Required communication ports

View a list of communication ports that are required to be open in the firewall when you install Data Protection for VMware.

The ports that are identified in the table reflect a typical installation. A typical installation consists of the following components on the same Windows system:

Data Protection for VMware GUI server
vStorage backup server (data mover)
Windows mount proxy
Tivoli® Storage Manager file restore interface

If a non-typical installation is used, more ports might be required.

Restriction: The Windows mount proxy and Linux mount proxy must be on the same subnet.

Table 1. Required communication ports. This table identifies the ports that are accessed by Data Protection for VMware.
TCP Port	Initiator: Out-Bound (From Host)	Target: In-Bound (To Host)
443	vStorage Backup Server	vCenter Server (secure HTTP)
443	Data Protection for VMware vSphere GUI Server	vCenter Server
443 This setting is required only when the data mover is a Linux system.	Windows mount proxy	vCenter Server
902 443	vCenter Server	ESXi hosts
902 443	vStorage Backup Server (proxy)	ESXi hosts (all protected hosts)
1500 (tcpport)	vStorage Backup Server (proxy)	Tivoli Storage Manager server
1500 (tcpadminport)	Data Protection for VMware vSphere GUI Server 1500 (tcpadminport) is non-SSL communication For SSL communication, tcpadminport is the only port that supports SSL communication with the Tivoli Storage Manager server. The correct port number to use for the SSL protocol is typically the value that is specified by the ssltcpadminport option in the Tivoli Storage Manager server dsmserv.opt file. However, if adminonclient no is specified in the dsmserv.opt file, then the correct port number to use for the SSL protocol is the value that is specified by the ssltcpadminport option. The ssltcpadminport option does not have a default value. Therefore, the value must be specified by the user.	Tivoli Storage Manager server
1527 Internal Derby database
1501 1581 (httpport)	Tivoli Storage Manager server	vStorage Backup Server Backup-archive client scheduler Web client Client Acceptor Daemon
1581 (httpport) 1582, 1583 (webports)	Data Protection for VMware vSphere GUI server	vStorage Backup Server
9080	vSphere Client	Data Protection for VMware vSphere GUI Server (HTTP port for access to vCenter as plug-in)
9081 GUI web server (HTTPS protocol)	vSphere Client	Data Protection for VMware vSphere GUI Server (secure HTTPS port for access to vCenter through web browser)
22 SSH default port for the recovery agent	Recovery agent	Data Protection for VMware Windows "mount" host SSH for Linux recovery agent
3260	Linux Data Protection for VMware file restore	Data Protection for VMware Windows "mount" host iSCSI
3260 iSCSI default port for the recovery agent	Windows target with Dynamic disk for file restore	Data Protection for VMware Windows "mount" host iSCSI