VMware Cloud Community
Greystone12
VMware Employee
VMware Employee

SRM Ports

Hi,

Can anyone tell me which ports are used in an SRM implementation. I have two sites with a firewall between sites. Each site has a VC and SRM etc. So it would be usefull to know what ports I need to open up.

Many thanks

Tags (2)
Reply
0 Kudos
7 Replies
mullo
Contributor
Contributor

Hi,

SRM Admin Guide () suggests SRM communicates on the following ports.

SRM Communications SOAP port (default 8095)

SRM Client Download HTTP port (default 8096)

SRM External API SOAP port (default 9007)

Hope this helps.

Reply
0 Kudos
LifeGood
Enthusiast
Enthusiast

above answer is for SRM Intrasite (local VC and SRM) communications

Here are SRM site-to-site communications:

SRM talks to local VC via 443 and 8095

SRM talks to remote VC via 443

SRM talks to remote SRM via proxy through the remote VC server with 8095

Reply
0 Kudos
depping
Leadership
Leadership

I could be mistaken but I think SRM actually uses SSL over port 80 to connect to VC.

Duncan

Blogging:

If you find this information useful, please award points for "correct" or "helpful".

Reply
0 Kudos
Michelle_Laveri
Virtuoso
Virtuoso

I could be mistaken but I think SRM actually uses SSL over port 80 to connect to VC.

Duncan

Blogging:

If you find this information useful, please award points for "correct" or "helpful".

One of the things i note in my book on SRM is how the comms to the VC when you go thru the pairing process say 80, but after the pairing process the UI says 443:

Your also challenge with various certificates warnings.,..

One of things I was unclear about is when VMware use certs to validate the ID of the server, and when they use certs to encrypt the data stream...

For example Port 902 is a well-know port, and although SSL is used during authentication (say from client to VC) once the username/password has been passed the rest is clear text unencrypted...

I believe SRM is doing this most of the time....

Regards

Mike

Regards
Michelle Laverick
@m_laverick
http://www.michellelaverick.com
Reply
0 Kudos
Smoggy
VMware Employee
VMware Employee

Your protected site and recovery site SRM servers communicate to each other using their local vCenter sever as the proxy. This means the two vCenter servers need to be able to talk to each other over port 80 by default. When the SRM servers initiate communication they send a HTTP_CONNECT request over this link to perform an ssl handshake. After this the vCenter server forwards all bytes between the client and the SRM server including the ssl handshake.

Reply
0 Kudos
Narein
Contributor
Contributor

I used this commands to disable the ESX server firewalls.

esxcfg-firewall -q -allowIncoming

Restart the following services

service mgmt-vmware restart

service vmware-vpxa restart

And it works for me pretty well....

Reply
0 Kudos
GRedner
Enthusiast
Enthusiast

This means the two vCenter servers need to be able to talk to each other over port 80 by default.

This isn't quite correct; the two vCenter servers don't send any data between them. Instead, an SRM server at site A communicates with his partner at site B via the vCenter proxy on site B. Communication in the opposite direction flows through site A's proxy. In other words, each packet between SRM servers flows through only one vCenter proxy - the one at the destination site.

So, each SRM server needs to be able to communicate with both vCenter servers, but the vCenter servers don't need to be able to talk to one another, nor the SRM servers to each other.

Reply
0 Kudos