Symptoms
- Site Recovery Manager fails to establish site pairing due to connection termination over port 8095.
- Site Recovery Manager connection to remote site breaks frequently.
Purpose
For the list of default ports that all VMware products use, see TCP and UDP Ports required to access vCenter Server, ESXi/ESX hosts, and other network components (1012382).
Resolution
- Site Recovery Manager 5.x and vSphere Replication 1.0.x and 5.x network ports
- vCenter Server and ESXi 5.x network ports that SRM requires
- SRM Server 5.x network ports
- vSphere Replication Appliance 5.x network ports
- vSphere Replication Management Server 1.0.x network ports
- vSphere Replication Server 1.0.x and 5.x network ports
- Network ports that must be open between the SRM and vSphere Replication protected and recovery sites
- Site Recovery Manager 1. to 4.1.x Network Ports
- When troubleshooting SRM and vSphere Replication pairing and testing issues, eliminate firewalls and security applications as a possible cause of the problem by temporarily disabling or removing the software or item in question.
- If you are using a VPN adapter such as SonicWALL or Juniper, ensure that the timeout setting is set to the maximum for any tunnel that is open on the required ports.
Site Recovery Manager 5.x and vSphere Replication 1.0.x and 5.x network ports
The different components that make up SRM and vSphere Replication deployments, namely vCenter Server, SRM Server, the vSphere Replication appliance, and vSphere Replication servers, require different ports to be open.Image of the ports that SRM and vSphere Replication use:
Note: For the full size image and other graphic representations of the port relationships, see the images attached at the bottom of this article.
vCenter Server and ESXi 5.x network ports that SRM requires
SRM and vSphere Replication require certain ports to be open on vCenter Server:| Default Port | Protocol or Description | Source | Target | Description |
| 80 | HTTP | SRM | Remote vCenter Server | All management traffic to SRM Server goes to port 80 on the vCenter Server proxy system. |
| 443 | HTTPS | SRM | vCenter Server | Default SSL Web port |
| 902 | TCP | SRM | Remote ESXi host | Traffic from the SRM Server on the recovery site to ESX hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port. |
SRM Server 5.x network ports
The SRM Server instances on the protected and recovery sites require certain ports to be open.Note: SRM Server at the recovery site must have NFC traffic access to the target ESXi servers.
| Default Port | Protocol or Description | Source | Target | Endpoints or Consumers |
| 80 | TCP | SRM | Remote vCenter Server | All management traffic to SRM Server goes to port 80 on the vCenter Server proxy system. |
| 80 | TCP | SRM | Local vCenter Server | Management traffic to the local vSphere Replication management server (VRMS) goes to port 80 on the local vCenter Server proxy system. |
| 443 | TCP | SRM | vCenter Server | Default SSL Web Port for incoming TCP traffic |
| 902 | TCP and UDP | SRM | Remote ESXi host | Traffic from the SRM Server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port. |
| 1433 | TCP | SRM | Microsoft SQL Server | SRM connectivity to Microsoft SQL Server (for SRM database) |
| 1521 | TCP | SRM | Oracle Database Server | SRM database connectivity to Oracle |
| 1526 | TCP | SRM | Oracle Database Server | SRM database connectivity to Oracle |
| 5000 | TCP | SRM | IBM DB2 Database Server | SRM database connectivity to IBM DB2 |
| 8095 | SOAP | vCenter Server and vSphere Client | SRM | From the vCenter Server proxy to the SRM Server (intrasite only). |
| 9007 | TCP | SRM External API Client | SRM | Used by external API clients for task automation. |
| 9085 | HTTP | vCenter Server | SRM | HTTP interface for downloading the UI plug-in and icons. This port must be accessible from the vCenter Server proxy system. |
| 9086 | HTTPS | vCenter Server | SRM | SRM client plug-in download between the vCenter Server proxy and SRM. |
vSphere Replication Appliance 5.x network ports
The vSphere Replication appliance requires certain ports to be open. In SRM 5.1 and later and vSphere Replication 5.x, vSphere Replication is shipped as a combined appliance that contains both the vSphere Replication management server (VRMS) and a vSphere Replication server. SRM 5.x allows you to deploy additional vSphere Replication servers.Note: vSphere Replication management servers must have NFC traffic access to target ESXi hosts.
| Default Port | Protocol or Description | Source | Target | Endpoints or Consumers |
| 80 | TCP | vSphere Replication appliance | Remote vCenter Server | All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system. |
| 80 | HTTP | vSphere Replication appliance | Remote ESXi host | Used to establish the connection before initial replication starts |
| 902 | TCP and UDP | vSphere Replication server in the vSphere Replication appliance | Remote ESXi host | Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts. |
| 5480 | vSphere Replication appliance virtual appliance management interface (VAMI) Web UI (vSphere Replication 5.x) | Browser | vSphere Replication 5.x appliance | Administrator's Web browser. |
| 8043 | SOAP | vCenter Server Proxy | vSphere Replication appliance | From the vCenter Server proxy to the vSphere Replication appliance (intrasite only). |
| 8123 | SOAP | vSphere Replication appliance | vSphere Replication server | Management traffic from the vSphere Replication appliance to additional vSphere Replication servers (intrasite only). |
| 31031 | Initial replication traffic | ESXi host on primary site | vSphere Replication server in the vSphere Replication appliance | From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site. |
| 44046 | Ongoing replication traffic | ESXi host on primary site | vSphere Replication server in the vSphere Replication appliance | From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site. |
vSphere Replication Management Server 1.0.x network ports
The vSphere Replication appliance requires certain ports to be open. SRM 5.0.x includes vSphere Replication 1.0.x. In vSphere Replication 1.0.x, vSphere Replication consists of a vSphere Replication management server (VRMS) appliance and one or more vSphere Replication servers.Note: vSphere Replication management servers must have NFC traffic access to target ESXi hosts.
| Default Port | Protocol or Description | Source | Target | Endpoints or Consumers |
| 80 | TCP | vSphere Replication management server | Remote vCenter Server | All management traffic to the vSphere Replication management server goes to port 80 on the vCenter Server proxy system. |
| 80 | HTTP | vSphere Replication management server | Remote ESXi host | Used to establish the connection before initial replication starts |
| 902 | TCP and UDP | vSphere Replication management server and vSphere Replication server | Remote ESXi host | Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts. |
| 8043 | SOAP | vCenter Server Proxy | vSphere Replication management server | From the vCenter Server proxy to the vSphere Replication management server (intrasite only). |
| 8080 | VRMS virtual appliance management interface (VAMI) Web UI | Browser | VRMS 1.0.x | Administrator's Web browser. |
| 8123 | SOAP | vSphere Replication management server | vSphere Replication server | Management traffic from the vSphere Replication management server to the vSphere Replication servers (intrasite only). |
vSphere Replication Server 1.0.x and 5.x network ports
The vSphere Replication 5.x appliance contains a vSphere Replication server. You can deploy additional vSphere Replication servers if you use vSphere Replication 5.1 with SRM 5.1 or if you use vSphere Replication 5.5. You cannot deploy additional vSphere Replication servers if you use vSphere Replication 5.1 without SRM.SRM 5.0.x includes vSphere Replication 1.0.x. In vSphere Replication 1.0.x, vSphere Replication consists of a vSphere Replication management server (VRMS) appliance and one or more vSphere Replication server appliances that you deploy separately from the VRMS.
If you deploy additional vSphere Replication servers, ensure that the subset of the ports that vSphere Replication servers require are open on those servers.
| Default Port | Protocol or Description | Source | Target | Endpoints or Consumers |
| 902 | TCP and UDP | vSphere Replication server | Remote ESXi host | Traffic (specifically the NFC service to the destination ESXi servers) between the vSphere Replication server and the ESXi hosts on the same site. |
| 5480 | VAMI Web UI for any additional vSphere Replication servers | Browser | vSphere Replication server | Administrator's Web browser. |
| 8123 | SOAP | vSphere Replication management server | vSphere Replication server | Management traffic from the vSphere Replication appliance or VRMS to the vSphere Replication servers (intrasite only). |
| 31031 | Initial replication traffic | ESXi host on primary site | vSphere Replication server | From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site. |
| 44046 | Ongoing replication traffic | ESXi host on primary site | vSphere Replication server | From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site. |
Network ports that must be open between the SRM and vSphere Replication protected and recovery sites
SRM and vSphere Replication require that the protected and recovery sites can communicate.| Port | Protocol or Description | Source | Target | Endpoints or Consumers |
| 80 | SOAP | SRM and vSphere Replication appliance or VRMS | Remote vCenter Server | Management traffic between SRM Server instances and vSphere Replication appliances or VRMS. |
| 8043 | SOAP | vSphere Client | vSphere Replication appliance 5.x or VRMS 1.0.x | To allow the SRM UI to verify vSphere Replication appliance or VRMS certificates. |
| 8095 | SOAP | vSphere Client | SRM | To allow the SRM UI to verify SRM Server certificates. |
| 31031 | Initial replication traffic | ESXi host | vSphere Replication appliance 5.x or vSphere Replication server | From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site. |
| 44046 | Ongoing replication traffic | ESXi host | vSphere Replication appliance 5.x or vSphere Replication server | From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site. |
Site Recovery Manager 1.0 - 4.1.x network ports
- VMware VirtualCenter/vCenter Server:
- 80 – HTTP
- 443 – SSL interface
- 902 – VMware
- 8096 – Tomcat
Note: The vSphere Client must be able to communicate with vCenter Server through ports 8095 and 9007 for the SRM plug-in to function. - VMware Site Recovery Manager:
- 80 – HTTP
- 8095 – SOAP interface between the vCenter Server proxy and SRM
- 8096 – HTTP Listen
- 9007 – SOAP interface for external API clients
- 9008 – HTTP Listen
Note: The vSphere Client must be able to communicate with both SRM servers through port 8095 for the SRM plug-in to function.
Source:-
No comments:
Post a Comment