Every time I do a Site Recovery Manager jumpstart or start a project the same questions pops up. What port numbers must be open for SRM and VirtualCenter / vCenter Server to be able to communicate?
The following ports are used for the respective products and must be open for remote communication:
VMware VirtualCenter / vCenter Server:
- 80 (HTTP)
- 443 (SSH)
- 902 (VMware)
- 8096 (Tomcat)
VMware Site Recovery Manager:
- 80 (HTTP)
- 8095 (SOAP Listen)
- 8096 (HTTP Listen)
- 9007 (API Listen)
- 9008 (HTTP Listen)
443 SSH ? SSL?
Big D, can you doublecheck that?
Thank you,
Jas
Update Manager Ports included in that lot?
443 = https
22 = SSH
Cheers
David
We don’t actually switch from port 80 to port 443, but we do switch to using SSL. Initially an http CONNECT request is sent unencrypted through the firewall to port 80. That CONNECT causes a second connection to be established from the process that listens on port 80 to the actual back-end server. The connection succeeds if the request is valid and the server is up. From that point on any bytes that arrive on port 80 are forwarded blindly to the server and any bytes arriving from the server connection are forwarded blindly to the client. The client initiates an SSL handshake over the tunnel and from that point on the interaction between the client and the server is in the form of HTTP requests over SSL.
HTH!
One item that I missed mentioning above is that the port 80 shown in SRM’s list is potentially confusing because it actually refers to port 80 on the server where vCenter server is run. SRM itself does not listen on port 80. The tunnel support is part of vCenter server.
Duncan,
Although not technically SRM to vCenter communication, I recently discovered that the recovery site SRM server must be able to directly connect to ESX hosts over 902 when you have VMs with RDMs or are doing IP customization. We had major issues, finally identified via Wireshark, and SRM engineering confirmed. I just posted about it over at my site.
Andy
Hi, this KB points to a different article.
it points to “VMware Consolidated Backup fails after upgrading VirtualCenter”
I have an issue because I have a private IP address associated with my Primary vcenter server and a public ip for my Backup/DR site vcenter and it can’t establish reciprocity during remote site connection. Is my that because I don’t have those ports open? It doesn’t send my private IP when trying to establish correct?