Skip to main content

Hi,

i have a question about the implementation of some VSA proxy in hotadd mode only on vmware VSAN.

it is really needed to open network port 902 between VSA proxy and ESX host ? 

can we only open port 902 between Vcenter / media agent /vsa ?

in my undestanding the port 902 is only use in NBD/NBDSSL mode as a fallback mode when other transport mode are not available.

regards,

Christophe

I’d like to revive this one, because I too am questioning under exactly what circumstances port 902 is required.

BACKGROUND: My network guys are struggling to set up 902 in and amongst the allowable rulesets to ESXi in a VM cloud environment. When I look back at some of the on premise environments I set up with 902, and have VM backups working on, I note that a cvping from the VSA to ESXi hosts results in ‘connection refused’, yet this seems to have no ill effect on the running of the hot add backups.

I also see slightly different emphases on different documentation pages i.e.:

Port Requirements for Commvault suggests that the ESX to VSA rule is required in all circumstances.

How to configure your network for the Virtual Server Agent - YouTube though showing it as a required port, says that this is for VMWare NFC usage, which would hint that the requirement may be transport mode dependent.

Connecting to the Virtual Machine Console Through a Firewall (vmware.com) VMWare suggests a few use cases, some inbound / some outbound, generally around communication between guests, hosts and the vCenters and slightly different between vSphere versions.

 

Given I have backups working even when port 902 refuses connection, can anyone re-clarify the exact scope of the port 902 requirement? 

HI,

Thank you for the answers. 

i was expecting that communication on port 902 of a VSA hosted on a ESX wasn’t mandatory. but i have the confirmation and i also have take a look in the vixdisklib.log and there is a NFC call on port 902:

66143 10933 03/24 17:33:38 20738 Opening file ivsandatastore] 1398e05e-1e7d-9c7c-9cc6-34800d5e9a04/dvclividm001_2.vmdk (vpxa-nfc://cvsandatastore] 1398e05e-1e7d-9c7c-9cc6-34800d5e9a04/dvclividm001_2.vmdk@dvzazesxiu0001.xxxxxxxx.fr:902)  

many thanks

kind regards,

You should have all the info you need here, but sharing these videos in case you find them useful!

 

 

 

Yes, from VSA proxies to vCenter and ESXi server 443 port for web services and TCP/IP with 902 to ESXi servers required. please refer to port requirements section in below system requirements in VMware BOL page.

https://documentation.commvault.com/commvault/v11_sp20/article?p=3368.htm

 

Regards

Gopinath

The port requirement is from VMware. 443 to the vcenter\esx and 902 to the esx host(s).

 

https://documentation.commvault.com/commvault/v11_sp20/article?p=32026_1.htm

Reply


Terms & ConditionsCookie settings