Detailed System Requirements
Abstract
This document details the IBM Storage Defender Data Resiliency Service network requirements.
Content
To connect IBM Storage Defender Data Resiliency Service (DRS) as well as the IBM Storage Defender connection manager with storage systems, backup systems and resources the connections need to be configured. This document provide a visualization of all possible connections and a table with the required network settings for those connections.
Use the following links to go to:
Visualization of all connections
Table of network requirements for all connections
The following table details the IBM Storage Defender Data Resiliency Service (DRS) network requirements.
| Description | Source component |
Source Internet Protocol (IP) or Fully Qualified Domain Name (FQDN) |
Target component |
Target IP or FQDN |
Target Port |
Comment |
|---|---|---|---|---|---|---|
| Authentication to IBM Storage Defender | IBM Security Verify | Required for IBM Security Verify core function: ibmstoragedefender.verify.ibm.com idaas-us01a.ice.ibmcloud.com login.ibm.com www.ibm.com Required to enable fonts, analytics, and trust/consent: 1.www.s81c.com awppcivuse1.advanced-web-analytics.com consent.truste.com |
Customer web browser | Customer's end-user of IBM Storage Defender IP or FQDN |
443 TCP (HTTPS) | Allow the source URLs to enable login to IBM Storage Defender Services. This is required even when a customer-provided identity provider (IdP) is in use, because all IBM Storage Defender authentication flows are routed through IBM Security Verify. |
| Single Sign-On (SSO) using customer-provided identity provider (IdP) | IBM Security Verify | ibmstoragedefender.verify.ibm.com idaas-us01a.ice.ibmcloud.com | Customer-provided identity provider (IdP) | Identity provider (IdP) IP or FQDN |
443 TCP (HTTPS) | Required to enable usage of customer-provided identity provider (IdP). Used to exchange of URLs, certificates, and configuration settings between IBM Security Verify and customer-provided identity provider. |
| Dell PowerMax | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
Dell Unisphere for PowerMax | Dell Unisphere IP or FQDN |
443 TCP (HTTPS) | To collect metadata from Dell PowerMax for governance using IBM Storage Defender |
| Domain Name Service (DNS) | all related systems | _ | DNS server | _ | 53 TCP | The connection manager must be able to resolve domain names. |
| IBM Fusion Backup and Restore |
IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
IBM Fusion Cluster OpenShift instance | IBM Fusion UI IP or FQDN |
443 TCP (HTTPS) | IBM Fusion Cluster URL |
| IBM Storage Defender Data Protect | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
IBM Storage Defender Data Protect cluster | all IBM Storage Defender Data Protect cluster node IPs and Virtual IPs or FQDN |
443 TCP (HTTPS) | To collect metadata from connected IBM Storage Defender Data Protect cluster to support governance and enable test recovery operations. |
| IBM Storage Defender Data Protect | VMware vCenter and ESX hosts |
_ | IBM Storage Defender Data Protect cluster | all IBM Storage Defender Data Protect cluster node IPs and Virtual IPs or FQDN |
111 UDP & TCP: NFS Portmapper | Secure Shell (SSH) used for sensor installation REST API used for heartbeats and alerts between sensor and connection manager. Only used if a Defender sensor control node (Ansible Control Node) is used. |
| IBM Storage Defender Data Protect | IBM Storage Defender Data Protect cluster | _ | VMware vCenter and ESX hosts |
Production and clean room VMware vCenter IP or FQDN |
443 TCP 902 TCP: VMware VIX, used for control traffic to ESXi hosts. 902 TCP & 903 TCP: Used for NFC (Network File Copy) traffic for copying VM data. |
Fiber channel or iSCSI needs to be configured between the clean room ESXi host and FlashSystem. |
| IBM Storage Defender Data Resiliency Service | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
IBM Storage Defender Data Managment Service SaaS Instance | *.storage-defender.ibm.com *.cloudfront.net | 443 TCP (HTTPS) | IBM Storage Defender connection manager uses: - WebSocket (Secure) protocol to talk to the DRS, and - HTTPS protocol to download updates from AWS CloudFront. In both cases, the IBM Storage Defender connection manager must be able to connect to the Internet endpoints on port 443 (HTTPS). |
| IBM Storage Defender sensor | VMs with IBM Storage Defender sensors | Virtual machines (used for sensor installation) IP or FQDN |
IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
443 TCP (HTTPS) | REST API used for heartbeats and alerts between sensor and connection manager. See Defender sensor control node. |
| IBM Storage Defender sensor control node (optional) | IBM Storage Defender sensor control node |
IBM Storage Defender sensor control node IP or FQDN |
VMs with IBM Storage Defender sensors | IBM Storage Defender connection manager IP or FQDN |
22 TCP 443 TCP (HTTPS) |
The default sensor control node is included in the connection manager. The dedicated control node is optional. SSH used for sensor installation REST API used for heartbeats and alerts between sensor and connection manager. Only used if a IBM Storage Defender sensor control node (Ansible Control Node) is used. |
| IBM Storage FlashSystem |
IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
IBM Storage FlashSystem management IP |
IBM Storage FlashSystem IP or FQDN |
443 TCP (HTTPS GUI) 7443 TCP (HTTPS GUI) |
To collect metadata from connected IBM Storage FlashSystem to support governance and enable test recovery operations. |
| IBM Storage Insights (Production) | IBM Storage FlashSystem |
_ | IBM Storage Insights Pro SaaS |
*.storageinsights.ibmcloud.com esupport.ibm.com | 443 HTTPS (TCP) | Storage must be registered in IBM Storage Insights Pro. The connection between the IBM Storage Defender DRS tenant and IBM Storage Insights Pro tenant need to be requested. |
| IBM Storage Protect | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
IBM Storage Protect server | IBM Storage Protect server IP or FQDN |
TCPPORT (1500 as default) |
To collect metadata from connected IBM Storage Protect server to support governance and enable test recovery operations. |
| IBM Storage Protect for Oracle client | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
IBM Storage Protect for Oracle client |
IBM Storage Protect system (used for the Oracle client installation) IP or FQDN |
22 TCP | SSH is required by Ansible. Also require access to the IBM Storage Protect server used for backup. |
| SAP HANA | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
SAP HANA | SAP HANA DB server IP or FQDN |
SAP HANA system database Port | Port: Currently DRS supports the connection to SAP HANA system databases only. Also require access to the IBM Storage Protect server used for backup. |
| Network Time Protocol (NTP) | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP |
NTP server(s) | NTP server IP or FQDN |
123 UDP | Resolving failure to connect to Data Resiliency due to clock skew |
| Pure FlashArray | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
Pure Storage FlashArray | Pure Storage FlashArray IP or FQDN |
443 TCP (HTTPS) | To collect metadata from connected Pure FlashArray to support governance. |
| SIEM | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
SIEM: IBM QRadar syslogd |
Qradar server IP or FQDN |
514 (UDP & TCP) | Sending threat alerts to the SIEM solution. |
| SIEM | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
SIEM: Splunk | Splunk server IP or FQDN |
8088 TCP (HTTPS) | Sending threat alerts to the SIEM solution. HTTP Event Collector (HEC) receives data over HTTPS on TCP port. |
| VMware vSphere (Production) | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
Production vCenter | Production VMware vCenter IP or FQDN |
443 TCP (HTTPS) | To collect metadata from connected production VMware vCenter to support governance. |
| VMware vSphere (Clean room) | IBM Storage Defender connection manager | IBM Storage Defender connection manager IP or FQDN |
Clean room vCenter | Clean room VMware vCenter IP or FQDN |
443 TCP (HTTPS) | To collect metadata from connected clean room VMware vCenter to support governance and enable test recovery operations. |
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB69","label":"Storage TPS"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSDR5G6","label":"IBM Storage Defender"},"ARM Category":[{"code":"a8mKe0000008OJNIA2","label":"Support Ref\/CRF"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":""}]
Was this topic helpful?
Document Information
Modified date:
30 September 2025
UID
ibm17245394