Dell APEX Cloud Platform networking is configured during installation and the initial process.
Consult with your sales representative or partner to prepare your switches and network before installation.
Interfaces within the Dell APEX Cloud Platform use Transport Layer Security (TLS) version 1.2 or later for secure communications. This includes the following:
Network communications are encrypted and authenticated between components using HTTPS or SSH. Clear-text protocols such as Telnet or FTP are not installed.
SSH is disabled by default on the Dell APEX Cloud Platform nodes. If SSH is required for system operations, it is dynamically enabled and disabled by the SSHD after the operation is concluded. If you override the configuration and enable SSH on the nodes, Dell APEX Cloud Platform cannot disable the service after use and the configuration with SSH enabled is retained.
The following ports are used to make the connections on the security control map:
Component or Service | Source-Destination | Port | Protocol |
---|---|---|---|
KCS |
Interface between Windows HCI OS and iDRAC |
NA | NA |
USBNIC |
USBNIC -> Redfish 169.254.0.2/24 |
443 |
TLS |
Active Directory |
Cloud Platform Manager Active Directory |
636 |
LDAPs |
Node iDRAC |
USBNIC -> iDRAC User: vxpsvc Password: autorotated |
443 |
HTTPS |
Management network |
Dell APEX Cloud Platform Manager and HCI OS management network |
NA | NA |
Port proxy |
Port forward -> USBNIC |
9090 |
TLS |
PowerShell |
Interface between APEX Cloud Platform Manager and Windows HCI OS |
5985 |
HTTP |
For the Microsoft firewall requirements, see the Firewall requirements for Azure Stack HCI topic.
Service | URL | Port number | Type | Function |
---|---|---|---|---|
ESE | *.emc.com |
443 8443 |
TCP | Needed for communication between APEX Cloud Platform Manager to Dell Call Home servers. |