Backup clients
|
DD system
|
111
|
TCP
|
No
|
Dynamic port detection and mapping. Used only for port verification, not for data.
|
Backup clients1
|
DD system
|
2049
|
Proprietary
|
TLS 1.2
|
Optional DD Boost client TLS encryption.
|
Backup clients1
|
DD system
|
2052
|
TCP
|
No
|
NFS
mountd, not for data.
|
Backup clients
|
DD Global Scale
|
2053
|
TCP
|
TLS 1.2
|
DD Boost connection.
|
Backup clients1
|
PowerProtect Data Manager
|
8443
|
HTTPS
|
TLS 1.2
|
REST API service.
|
Backup clients
|
VMAX SE server
|
2707
|
Proprietary
|
TLS 1.2
|
Backup clients require access to the default port 2707 on the VMAX SE server. Applies to Storage Direct.
|
Callhome (SupportAssist)
|
PowerProtect Data Manager
|
22
|
SSH
|
TLS 1.2
|
SSH for support and administration. Encrypted by private key or optional certificates.
|
Callhome (SupportAssist)
|
PowerProtect Data Manager
|
443
|
HTTPS
|
TLS 1.2
|
SSH for remote support.
|
ESXi
|
DD system
|
111
|
TCP
|
No
|
Dynamic port detection and mapping. Used only for port verification, not for data.
|
ESXi
|
DD system2
|
2049
|
Proprietary
|
TLS 1.2
|
NFS datastore and DD Boost. NFS is unencrypted. DD Boost is encrypted.
|
ESXi
|
DD system2
|
2052
|
TCP
|
No
|
NFS
mountd, not for data.
|
Kubernetes cluster
|
DD system
|
111
|
TCP
|
No
|
Dynamic port detection and mapping. Used only for port verification, not for data.
|
Kubernetes cluster
|
DD system
|
2049
|
Proprietary
|
TLS 1.2
|
Optional DD Boost client TLS encryption.
|
Kubernetes cluster
|
DD system
|
2052
|
TCP
|
TLS 1.2
|
NFS
mountd, not for data.
|
Kubernetes cluster
|
ESXi
|
902
|
TCP
|
TLS 1.2
|
vSphere client access for PVCs using VMware CSI. Not required for Tanzu Kubernetes Guest clusters.
|
Kubernetes cluster
|
Protection engine
|
9090
|
HTTPS
|
TLS 1.2/1.3
|
Required for Tanzu Kubernetes Guest clusters.
|
Kubernetes cluster
|
vCenter
|
443
|
HTTPS
|
TLS 1.2
|
Primary management interface for vSphere using the vCenter Server, including the vSphere client for PVCs using VMware CSI. Not required for Tanzu Kubernetes Guest clusters.
|
NAS protection engine
|
NAS appliance
|
443
|
HTTPS
|
TLS 1.2
|
Management access for Unity and PowerStore appliances.
|
NAS protection engine
|
NAS appliance
|
8080
|
HTTPS
|
TLS 1.2
|
Management access for PowerScale/Isilon appliances.
|
PowerProtect Data Manager
|
Backup clients
|
7000
|
HTTPS
|
TLS 1.2
|
Microsoft SQL Server, Oracle,
Microsoft Exchange Server, SAP HANA, and file system. Requirement applies to Application Direct and VM Direct.
|
PowerProtect Data Manager
|
Callhome (SupportAssist)
|
25
|
SMTP
|
TLS 1.2
|
TLS version in use depends on the mail server. TLS used where possible.
|
PowerProtect Data Manager
|
Callhome (SupportAssist)
|
465
|
TCP
|
TLS 1.2
|
|
PowerProtect Data Manager
|
Callhome (SupportAssist)
|
587
|
TCP
|
TLS 1.2
|
|
PowerProtect Data Manager
|
Callhome (SupportAssist)
|
9443
|
HTTPS
|
TLS 1.2
|
REST API for service notification.
|
PowerProtect Data Manager
|
DD system
|
111
|
TCP
|
No
|
Dynamic port detection and mapping. Used only for port verification, not for data.
|
PowerProtect Data Manager
|
DD system
|
2049
|
Proprietary
|
No
|
Server DR NFS connections. Used only for metadata, client name, and indexing, not for backup data.
|
PowerProtect Data Manager
|
DD system
|
2052
|
TCP/UDP
|
No
|
NFS
mountd, not for data.
|
PowerProtect Data Manager
|
DD system
|
3009
|
HTTPS
|
TLS 1.2
|
Communication with DDMC for configuration and discovery.
|
PowerProtect Data Manager
|
ESXi
|
443
|
HTTPS
|
TLS 1.2
|
Depends on ESXi configuration and version.
|
PowerProtect Data Manager
|
Kubernetes cluster
|
6443
|
Proprietary
|
TLS 1.2
|
Connects to the Kubernetes API server. Encryption depends on the Kubernetes cluster configuration.
PowerProtect Data Manager supports TLS 1.2.
|
PowerProtect Data Manager
|
LDAP server
|
389
|
TCP/UDP
|
No
|
Insecure LDAP port, outbound only. Use port 636 for encryption.
|
PowerProtect Data Manager
|
LDAP server
|
636
|
TCP
|
TLS 1.2
|
LDAPS, depending on LDAP configuration in use. Outbound only.
|
PowerProtect Data Manager
|
NAS appliance
|
443
|
HTTPS
|
TLS 1.2
|
Management access for Unity and PowerStore appliances.
|
PowerProtect Data Manager
|
NAS appliance
|
8080
|
HTTPS
|
TLS 1.2
|
Management access for PowerScale/Isilon appliances.
|
PowerProtect Data Manager
|
NAS share
|
139
|
TCP
|
TLS 1.2
|
Windows file server shares (CIFS).
|
PowerProtect Data Manager
|
NAS share
|
443
|
HTTPS
|
TLS 1.2
|
NetApp shares (NFS and CIFS). Also used for NAS share verification check.
|
PowerProtect Data Manager
|
NAS share
|
445
|
TCP
|
TLS 1.2
|
Windows file server shares (CIFS).
|
PowerProtect Data Manager
|
NAS share
|
2049
|
TCP
|
TLS 1.2
|
Linux file server shares (NFS).
|
PowerProtect Data Manager
|
NTP server
|
123
|
NTP
|
No
|
Time synchronization.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - Catalog
|
9760
|
TCP
|
|
Internal only. Blocked by firewall.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - Configuration Manager
|
55555
|
TCP
|
|
Internal only. Blocked by firewall.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - Elastic Search
|
9200
|
TCP
|
|
Internal only.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - Elastic Search
|
9300
|
TCP
|
|
Internal only.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - Embedded VM proxy
|
9095
|
TCP
|
|
Internal only. Blocked by firewall.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - Quorum peer
|
2181
|
TCP
|
|
Internal only. Blocked by firewall.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - RabbitMQ
|
5672
|
TCP
|
|
Internal only. Blocked by firewall.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - Secrets manager
|
9092
|
TCP
|
|
Internal only.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - VM Direct infrastructure manager
|
9097
|
TCP
|
|
Internal only. Blocked by firewall.
|
PowerProtect Data Manager
|
PowerProtect Data Manager - VM Direct orchestration
|
9096
|
TCP
|
|
Internal only. Blocked by firewall.
|
PowerProtect Data Manager
|
Protection engine
|
22
|
SSH
|
TLS 1.2
|
SSH for support and administration. Encrypted by private key or optional certificates.
|
PowerProtect Data Manager
|
Protection engine
|
9090
|
HTTPS
|
TLS 1.2
|
REST API service.
|
PowerProtect Data Manager
|
Protection engine
|
96133
|
Proprietary
|
TLS 1.2
|
|
PowerProtect Data Manager
|
Reporting engine
|
9002
|
TCP
|
TLS 1.2
|
REST API service.
|
PowerProtect Data Manager
|
Search cluster
|
9613
|
Proprietary
|
TLS 1.2
|
Infrastructure node agent management of Search Engine nodes.
|
PowerProtect Data Manager
|
Search cluster
|
14251
|
Proprietary
|
TLS 1.2
|
Search query REST API endpoint.
|
PowerProtect Data Manager
|
SMI-S
|
5989
|
HTTPS
|
TLS 1.2
|
Communication with SMI-S provider. Discovery.
|
PowerProtect Data Manager
|
Storage Direct system
|
3009
|
HTTPS
|
TLS 1.2
|
Discovery.
|
PowerProtect Data Manager
|
UI
|
443
|
HTTPS
|
TLS 1.2
|
Between the browser host and the
PowerProtect Data Manager system.
|
PowerProtect Data Manager
|
Update Manager UI
|
14443
|
HTTPS
|
TLS 1.2
|
Connects the host that contains the update package to the
PowerProtect Data Manager system.
|
PowerProtect Data Manager
|
vCenter
|
443
|
HTTPS
|
TLS 1.2
|
vSphere API for direct restore, discovery, initiating Hot Add transport mode, and restores including Instant Access restore. Depends on vCenter configuration.
|
PowerProtect Data Manager
|
vCenter
|
7444
|
Proprietary
|
TLS 1.2
|
vCenter single sign-on.
|
PowerProtect Data Manager
|
VMAX Solutions Enabler server
|
2707
|
Proprietary
|
TLS 1.2
|
Storage Direct functionality.
PowerProtect Data Manager uses the Solutions Enabler default server port for configuration steps and to control active snapshot management for SnapVX, including for PP-VMAX.
|
Protection engine
|
DD system
|
111
|
TCP
|
No
|
Dynamic port detection and mapping. Used only for port verification, not for data.
|
Protection engine
|
DD system
|
2049
|
Proprietary
|
TLS 1.2
|
Optional DD Boost client TLS encryption.
|
Protection engine
|
DD system
|
2052
|
TCP
|
No
|
NFS
mountd, not for data.
|
Protection engine
|
DD system
|
3009
|
HTTPS
|
TLS 1.2
|
DD REST API service.
|
Protection engine
|
ESXi
|
443
|
HTTPS
|
TLS 1.2
|
Client connections.
|
Protection engine
|
ESXi
|
902
|
TCP
|
TLS 1.2
|
vSphere client access.
|
Protection engine
|
Guest VM
|
96133
|
Proprietary
|
TLS 1.2
|
VM Direct Agent provides capabilities for file-level restore and application-aware protection.
|
Protection engine
|
NAS agent Docker container
|
443
|
HTTPS
|
TLS 1.2
|
Applies for NAS only. Internal only. Blocked by firewall.
|
Protection engine
|
Search cluster
|
14251
|
TCP
|
TLS 1.2
|
Search query REST API endpoint.
|
Protection engine
|
vCenter
|
443
|
HTTPS
|
TLS 1.2
|
Primary management interface for vSphere using the vCenter server, including the vSphere client.
|
Protection engine
|
vCenter
|
7444
|
TCP
|
TLS 1.2
|
Secure token service.
|
Protection engine
|
Protection engine - RabbitMQ
|
4369
|
TCP
|
|
Internal only. Blocked by firewall.
|
Protection engine
|
Protection engine - RabbitMQ
|
5672
|
TCP
|
|
Internal only. Blocked by firewall.
|
Reporting engine
|
PowerProtect Data Manager
|
8443
|
TCP
|
TLS 1.2
|
REST API service for collecting reporting data.
|
Search cluster
|
DD system
|
111
|
TCP
|
No
|
Server DR. Dynamic port detection and mapping. Used only for port verification, not for data.
|
Search cluster
|
DD system
|
2049
|
Proprietary
|
No
|
Server DR NFS connections. Used only for metadata, client name, and indexing, not for backup data.
|
Search cluster
|
DD system
|
2052
|
TCP/UDP
|
No
|
Server DR. NFS mountd, not for data.
|
Source DD system
|
Target DD system
|
111
|
TCP
|
No
|
Dynamic port detection and mapping. Used only for port verification, not for data.
|
Source DD system
|
Target DD system
|
2049
|
Proprietary
|
TLS 1.2
|
|
Source DD system
|
Target DD system
|
2051
|
Proprietary
|
TLS 1.2
|
|
Source DD system
|
Target DD system
|
2052
|
TCP
|
No
|
NFS
mountd, not for data.
|
Target DD system
|
Source DD system
|
111
|
TCP
|
No
|
Dynamic port detection and mapping. Used only for port verification, not for data.
|
Target DD system
|
Source DD system
|
2049
|
Proprietary
|
TLS 1.2
|
|
Target DD system
|
Source DD system
|
2051
|
Proprietary
|
TLS 1.2
|
|
Target DD system
|
Source DD system
|
2052
|
TCP
|
No
|
NFS
mountd, not for data.
|
Update Manager UI
|
PowerProtect Data Manager
|
14443
|
HTTPS
|
TLS 1.2
|
Connects the host that contains the update package to the
PowerProtect Data Manager system.
|
User
|
PowerProtect Data Manager
|
22
|
SSH
|
TLS 1.2
|
SSH for support and administration. Encrypted by private key or optional certificates.
|
User
|
PowerProtect Data Manager
|
80
|
HTTP
|
No
|
Redirect to HTTPS.
|
User
|
PowerProtect Data Manager
|
443
|
HTTPS
|
TLS 1.2
|
Connects the browser host to the
PowerProtect Data Manager system.
|
User
|
PowerProtect Data Manager
|
8443
|
HTTPS
|
TLS 1.2
|
REST API service.
|
User
|
Search Cluster
|
22
|
SSH
|
TLS 1.2
|
SSH for support and administration. Encrypted by private key or optional certificates.
|
User
|
Protection engine
|
22
|
SSH
|
TLS 1.2
|
SSH for support and administration. Encrypted by private key or optional certificates.
|
vCenter
|
ESXi
|
443
|
HTTPS
|
TLS 1.2
|
vSphere client to ESXi/ESX host management connection.
|
vCenter
|
PowerProtect Data Manager
|
443
|
HTTPS
|
TLS 1.2
|
vCenter plug-in UI.
|
vCenter
|
PowerProtect Data Manager
|
8443
|
HTTPS
|
TLS 1.2
|
REST API service.
|
vCenter
|
PowerProtect Data Manager
|
9009
|
HTTPS
|
TLS 1.2/1.3
|
vSphere APIs for Storage Awareness (VASA) provider, storage policy based management (SPBM) service within
PowerProtect Data Manager.
|