-
mprobst
- Lurker
- Posts: 2
- Liked: never
- Joined: Aug 25, 2009 10:22 pm
- Full Name: Michael Probst
- Contact:
ports required for 4.5.2 through firewall
do we need to allow anything besides SSH to pass between the VEM server and the ESX hosts? we are adding a few ESX hosts in our DMZ. the ESX hosts will connect to the production virtual center which is on same side of firewall as VEM server, but the ESX hosts will be behind a firewall. I am workign on port list for VMware, but cannot find anything on what ports are needed for nworks. I am guessing SSH to monitor local file system, but what else is required?
-
Nick.Kordich
- Enthusiast
- Posts: 89
- Liked: never
- Joined: Apr 09, 2009 9:09 pm
- Full Name: Nick Kordich
- Contact:
Re: ports required for 4.5.2 through firewall
Hello Michael,
Up to three ports may be used between the ESX host and the collector:
[*] Port 443 (TCP) - VI SDK
The VI SDK connection is HTTPS-based, and used for collecting Metrics and Events. If you are monitoring metrics and events through the VC server, you do not need to enable this between the collector and ESX host as well.
[*] Port 22 (TCP) - SSH
The SSH connection is used to monitor the filesystem space available on the Linux Console OS, if you have checked this option. This may also require configuring the account, as described in our FAQ: http://tinyurl.com/2k99e6
[*] Port 514 (UDP) - Syslog
The syslog connection allows the collector to receive messages written by the vmkernel or HP SIM agent to the syslog daemon. This was the primary means of monitoring ESX for hardware failures before we added CIM/SMASH support in version 4.5, and has become somewhat less important because hardware data can now be obtained through the VI SDK. The syslog daemon on the ESX host needs to be configured, as described in the 4.5.2 Administrator Guide or the 5.0.0 Operations Guide (Appendix E for OMW, or Appendix C for OMU).
The collector can be configured to work on non-standard ports, which may be necessary, depending on your firewall's configuration.
Up to three ports may be used between the ESX host and the collector:
[*] Port 443 (TCP) - VI SDK
The VI SDK connection is HTTPS-based, and used for collecting Metrics and Events. If you are monitoring metrics and events through the VC server, you do not need to enable this between the collector and ESX host as well.
[*] Port 22 (TCP) - SSH
The SSH connection is used to monitor the filesystem space available on the Linux Console OS, if you have checked this option. This may also require configuring the account, as described in our FAQ: http://tinyurl.com/2k99e6
[*] Port 514 (UDP) - Syslog
The syslog connection allows the collector to receive messages written by the vmkernel or HP SIM agent to the syslog daemon. This was the primary means of monitoring ESX for hardware failures before we added CIM/SMASH support in version 4.5, and has become somewhat less important because hardware data can now be obtained through the VI SDK. The syslog daemon on the ESX host needs to be configured, as described in the 4.5.2 Administrator Guide or the 5.0.0 Operations Guide (Appendix E for OMW, or Appendix C for OMU).
The collector can be configured to work on non-standard ports, which may be necessary, depending on your firewall's configuration.
-
mprobst
- Lurker
- Posts: 2
- Liked: never
- Joined: Aug 25, 2009 10:22 pm
- Full Name: Michael Probst
- Contact:
Re: ports required for 4.5.2 through firewall
I am guessing 443 is VEM server to ESX host, and 514 is ESX host to VEM server? or is traffic initiated from both sides for either protocol?
-
Nick.Kordich
- Enthusiast
- Posts: 89
- Liked: never
- Joined: Apr 09, 2009 9:09 pm
- Full Name: Nick Kordich
- Contact:
Re: ports required for 4.5.2 through firewall
You are correct in your guess: the VI SDK (443) and SSH (22) connections are initiated by the VEM to the host, while Syslog (514) is initated by the host to the VEM.
Who is online
Users browsing this forum: No registered users and 1 guest