Required communication ports

View a list of communication ports that are required to be open in the firewall when you install Data Protection for VMware.

The ports that are identified in the table reflect a typical installation. A typical installation consists of the following components on the same Windows system:
  • Data Protection for VMware GUI server
  • vStorage backup server (data mover)
  • Windows mount proxy
  • IBM Spectrum Protect file restore interface
If a non-typical installation is used, more ports might be required.
Restriction: The Windows mount proxy and Linux mount proxy must be on the same subnet.
Table 1. Required communication ports. This table identifies the ports that are accessed by Data Protection for VMware.
TCP Port Initiator: Out-Bound (From Host) Target: In-Bound (To Host)
443 vStorage Backup Server vCenter Server (secure HTTP)
443 Data Protection for VMware vSphere GUI Server vCenter Server
443

This setting is required only when the data mover is a Linux system.

 Windows mount proxy vCenter Server
443 vStorage Backup Server Platform Services Controller
443 Data Protection for VMware vSphere GUI Server Platform Services Controller
443 Windows mount proxy Platform Services Controller

902

443

 vCenter Server ESXi hosts

902

443

 vStorage Backup Server (proxy) ESXi hosts (all protected hosts)

1500


(tcpport)		 vStorage Backup Server (proxy) IBM Spectrum Protect server

1500


(tcpadminport)		 Data Protection for VMware vSphere GUI Server
  • 1500 (tcpadminport) is non-SSL communication
  • For SSL communication, tcpadminport is the only port that supports SSL communication with the IBM Spectrum Protect server. The correct port number to use for the SSL protocol is typically the value that is specified by the ssltcpadminport option in the IBM Spectrum Protect server dsmserv.opt file. However, if adminonclient no is specified in the dsmserv.opt file, then the correct port number to use for the SSL protocol is the value that is specified by the ssltcpadminport option. The ssltcpadminport option does not have a default value. Therefore, the value must be specified by the user.
 IBM Spectrum Protect server
1527

Internal Derby database

    

1501

1581


(httpport)		 IBM Spectrum Protect server vStorage Backup Server
  • Data mover scheduler
  • Web client
  • Client Acceptor Daemon

1581


(httpport)

1582, 1583


(webports)		 Data Protection for VMware vSphere GUI server vStorage Backup Server
9081

GUI web server (HTTPS protocol)

 vSphere Client Data Protection for VMware vSphere GUI Server (secure HTTPS port for access to vCenter through web browser)
22

SSH default port for the recovery agent

 Recovery agent Data Protection for VMware Windows "mount" host
  • SSH for Linux recovery agent
3260 Linux Data Protection for VMware file restore Data Protection for VMware Windows "mount" host
  • iSCSI
3260

iSCSI default port for the recovery agent

 Windows target with Dynamic disk for file restore Data Protection for VMware Windows "mount" host
  • iSCSI
5985 File restore GUI operations Windows Remote Management
135 Windows mount proxy VMware virtual machine that contains the files to be restored with the IBM Spectrum Protect file restore interface