Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

PowerProtect Data Manager 19.10 Kubernetes User Guide

Port usage

This table summarizes the port requirements for PowerProtect Data Manager and its associated internal and external components or systems. PowerProtect Data Manager audits and blocks all ports that are not listed below.

The PowerProtect DD Security Configuration Guide provides more information about ports for DD systems and protocols.

Table 1. PowerProtect Data Manager port requirementsPowerProtect Data Manager port requirements
Source system Destination system Port Protocol TLS supported Notes
Backup clients DD system 111 TCP No Dynamic port detection and mapping. Used only for port verification, not for data.
Backup clients1 DD system 2049 Proprietary TLS 1.2 Optional DD Boost client TLS encryption.
Backup clients1 DD system 2052 TCP No NFS mountd, not for data.
Backup clients DD Global Scale 2053 TCP TLS 1.2 DD Boost connection.
Backup clients1 PowerProtect Data Manager 8443 HTTPS TLS 1.2 REST API service.
Backup clients VMAX SE server 2707 Proprietary TLS 1.2 Backup clients require access to the default port 2707 on the VMAX SE server. Applies to Storage Direct.
Callhome (SupportAssist) PowerProtect Data Manager 22 SSH TLS 1.2 SSH for support and administration. Encrypted by private key or optional certificates.
Callhome (SupportAssist) PowerProtect Data Manager 443 HTTPS TLS 1.2 SSH for remote support.
ESXi DD system 111 TCP No Dynamic port detection and mapping. Used only for port verification, not for data.
ESXi DD system2 2049 Proprietary TLS 1.2 NFS datastore and DD Boost. NFS is unencrypted. DD Boost is encrypted.
ESXi DD system2 2052 TCP No NFS mountd, not for data.
Kubernetes cluster DD system 111 TCP No Dynamic port detection and mapping. Used only for port verification, not for data.
Kubernetes cluster DD system 2049 Proprietary TLS 1.2 Optional DD Boost client TLS encryption.
Kubernetes cluster DD system 2052 TCP TLS 1.2 NFS mountd, not for data.
Kubernetes cluster ESXi 902 TCP TLS 1.2 vSphere client access for PVCs using VMware CSI. Not required for Tanzu Kubernetes Guest clusters.
Kubernetes cluster Protection engine 9090 HTTPS TLS 1.2/1.3 Required for Tanzu Kubernetes Guest clusters.
Kubernetes cluster vCenter 443 HTTPS TLS 1.2 Primary management interface for vSphere using the vCenter Server, including the vSphere client for PVCs using VMware CSI. Not required for Tanzu Kubernetes Guest clusters.
NAS protection engine NAS appliance 443 HTTPS TLS 1.2 Management access for Unity and PowerStore appliances.
NAS protection engine NAS appliance 8080 HTTPS TLS 1.2 Management access for PowerScale/Isilon appliances.
PowerProtect Data Manager Backup clients 7000 HTTPS TLS 1.2 Microsoft SQL Server, Oracle, Microsoft Exchange Server, SAP HANA, and file system. Requirement applies to Application Direct and VM Direct.
PowerProtect Data Manager Callhome (SupportAssist) 25 SMTP TLS 1.2 TLS version in use depends on the mail server. TLS used where possible.
PowerProtect Data Manager Callhome (SupportAssist) 465 TCP TLS 1.2
PowerProtect Data Manager Callhome (SupportAssist) 587 TCP TLS 1.2
PowerProtect Data Manager Callhome (SupportAssist) 9443 HTTPS TLS 1.2 REST API for service notification.
PowerProtect Data Manager DD system 111 TCP No Dynamic port detection and mapping. Used only for port verification, not for data.
PowerProtect Data Manager DD system 2049 Proprietary No Server DR NFS connections. Used only for metadata, client name, and indexing, not for backup data.
PowerProtect Data Manager DD system 2052 TCP/UDP No NFS mountd, not for data.
PowerProtect Data Manager DD system 3009 HTTPS TLS 1.2 Communication with DDMC for configuration and discovery.
PowerProtect Data Manager ESXi 443 HTTPS TLS 1.2 Depends on ESXi configuration and version.
PowerProtect Data Manager Kubernetes cluster 6443 Proprietary TLS 1.2 Connects to the Kubernetes API server. Encryption depends on the Kubernetes cluster configuration. PowerProtect Data Manager supports TLS 1.2.
PowerProtect Data Manager LDAP server 389 TCP/UDP No Insecure LDAP port, outbound only. Use port 636 for encryption.
PowerProtect Data Manager LDAP server 636 TCP TLS 1.2 LDAPS, depending on LDAP configuration in use. Outbound only.
PowerProtect Data Manager NAS appliance 443 HTTPS TLS 1.2 Management access for Unity and PowerStore appliances.
PowerProtect Data Manager NAS appliance 8080 HTTPS TLS 1.2 Management access for PowerScale/Isilon appliances.
PowerProtect Data Manager NAS share 139 TCP TLS 1.2 Windows file server shares (CIFS).
PowerProtect Data Manager NAS share 443 HTTPS TLS 1.2 NetApp shares (NFS and CIFS). Also used for NAS share verification check.
PowerProtect Data Manager NAS share 445 TCP TLS 1.2 Windows file server shares (CIFS).
PowerProtect Data Manager NAS share 2049 TCP TLS 1.2 Linux file server shares (NFS).
PowerProtect Data Manager NTP server 123 NTP No Time synchronization.
PowerProtect Data Manager PowerProtect Data Manager - Catalog 9760 TCP Internal only. Blocked by firewall.
PowerProtect Data Manager PowerProtect Data Manager - Configuration Manager 55555 TCP Internal only. Blocked by firewall.
PowerProtect Data Manager PowerProtect Data Manager - Elastic Search 9200 TCP Internal only.
PowerProtect Data Manager PowerProtect Data Manager - Elastic Search 9300 TCP Internal only.
PowerProtect Data Manager PowerProtect Data Manager - Embedded VM proxy 9095 TCP Internal only. Blocked by firewall.
PowerProtect Data Manager PowerProtect Data Manager - Quorum peer 2181 TCP Internal only. Blocked by firewall.
PowerProtect Data Manager PowerProtect Data Manager - RabbitMQ 5672 TCP Internal only. Blocked by firewall.
PowerProtect Data Manager PowerProtect Data Manager - Secrets manager 9092 TCP Internal only.
PowerProtect Data Manager PowerProtect Data Manager - VM Direct infrastructure manager 9097 TCP Internal only. Blocked by firewall.
PowerProtect Data Manager PowerProtect Data Manager - VM Direct orchestration 9096 TCP Internal only. Blocked by firewall.
PowerProtect Data Manager Protection engine 22 SSH TLS 1.2 SSH for support and administration. Encrypted by private key or optional certificates.
PowerProtect Data Manager Protection engine 9090 HTTPS TLS 1.2 REST API service.
PowerProtect Data Manager Protection engine 96133 Proprietary TLS 1.2
PowerProtect Data Manager Reporting engine 9002 TCP TLS 1.2 REST API service.
PowerProtect Data Manager Search cluster 9613 Proprietary TLS 1.2 Infrastructure node agent management of Search Engine nodes.
PowerProtect Data Manager Search cluster 14251 Proprietary TLS 1.2 Search query REST API endpoint.
PowerProtect Data Manager SMI-S 5989 HTTPS TLS 1.2 Communication with SMI-S provider. Discovery.
PowerProtect Data Manager Storage Direct system 3009 HTTPS TLS 1.2 Discovery.
PowerProtect Data Manager UI 443 HTTPS TLS 1.2 Between the browser host and the PowerProtect Data Manager system.
PowerProtect Data Manager Update Manager UI 14443 HTTPS TLS 1.2 Connects the host that contains the update package to the PowerProtect Data Manager system.
PowerProtect Data Manager vCenter 443 HTTPS TLS 1.2 vSphere API for direct restore, discovery, initiating Hot Add transport mode, and restores including Instant Access restore. Depends on vCenter configuration.
PowerProtect Data Manager vCenter 7444 Proprietary TLS 1.2 vCenter single sign-on.
PowerProtect Data Manager VMAX Solutions Enabler server 2707 Proprietary TLS 1.2 Storage Direct functionality. PowerProtect Data Manager uses the Solutions Enabler default server port for configuration steps and to control active snapshot management for SnapVX, including for PP-VMAX.
Protection engine DD system 111 TCP No Dynamic port detection and mapping. Used only for port verification, not for data.
Protection engine DD system 2049 Proprietary TLS 1.2 Optional DD Boost client TLS encryption.
Protection engine DD system 2052 TCP No NFS mountd, not for data.
Protection engine DD system 3009 HTTPS TLS 1.2 DD REST API service.
Protection engine ESXi 443 HTTPS TLS 1.2 Client connections.
Protection engine ESXi 902 TCP TLS 1.2 vSphere client access.
Protection engine Guest VM 96133 Proprietary TLS 1.2 VM Direct Agent provides capabilities for file-level restore and application-aware protection.
Protection engine NAS agent Docker container 443 HTTPS TLS 1.2 Applies for NAS only. Internal only. Blocked by firewall.
Protection engine Search cluster 14251 TCP TLS 1.2 Search query REST API endpoint.
Protection engine vCenter 443 HTTPS TLS 1.2 Primary management interface for vSphere using the vCenter server, including the vSphere client.
Protection engine vCenter 7444 TCP TLS 1.2 Secure token service.
Protection engine Protection engine - RabbitMQ 4369 TCP Internal only. Blocked by firewall.
Protection engine Protection engine - RabbitMQ 5672 TCP Internal only. Blocked by firewall.
Reporting engine PowerProtect Data Manager 8443 TCP TLS 1.2 REST API service for collecting reporting data.
Search cluster DD system 111 TCP No Server DR. Dynamic port detection and mapping. Used only for port verification, not for data.
Search cluster DD system 2049 Proprietary No Server DR NFS connections. Used only for metadata, client name, and indexing, not for backup data.
Search cluster DD system 2052 TCP/UDP No Server DR. NFS mountd, not for data.
Source DD system Target DD system 111 TCP No Dynamic port detection and mapping. Used only for port verification, not for data.
Source DD system Target DD system 2049 Proprietary TLS 1.2
Source DD system Target DD system 2051 Proprietary TLS 1.2
Source DD system Target DD system 2052 TCP No NFS mountd, not for data.
Target DD system Source DD system 111 TCP No Dynamic port detection and mapping. Used only for port verification, not for data.
Target DD system Source DD system 2049 Proprietary TLS 1.2
Target DD system Source DD system 2051 Proprietary TLS 1.2
Target DD system Source DD system 2052 TCP No NFS mountd, not for data.
Update Manager UI PowerProtect Data Manager 14443 HTTPS TLS 1.2 Connects the host that contains the update package to the PowerProtect Data Manager system.
User PowerProtect Data Manager 22 SSH TLS 1.2 SSH for support and administration. Encrypted by private key or optional certificates.
User PowerProtect Data Manager 80 HTTP No Redirect to HTTPS.
User PowerProtect Data Manager 443 HTTPS TLS 1.2 Connects the browser host to the PowerProtect Data Manager system.
User PowerProtect Data Manager 8443 HTTPS TLS 1.2 REST API service.
User Search Cluster 22 SSH TLS 1.2 SSH for support and administration. Encrypted by private key or optional certificates.
User Protection engine 22 SSH TLS 1.2 SSH for support and administration. Encrypted by private key or optional certificates.
vCenter ESXi 443 HTTPS TLS 1.2 vSphere client to ESXi/ESX host management connection.
vCenter PowerProtect Data Manager 443 HTTPS TLS 1.2 vCenter plug-in UI.
vCenter PowerProtect Data Manager 8443 HTTPS TLS 1.2 REST API service.
vCenter PowerProtect Data Manager 9009 HTTPS TLS 1.2/1.3 vSphere APIs for Storage Awareness (VASA) provider, storage policy based management (SPBM) service within PowerProtect Data Manager.

The term "protection engine" in this table refers to all types of protection engine: VM Direct, NAS, and Kubernetes, unless otherwise specified.

For VM application-aware backups, open the ports for the protection engine and for the backup clients on the guest VM.

For NAS assets, open any custom ports between PowerProtect Data Manager, the NAS protection engine, and the NAS that may be required for access to specific shares. You can supply custom port information for connections to NAS appliances and shares as part of the process for adding NAS asset sources.


Rate this content

Accurate
Useful
Easy to understand
Was this article helpful?
0/3000 characters
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please provide ratings (1-5 stars).
  Please select whether the article was helpful or not.
  Comments cannot contain these special characters: <>()\