Data Backup and Recovery Discussions

SnapCenter - Network Ports and protocols between elements

I am working on the implementation of SnapCenter in a segmented network with secuirty controlled boundaries and therefore need to be really clear on the ports and protocols that need to be opened between the different SnapCentre elements for it to operate.

 

I have the Snapcentre install guide and have reviewed as much information online  as possible but have a couple of things I need to clarify and hope the community can help.

 

1: Install guide infers that the Windows PLug-in requires direct access to the Vcentre server over 443. is this correct?  Seems strange when we have a Vsphere plugin to communicate with Vcentre, and Vmware tools installed. 

 

2: The install guide also states in the requirements for the Windows plug- in that "The communication path needs to be open between the SVM management LIF and the SnapCenter Server.". is this just a comment or a requirement for the windows plugin to be able to communicate withe SVM managment LIF if so on what ports?

 

Appreciate any guidance/clarifications

Thanks

4 REPLIES 4

Re: SnapCenter - Network Ports and protocols between elements

hi bobalon

 

port 443 needs to be open between all plugin hosts (except SCV) towards all SVM's hosting the storage, including snapmirror detainations. For SCV, SC Server of course needs to be able to communicate through the SVM's on incoming port 443

 

Re: SnapCenter - Network Ports and protocols between elements

OK thanks for the response and to be clear

 

Windows and other plugins only require 443 to the SVMs in use, they so not require access to vcentre

 

Vmware plugin requires access to SVMs in use on 443 and vcentre on 443.

 

IS this correct?

 

 

Re: SnapCenter - Network Ports and protocols between elements

Hi Bobalon,

    

The ports for communication between SC server and plugin host is provided in this link --  

http://docs.netapp.com/ocsc-41/topic/com.netapp.doc.ocsc-isg/GUID-6B5E4464-FE9A-4D2A-B526-E6F4298C9550.html?cp=2_0_1_3

Re: SnapCenter - Network Ports and protocols between elements

Let me say that I think that firewall requirements for Snapcenter deployments are excessive.

 

I suppose that there will be good technical reasons behind it, but think about the customer perspective for one moment: Do you think that is reasonable to be mandatory that every single host using snapshot funcionalities shoud be given management access to the SVM?

 

A first look at the documentation suggests that SnapCenter will work the proper way (from my point of view) , that is, the management communications take place only between the snapcenter host and the plug-in hosts and between the snapcenter host and the storage, but sadly appears that it doesn't work that way.

 

This picture is taken from the Snapcenter documentation. I understand that "data" should mean iSCSI or FCP, not HTTPS communications with the SVM.

 

snapcenter_comms.gif

 

Could you please clarify what does"management" refer to in this picture? Thanks in advance.

Forums