above answer is for SRM Intrasite (local VC and SRM) communications
Here are SRM site-to-site communications:
SRM talks to local VC via 443 and 8095
SRM talks to remote VC via 443
SRM talks to remote SRM via proxy through the remote VC server with 8095
I could be mistaken but I think SRM actually uses SSL over port 80 to connect to VC.
Duncan
If you find this information useful, please award points for "correct" or "helpful".
One of the things i note in my book on SRM is how the comms to the VC when you go thru the pairing process say 80, but after the pairing process the UI says 443:
Your also challenge with various certificates warnings.,..
One of things I was unclear about is when VMware use certs to validate the ID of the server, and when they use certs to encrypt the data stream...
For example Port 902 is a well-know port, and although SSL is used during authentication (say from client to VC) once the username/password has been passed the rest is clear text unencrypted...
I believe SRM is doing this most of the time....
Regards
Mike
Your protected site and recovery site SRM servers communicate to each other using their local vCenter sever as the proxy. This means the two vCenter servers need to be able to talk to each other over port 80 by default. When the SRM servers initiate communication they send a HTTP_CONNECT request over this link to perform an ssl handshake. After this the vCenter server forwards all bytes between the client and the SRM server including the ssl handshake.
I used this commands to disable the ESX server firewalls.
esxcfg-firewall -q -allowIncoming
Restart the following services
service mgmt-vmware restart
service vmware-vpxa restart
And it works for me pretty well....
This means the two vCenter servers need to be able to talk to each other over port 80 by default.
This isn't quite correct; the two vCenter servers don't send any data between them. Instead, an SRM server at site A communicates with his partner at site B via the vCenter proxy on site B. Communication in the opposite direction flows through site A's proxy. In other words, each packet between SRM servers flows through only one vCenter proxy - the one at the destination site.
So, each SRM server needs to be able to communicate with both vCenter servers, but the vCenter servers don't need to be able to talk to one another, nor the SRM servers to each other.
