
Open
|
rpcbind
|
The standard portmapper or rpcbind process opens this port and is an ancillary network service; it cannot be stopped. If a client system has network connectivity to the port, the client can query it. There is no authentication performed.
|
123
|
UDP
|
Closed
|
NTP
|
This port is related to the NTP (Network Time Protocol). It can be opened when NTP is configured on the Control Station.
|
161
|
TCP/UDP
|
Closed
|
SNMP
Management infrastructure
|
SNMP is a management and monitoring service used by many third-party management tools. The Control Station uses SNMP version 1 as defined by RFC 1157. This version of SNMP does not support modification of any of the monitored values. Authentication is based on a client system using the correct community string. The community string is "public" by default and should be changed.
Use the command
/sbin/service snmpd start followed by/sbin/chkconfig snmpd on from the root account to enable SNMP.
The SNMP service can be disabled by running the command
/sbin/chkconfig snmpd off followed by
/sbin/service snmpd stop from the root account. Disabling SNMP on the Control Station prevents external SNMP management platforms from communicating with the Control Station, including by means of auto-discovery. If you do not use an enterprise management software, you can disable SNMP on the Control Station.
|
199
|
TCP
|
Closed
|
SMUX
|
This port is related to the SNMP service.
|
427
|
TCP
UDP
|
Open
|
SLP
|
Allows hosts (or other resources) to discover available services provided by a storage system.
|
443
|
TCP
|
Open
|
HTTPS
|
This is the standard HTTPS port and is used by both Unisphere and Celerra Monitor for HTTP-based management traffic to the Control Station. When used by Unisphere, an administrator must log in before they are granted access to the system. They are authenticated against the local Control Station administrative user accounts. Celerra Monitor has its own authentication protocol but uses the same set of local administrative user accounts.
|
631
|
TCP
UDP
|
Closed
|
CUPS
IPP
|
(Applicable only to systems running VNX OE for file earlier than version 8.x.) This port is related to the Common Unix Printing System (CUPS) or Internet Printing Protocol (IPP).
|
843
|
TCP
|
Open
|
FLEX/Flash
|
This port is associated with the crossdomain.xml policy file.
|
5988
|
TCP
|
Open
|
SMI-S
|
By default, the EMC CIM server listens on ports 5988 (for http) and 5989 (for https). If these ports are in use by some other process, the CIM server will not start.
SMI-S Provider Programmer's Guide for VNX provides more information about configuring this service.
|
5989
|
TCP
|
Open
|
SMI-S
|
See information in above row for details.
|
6389
|
TCP
|
Open
|
Naviagent
|
This port can be placed behind a firewall.
|
8000
|
TCP
|
Open
|
HTTP
|
This port can be used by Celerra Monitor if HTTPS is not desired for some reason. It is also used for replication commands that go between Control Stations.
Celerra Monitor follows a protocol that requires all incoming traffic to be authenticated and to carry a valid session token. The Control Station to Control Station replication traffic requires that an explicit trust relationship between the Control Stations be established beforehand. Then, each HTTP request is cryptographically signed by the sending Control Station before being sent to the receiving Control Station. Without a valid signature, the HTTP requests will not be accepted.
It is recommended that this port remain enabled.
|
8712
|
TCP
|
Open
|
NBS
|
This port is used by the NBS service for access to the Control Station file system on VNX for file. It is restricted to the private network between the Control Station and Data Mover.
|
9823
|
TCP
|
Open
|
nas_mcd
|
This port is used for the two nas_mcd processes to communicate with each other. It is used in two instances:
- A standby CS asks the primary CS to post events for using port 9823 over the internal network.
- In a VNX for file EMC
SRDF® and EMC
MirrorView™ configuration, the R1 and R2 Control Stations communicate over the IP network by using port 9823.
The Master Control Daemon (MCD) functions as a monitor over the system, similar to a UNIX init process, but with a NAS focus and NAS-specific functionality.
While the port is strictly for communication between nas_mcd processes and provides a very limited interface, no additional authentication is performed (as with standard ancillary network services).
|
9824
|
TCP
|
Open
|
Common Cache
|
This service must bind to multiple internal network interfaces and as a consequence, it binds to the external interface as well. However, incoming requests over the external network are rejected.
If desired, iptables can be used to block external access to this port.
|
9825
|
TCP
|
Open
|
Indication Manager
|
This service must bind to multiple internal network interfaces and as a consequence, it binds to the external interface as well. However, incoming requests over the external network are rejected.
If desired, iptables can be used to block external access to this port.
|
9826
|
TCP
|
Open
|
Indication Manager
|
This service must bind to multiple internal network interfaces and as a consequence, it binds to the external interface as well. However, incoming requests over the external network are rejected.
If desired, iptables can be used to block external access to this port.
|
* See Comments.
|
TCP
UDP
|
Open
|
statd, lockd
|
* Native Linux NFS Remote Procedure Call (RPC) services, such as the
lockd daemon that works with
statd, running on the Control Station use dynamic ports. These dyanmic ports can be closed by running the command:
/sbin/service nfslock
stop followed by
/sbin/chkconfig
--levels 2345 nfslock off
NOTE: Running these commands may prevent NFS from functioning properly.
|