PowerCLI through a firewall to 6.5 ver VCSA and PS...

brentcochran1 · ‎10-19-2017

Hello Community - in the (very audacious) hope of inputting my firewall change once, I'm hoping someone has experience with using PCLI through a firewall to gather data from a 6.5 VCSA. We are running a single vcsa with embedded db, and (2) stand-alone PSCs (active|passive config). I'm not exactly sure if I need to open ACLs into the PSCs as well as VCSA. I am only gathering inventory data, so I shouldn't need to the ports for opening console connections, or invoking scripts on the guest virtual machines, or anything as exotic as that.

opt 1:

source: source IP of PCLI server

dest: vcsa

tcp ports: 443, 10443

opt 2:

source: source IP of PCLI server

dest: vcsa, psc1, psc2

tcp ports: 443, 10443

opt 3:

is it really something COMPLETELY different?

Thanks in advance!

Brent

LucD · ‎10-19-2017

Afaik port 10443 is pre-vSphere 6, and if you don't need Invoke-VMScript or Open-VMConsoleWindow, I would assume 80 and 443 to the VCSA should be sufficient.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

brentcochran1 · ‎10-20-2017

Thanks LucD! Just to be clear though, I'll be logging on with an AD account, so I will need to leverage the LDAP integration from the PSC. I suppose it's totally possible that the vcsa can proxy that communication, but logging in through the web client doesn't. At logon, you can see your browser redirect through the psc. I can certainly give it a shot without opening those ports, but would really prefer to run through the process once.

LucD · ‎10-20-2017

From Required Ports for vCenter Server and Platform Services Controller it looks as if you would need to open 389 in that case.

If you want to query the Global Catalog you would need port 3268

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

PowerCLI through a firewall to 6.5 ver VCSA and PSC