Product SiteDocumentation Site

13.7. Topology Requirements

13.7.1. Security Requirements

The public Internet must not be able to access port 8096 or port 8250 on the Management Server.

13.7.2. Runtime Internal Communications Requirements

  • The Management Servers communicate with each other to coordinate tasks. This communication uses TCP on ports 8250 and 9090.
  • The console proxy VMs connect to all hosts in the zone over the management traffic network. Therefore the management traffic network of any given pod in the zone must have connectivity to the management traffic network of all other pods in the zone.
  • The secondary storage VMs and console proxy VMs connect to the Management Server on port 8250. If you are using multiple Management Servers, the load balanced IP address of the Management Servers on port 8250 must be reachable.

13.7.3. Storage Network Topology Requirements

The secondary storage NFS export is mounted by the secondary storage VM. Secondary storage traffic goes over the management traffic network, even if there is a separate storage network. Primary storage traffic goes over the storage network, if available. If you choose to place secondary storage NFS servers on the storage network, you must make sure there is a route from the management traffic network to the storage network.

13.7.4. External Firewall Topology Requirements

When external firewall integration is in place, the public IP VLAN must still be trunked to the Hosts. This is required to support the Secondary Storage VM and Console Proxy VM.

13.7.5. Advanced Zone Topology Requirements

With Advanced Networking, separate subnets must be used for private and public networks.

13.7.6. XenServer Topology Requirements

The Management Servers communicate with XenServer hosts on ports 22 (ssh), 80 (HTTP), and 443 (HTTPs).

13.7.7. VMware Topology Requirements

  • The Management Server and secondary storage VMs must be able to access vCenter and all ESXi hosts in the zone. To allow the necessary access through the firewall, keep port 443 open.
  • The Management Servers communicate with VMware vCenter servers on port 443 (HTTPs).
  • The Management Servers communicate with the System VMs on port 3922 (ssh) on the management traffic network.

13.7.8. KVM Topology Requirements

The Management Servers communicate with KVM hosts on port 22 (ssh).

13.7.9. LXC Topology Requirements

The Management Servers communicate with LXC hosts on port 22 (ssh).