Port requirements for Data Domain changed between V12 and V13?

[cstps]

Hi all,

We are currently in the process of a greenfield V13 deployment with Data Domain as a backup target.

We have VBR in a management VLAN, and proxies, gateways and the Data Domain in a separate storage VLAN. As the Data Domain sits in the same VLAN as the gateways, I have not provided our networking team with any specific Data Domain port requirements.

During deployment, we have found that we cannot add the Data Domain to VBR, being careful to ensure that we are only selecting the gateway servers during Data Domain provisioning. Our networks team have looked into this and can see that the VBR host is trying to reach the Data Domain on port 111.

Digging deeper, I have found the following change between V12 and V13:

https://helpcenter.veeam.com/docs/vbr/u ... ver=13#emc
https://helpcenter.veeam.com/archive/ba ... s.html#emc

Keen observers will see that V12 specified the ports are required between the "Backup server OR gateway" whereas V13 specifies "Backup sever, gateway" implying that we now need both. While this aligns with the behaviour we are seeing, it doesn't align with the logic of "only gateway servers talk to the Data Domain" which is the fundamental model of how I understood the gateway to work.

This has some broader implications for our general operating standards in terms of logical separations, so I am keen to better understand this change, if it's intentional and if it can be worked around.

Any advice appreciated - thanks in advance!

Regards,
Chris.

[david.domask]

Hi Chris,

Will research a bit internally, was not aware of this changing on the wording; will confirm the expected and correct requirements, and we'll update the thread once we have more information.

[foggy]

Hi Chris, we took a brief look and so far cannot confirm the behavior you are seeing with the current build. Could you please share the exact VBR build number and backup server and gateway OS versions? Are you sure you're specifying the correct gateway servers when adding the repository? As in the case of autoselect, the role of a gateway is assigned to the backup server itself.

[cstps]

Thanks guys - appreciate the responses.

I can confirm that we were not using automatic selection (that being said, that was when I went and watched over their shoulder during setup - the instance of the VBR host trying to reach the DD on 111 was a separate occasion and I only have the word of the engineers that they weren't using automatic then but I am inclined to believe them)

Regarding build numbers, let me check and come back to you - thank you!

[cstps]

Stand down all - this is an issue at our end.

I suspect the initial issue was in fact "automatic selection" being used (despite assurances to the contrary!) and the subsequent connectivity issues were related to a missing VLAN trunk on a switch that was later added in.

Can confirm that we can now provision DD repositories with no firewall rules between VBR and DD, and the missing "or" from the documentation was a red herring!

Thanks all for your attention to this, foggy and david.domask!