Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
External ports
The external ports must be accessible to allow the cluster to communicate with
servers outside the RecoverPoint system.
21 RPA->FTP server l Outgoing FTP communications; for system info collection l Not possible to
only (TCP) (output only). download ISO
image or to upload
l Used during installation and upgrades to download ISO
logs using FTP.
image, if FTP is specified as the source; not required if
the Deployment Manager server is used as the ISO source l Replication not
(then HTTPs can be used). affected.
l Can be used to upload support logs to the specified FTP
server.
External ports 17
Security Configuration Guide
l Replication not
affected.
25 RPA->SMTP server l Used for sending system mail (SMTP) email alerts from l No email alerts
RPA, if configured (TCP) (output only); sent.
l Used for Call Home events, if configured. l No system reports
sent.
l Replication not
affected.
68 DHCP server->RPA l Used to dynamically provide IP addresses to RPAs l RPA will not be
connecting to the network (UDP). assigned an IP if
DHCP is used.
162 RPA -> Trap receiver l SNMP (TCP) (output only). l No SNMP
notification
l RecoverPoint for VMs: TCP input is no longer used on
this port and may be closed. l Replication not
affected.
l Used for SNMP notifications.
External ports 19
Security Configuration Guide
replication volumes
are not affected)
514 RPA->Syslog server l Syslog (TCP, UDP) (output only). l System logs not
available.
l Used to send Syslog information to an external server.
Only required if Syslog is enabled and an external server is l Replication not
specified. affected.
623 Management client -> IPMI over WAN (UDP). Used by iDRAC/BMC for monitoring No remote hardware
RPA and managing remote RPA operation. management.
636 RPA->LDAP server l LDAP over SSL (TCP) (output only). l No LDAP over SSL
authentication.
l Used for LDAP over SSL user authentication and
authorization. Required only if LDAP using SSL is
configured.
7115 SRM server->RPA l RecoverPoint: For VMware Site Recovery Manager l No vCenter Server
communication (TCP). information or
commands
l RecoverPoint: Used by the RecoverPoint Storage
available.
Replication Adapter to query and manage the RPA. Only
required if Storage Replication Adapter up to version l Replication not
2.2.0.0 is used. affected.
8082 Deployment Manager - l HTTPS protocol for communication with the l No deployment
> RPA RecoverPoint Installation Server (TCP). tools.
l Used by the Deployment Manager during installation and l No installations or
upgrades. Deployment Manager needs to communicate upgrades.
with all RPAs in all clusters. Management ports preferred, l Replication not
WAN ports are used as fallback.
affected.
l Used for log collection. l No log collection.
10161 MIB Browser->RPA l SNMP over TLS (TCP); SNMP over DTLS (UDP). l No encrypted
SNMP.
l Used for SNMP reporting. Only required if SNMP is
configured.
External ports 21
Security Configuration Guide
Intra-cluster ports
The following ports must be accessible to all RPAs in the same cluster, to allow intra-
cluster communication. These ports need not be accessible to any server outside the
cluster.
5021 RPA -> RPA l Used for storage process (TCP, UDP). l Replication not
affected.
6015 RPA -> RPA l For cluster leader arbitration (UDP). l Exposes system to
single point of
l Required for cluster arbitration. Used for redundant
failure (namely, the
communication between RPAs.
repository volume)
l RecoverPoint: WAN ports and Fibre Channel ports are for leader
also used for this purpose. arbitration when
l RecoverPoint for VMs: WAN ports are also used for this there is no
purpose. communication
with other RPAs.
Inter-cluster ports
The following ports must be accessible to clusters in this RecoverPoint system, to
allow inter-cluster communication. These ports need not be accessible to any server
outside the RecoverPoint system.
5001 RPA -> RPA l iperf; performance measuring between RPAs (TCP). l No performance
measurement.
l Used for collecting diagnostic and performance
information between clusters. Best practice is to make l Replication not
this port available, but it is not required. affected.
5080 RPA -> RPA l Connectivity diagnostics tool (TCP, UDP). l No connectivity
diagnostics.
l Used for collecting diagnostic and performance
information between clusters. Best practice is to make l No performance
this port available, but it is not required. measurement.
Inter-cluster ports 23
Security Configuration Guide
l Replication not
affected.
5100 RPA -> RPA l Cluster connector (TCP, UDP), for connecting additional l Cannot add an
clusters. additional cluster
to the
RecoverPoint
system.
8082 RPA -> RPA l Supports log collection: connecting new RPAs to cluster. l Diagnostic tools fail
l Replication not
affected.
l Diagnostic tools fail
l Replication not
affected.
l Cannot collect
support logs from
multiple RPAs.
8084 RPA -> RPA l Used to communicate with configuration database on l No communication
each RPA (TCP) with configuration
database
9999 RPA -> RPA l udponger; connectivity diagnostics tool (UDP). l No connectivity
diagnostics. If tool
l Used for diagnosing UDP connectivity between clusters.
is run, returns
Best practice is to make this port available, but it is not
error.
required.
l Replication not
affected.
Secure administration
This topic provides recommendations about encrypting both communications within
the RecoverPoint system and over the network.
Only encrypted (HTTPS) mode can be used to administer RecoverPoint through the
Management Application GUI.