Solved

hotadd port requirments in vmware

  • 22 March 2021
  • 5 replies
  • 2727 views

Userlevel 2
Badge +7

Hi,

i have a question about the implementation of some VSA proxy in hotadd mode only on vmware VSAN.

it is really needed to open network port 902 between VSA proxy and ESX host ? 

can we only open port 902 between Vcenter / media agent /vsa ?

in my undestanding the port 902 is only use in NBD/NBDSSL mode as a fallback mode when other transport mode are not available.

regards,

Christophe

icon

Best answer by Aplynx 22 March 2021, 17:50

View original

5 replies

Badge

I’d like to revive this one, because I too am questioning under exactly what circumstances port 902 is required.

BACKGROUND: My network guys are struggling to set up 902 in and amongst the allowable rulesets to ESXi in a VM cloud environment. When I look back at some of the on premise environments I set up with 902, and have VM backups working on, I note that a cvping from the VSA to ESXi hosts results in ‘connection refused’, yet this seems to have no ill effect on the running of the hot add backups.

I also see slightly different emphases on different documentation pages i.e.:

Port Requirements for Commvault suggests that the ESX to VSA rule is required in all circumstances.

How to configure your network for the Virtual Server Agent - YouTube though showing it as a required port, says that this is for VMWare NFC usage, which would hint that the requirement may be transport mode dependent.

Connecting to the Virtual Machine Console Through a Firewall (vmware.com) VMWare suggests a few use cases, some inbound / some outbound, generally around communication between guests, hosts and the vCenters and slightly different between vSphere versions.

 

Given I have backups working even when port 902 refuses connection, can anyone re-clarify the exact scope of the port 902 requirement? 

Userlevel 2
Badge +7

HI,

Thank you for the answers. 

i was expecting that communication on port 902 of a VSA hosted on a ESX wasn’t mandatory. but i have the confirmation and i also have take a look in the vixdisklib.log and there is a NFC call on port 902:

66143 10933 03/24 17:33:38 20738 Opening file [vsandatastore] 1398e05e-1e7d-9c7c-9cc6-34800d5e9a04/dvclividm001_2.vmdk (vpxa-nfc://[vsandatastore] 1398e05e-1e7d-9c7c-9cc6-34800d5e9a04/dvclividm001_2.vmdk@dvzazesxiu0001.xxxxxxxx.fr:902)  

many thanks

kind regards,

Userlevel 7
Badge +23

You should have all the info you need here, but sharing these videos in case you find them useful!

 

 

 

Userlevel 5
Badge +8

Yes, from VSA proxies to vCenter and ESXi server 443 port for web services and TCP/IP with 902 to ESXi servers required. please refer to port requirements section in below system requirements in VMware BOL page.

https://documentation.commvault.com/commvault/v11_sp20/article?p=3368.htm

 

Regards

Gopinath

Userlevel 6
Badge +13

The port requirement is from VMware. 443 to the vcenter\esx and 902 to the esx host(s).

 

https://documentation.commvault.com/commvault/v11_sp20/article?p=32026_1.htm

Reply