You are on page 1of 12

EMC® Secure Remote Services

Release 3.04

Port Requirements
Rev 02
March 23, 2015

This document contains supplemental information about the EMC
Secure Remote Services v3.04 (ESRS v3.04). ESRS v3.04 is the virtual
edition of ESRS. This document includes the following topics:




Communication between ESRS and EMC ........................................ 2
Communication between ESRS and Policy Manager ..................... 2
Communication between ESRS and devices .................................... 2
Port requirements for ESRS and Policy Manager (PM) servers..... 4
Port requirements for devices............................................................. 6

Note: Some ports used by ESRS and devices may be registered for use by other
parties, or may not be registered by EMC. EMC is addressing these registration
issues. In the meantime, be aware that all ports listed for use by the ESRS servers
and devices will be in use by the EMC applications listed.

1

Figure 1 on page 3 shows the communication paths. ESRS secures remote access connections to your EMC® devices by using a session-based IP port-mapped solution. The protocol/ports number and direction are identified relative to the ESRS servers and storage devices. These tables identify the installation site network firewall configuration open-port requirements for ESRS. Figure 1 on page 3 shows the communication paths. These tables identify the installation site network firewall configuration open-port requirements for ESRS IP. you must configure your external network and/or firewalls to allow traffic over the specific ports as shown in Table 1 on page 4. The protocol/ports number and 2 EMC Secure Remote Services Port Requirements . Communication between ESRS and Policy Manager To enable communication between ESRS and Policy Manager. ESRS brokers Connect Home file transfers from your managed devices that support connect-home through ESRS. ensuring secure transport. and auditing for those transfers. Communication between ESRS and devices There are two connection requirements between the ESRS server and your managed devices: The first is the communication between ESRS and your managed devices for remote access connections. you must configure your internal firewalls to allow traffic over the specific ports as shown in Table 1 on page 4 and Table 2 on page 6. These tables identify the installation site network firewall configuration open-port requirements for ESRS. you must configure your internal firewalls to allow traffic over the specific ports as shown in Table 1 on page 4. The second communication requirement is between ESRS and your managed devices for Connect Home messages. To enable communication between ESRS and your devices.Communication between ESRS and EMC Communication between ESRS and EMC To enable communication between your EMC Secure Remote Services (ESRS) and EMC. authorization. The protocol/ports number and direction are identified relative to the ESRS servers and storage devices.

Note: See Primus emc169001. Figure 1 Port diagram for generic EMC managed product EMC Secure Remote Services Port Requirements 3 .emc.” You can access this Primus at support. “What IP addresses are used by the EMC Secure Remote Services IP Solution.com or in Appendix D of the ESRS Release 3.direction are identified relative to the ESRS servers and storage devices.04 Operations Guide. Figure 1 on page 3 shows the communication paths.

there will be a significant decrease in remote support performance. identified as “Inbound from ESRS Virtual Edition (VE) server” to Managed device HTTP (configurable) Default = 8090 to Client service Policy Manager Outbound HTTPS 8443 4 EMC Secure Remote Services Port Requirements Client service .com. Passive Port Range in FTP is set to 21 and 5400 5400–5413 through 5413.234.45 990 Port 990 for Supports ConnectHome failover if the ESRS Channel Outbound ConnectHom is unavailable e failover (if configured) FTPS to EMC FEP SMTP 25 for May use the customer’s e-mail server to relay the ConnectHom ConnectHome or may send directly to EMC e failover (if configured) to EMC through customer’s mail server Outbound HTTPS 443 Use of HTTPS for service notifications inbound is Inbound dependent on the version of ConnectEMC used by the managed device.Port requirements for ESRS and Policy Manager (PM) servers Port requirements for ESRS and Policy Manager (PM) servers Table 1 on page 4 lists the port requirements as follows: Table 1 Port requirements for ESRS and Policy Manager servers EMC TCP port product or Protocol Notes for port settings Direction open Source -orDestination Application name ESRS HTTPS 443 See KB article 13285. GWExt uses HTTPS by default but can be configured to use FTP.emc. Port 9443 from Managed device (EMC product) Apache httpd listener Customer access to ESRS GUI HTTPS 9443 Use HTTPS 9443 for making RESTful service calls to add/remove/update manage devices. “What IP addresses are used by the EMC Secure Remote Support IP Solution?. however without this port being opened. Outbound to EMC Client service HTTPS 443 See KB article 13285.emc. to send connecthomes and to send device heartbeat check to ESRS Passive FTP During the ESRS-IP installer execution.com = 128. “What IP addresses are used and 8443 by the EMC Secure Remote Support IP Solution?. These ports are used for passive mode FTP of connect-homeconnect-home messages as well as for the GWExt loading and output. all traffic except remote support Remote support N/A Service notification from device N/A Remote support for device N/A Policy query N/A IMPORTANT: Port 8443 is not required for functionality.” You can access this article on support. See RFC 959 for passive FTP definition.com. Outbound to EMC Global Client service Access Servers (GAS) Communication (network traffic) type Performed by authorized EMC Global Services personnel: Support objective (frequency) Service notification.221. ESRS: Apache httpdftp SMTP 25 ESRS: postfix IMPORTANT: Outbound When opening ports for devices in Table 2.com = 168. This range indicates the data channel ports available for response to PASV commands. If configured.emc. N/A setup. The following hosts/IP addresses and ports need to be added as FTPS destinations: • curpusfep3.159.emc. which will directly impact time to resolve issues on the end devices.66 990 • corpusfep4. Refer to product documentation. also open the same ports on the ESRS server. the value for ports: 21.209. MUST use the customer SMTP server.” You can access this article on support.

Inbound from ESRS IP Clients (and customer browser) Policy Manager service Policy query (and policy management by customer) Outbound to Customer email server N/A HTTPS 8443 SMTP 25 Action request EMC Secure Remote Services Port Requirements 5 .EMC TCP port product or Protocol Notes for port settings HTTP 8118 Policy HTTP Manager (configurable) Default = 8090 To support ESRS proxy. Communication (network traffic) type Performed by authorized EMC Global Services personnel: Support objective (frequency) Direction open Source -orDestination Application name Inbound To Gateway Proxy client Services eLicensing N/A requests and inbound traffic to Gateway for MFT. Leveraged by standalone embedded ESRS Device Clients.

9443. 8580. Administration (occasional) CLI (via SSH) Troubleshooting (frequent) Telnet Troubleshooting (rare) Use only if CLI cannot be used to Customer SMTP server ConnectEMC Service notification N/A from ESRS EMC Centera Viewer Remote support Diagnostics (frequent) CLI (via SSH) Troubleshooting (frequent) . 8779. and 7781 AVInstaller Outbound to ESRS ConnectEMC Inbound from ESRS Celerra Manager Remote (Web UI) support Passive FTP Service notification SMTP All of: 80. NAS code 5. 8780.5.x and earlier supports only FTP. Outbound Both 3218 and 3682 22 6 NA Administration (occasional) Troubleshooting (frequent) Enterprise Manager HTTPSa 23 Administration (occasional) Troubleshooting (frequent) to ESRS or to Customer SMTP server 8543 Celerra® SecureWebUI EMC Secure Remote Services Port Requirements Note: NAS code 5. 7778.30.x supports both FTP and SMTP for connect-home by using ESRS. Table 2 EMC product Atmos® Port requirements for devices Performed by authorized EMC Global Services personnel: Support objective (frequency) ConnectEMC Service notification NA from ESRS CLI (via SSH) Remote support to ESRS ConnectEMC Service notification CLI (via SSH) Remote support TCP port or Protocol Notes for port settings Direction Source -or. 8781.Application open Destination name HTTPSa Outbound Passive FTP SMTP to ESRS to ESRS or to Customer SMTP server 22 Inbound 443 Avamar® Communication (network traffic) type HTTPSa Outbound Passive FTP SMTP 22 Inbound from ESRS 80. 7779. 8778.443.31.5. 7780.Port requirements for devices Port requirements for devices Table 2 on page 6 lists the port requirements for EMC devices. 443. and 8000 22 EMC Centera® SMTP This telnet port should be enabled only if SSH (port 22) cannot be used. 8543.

KTCONS Service notification N/A Remote support Troubleshooting (occasional) Navisphere Manager.EMC product TCP port or Protocol Notes for port settings CLARiiON® HTTPSa and Passive FTPa CLARiiON SMTP portion of EDL Service notification for CLARiiON and Outbound EDL is supported only on centrally managed devices via a management server. 6391. 13456 22 (to run pling) Both 80 and 443. Navisphere SP Agent When using Connectrix Manager Outbound to ESRS ConnectEMC or Service DialEMC notification N/A 5414 Inbound from ESRS EMCRemote Remote support Troubleshooting (frequent) 5414 Customer Manage9519 ment Station Inbound From ESRS EMCRemote Remote support Troubleshooting (frequent) SMTP 3389 RemoteDesktop 80. both 2162 and 2163 Direction Source -or. 443. Navisphere® SP Agent 9519 Navisphere Management Station ConnectEMC Communication (network traffic) type ConnectEMC Diagnostics (occasional) Service notification N/A ConnectEMC. 6390. and 6392 Navisphere CLI 60020 Remote Diagnostic Agent HTTPSa Outbound Passive FTPa to ESRS SMTP Connectrix® HTTPSa switch family Passive FTPa Performed by authorized EMC Global Services personnel: Support objective (frequency) ConnectEMC. also allows Navisphere SecureCLI Administration (frequent) Troubleshooting (frequent) RemotelyAnywhe re 5414 EMCRemote All of: 6389. 8443 WebHTTPHTTP 22 Data Domain HTTPS CLI (via SSH) Inbound from ESRS Enterprise Manager Remote support Administration (occasional) Troubleshooting (frequent) 22 Inbound from ESRS CLI (via SSH) Remote support Administration (occasional) Troubleshooting (frequent) SMTP Outbound to Customer SMTP server CentOS Service notification N/A 22 Inbound Remote support Troubleshooting (frequent) Inbound from ESRS CLI (via SSH) 443 HTTP DL3D Engine RemotelyAnywhere Secure Web UI EMC Secure Remote Services Port Requirements 7 . Distributed CLARiiON devices (including EDL) use ESRS or Customer email server (SMTP) for service notifications. refer to CLARiiON documentation.Application open Destination name Inbound to ESRS from ESRS For more information. or optionally (depending on configuration).

443. to ESRS ConnectEMC Service notification N/A from ESRS CLI (via SSH) Remote support Troubleshooting (frequent) Outbound to Customer SMTP server ConnectEMC Service notification NA Inbound from ESRS CLI (via SSH) Remote support Outbound to ESRS ConnectEMC Service notification N/A Inbound from ESRS EMCRemote Remote support Troubleshooting (frequent) Inbound 11576 Greenplum Data Computing Appliance (DCA)® Invista® Element Manager Invista CPCs HTTPSa Passive FTP SMTP 22 HTTPSa Passive FTPa Administration (occasional) Troubleshooting (frequent) SMTP 5414 All of: 80.Application open Destination name HTTPSa Outbound to ESRS ConnectEMC Service notification N/A Inbound from ESRS CLI (via SSH) Remote support Troubleshooting (frequent) ConnectEMC Service notification N/A CLI (via SSH) Remote support Troubleshooting (frequent) ConnectEMC Service notification N/A CLI (via SSH) Remote support Troubleshooting (frequent) Passive FTPa SMTP 22 80. and 2163 5201 8 EDL Mgt Console EMC Secure Remote Services Port Requirements Invista Element Manager and InvistaSecCLI ClassicCLI . Distributed CLARiiON devices (including EDL) use ESRS or Customer email server (SMTP) for service notifications. 2162. 443. 443.443 DLmConsole 3389 Remote Desktop HTTPSa DPA Celerra Manager Outbound to ESRS Inbound from ESRS Passive FTPa SMTP 22 9002.Port requirements for devices EMC product DLm Communication (network traffic) type Performed by authorized EMC Global Services personnel: Support objective (frequency) TCP port or Protocol Notes for port settings Direction Source -or. 8000 80. 4443 EDL Engine (except DL3D) HTTPSa Passive FTPa SMTP 22 ECS UI Service notification for EDL is supported Outbound only on centrally managed devices via a management server. 9004 DPA GUI 3389 ElasticCloud HTTPSa Storage Passive FTPa (ECS) Remote Desktop Outbound to ESRS Inbound from ESRS SMTP 22 80.9003.

All other Connect Homes will use ConnectEMC to send files to ESRS using HTTPS.Application open Destination name ESRS team highly recommends using Outbound CEC. 7000. 80 ViPR Management GUI (ViPRUI) EMC Secure Remote Services Port Requirements 9 . or SMTP.1. and 23005 SGBD/Swuch/ Chat Server/ Remote Browser/ InlineCS HTTPSa Outbound to ESRS Inbound from ESRS Passive FTPa Advanced troubleshooting (by EMC Symmetrix Engineering) (rare) ConnectEMC Service notification N/A CLI (via SSH) Remote support Troubleshooting (frequent) SMTP 22 443. 4443. Outbound to Customer SMTP server Inbound from ESRS WEBUI CLI (via SSH) RecoverPoint Management GUI CLI (via SSH) Telnet Administration (occasional) Troubleshooting (frequent) Service notification N/A Remote support Troubleshooting (frequent) Remote support Troubleshooting (frequent) Troubleshooting (rare) Use only if CLI cannot be used N/A CLI (via SSH) Telnet Remote support Troubleshooting (frequent) Troubleshooting (rare) Use only if CLI cannot be used Outbound to ESRS ConnectEMC or Service DialEMC notification N/A Inbound from ESRS RemotelyAnywhe Remote re support Troubleshooting (frequent) Passive FTPa SMTP 22 9519 ViPR 5414 EMCRemote All of: 1300. 5555. 443. 23004. and 7225 Switch– Brocade-B Switch– Cisco 22 23 Note: If managed by Connectrix Manager. Symmetrix® HTTPSa from ESRS This telnet port should be enabled only if SSH (port 22) cannot be used. 22 Inbound from ESRS 8080 RecoverPoint SMTP Outbound to ESRS 22 Inbound from ESRS 80. 23 This telnet port should be enabled only if SSH (port 22) cannot be used. 1400.EMC product Isilon® TCP port or Protocol Notes for port settings HTTPSa Passive FTP Communication (network traffic) type Performed by authorized EMC Global Services personnel: Support objective (frequency) ConnectEMC Service notification NA ISI-Gather Log Process Configuration information CLI (via SSH) Remote support Direction Source -or. Passive FTP. the Transfer (MFT) isi_gather_info script will send the Isilon 8118 log file back to EMC via MFT using port 8118 on the ESRS.HTTPS transport protocol as FTP and SMTP are plain text protocols. 4444. 23003. to ESRS SMTP Managed File Within Isilon OneFS 7. use port 5414 Inbound SMTP 22 SSH must be enabled and configured.

Application open Destination name HTTPSa Outbound to ESRS ConnectEMC Service notification N/A 22 Inbound from ESRS CLI (via SSH) Remote support Troubleshooting (frequent) HTTPSa Outbound to ESRS ConnectEMC Service notification NA Inbound from ESRS CLI (via SSH) Remote support Troubleshooting (frequent) ConnectEMC Service notification NA CLI (via SSH) Remote support Troubleshooting (frequent) Passive FTPa SMTP VMAX3 Passive FTPa SMTP 22 5414 EMCRemote 4444. 10443. 22. 8080. 903. 8443. 5555. 443. 10080. 23004. 2162.Port requirements for devices EMC product ViPRSRM Communication (network traffic) type Performed by authorized EMC Global Services personnel: Support objective (frequency) TCP port or Protocol Notes for port settings Direction Source -or. 443. 1300 SGDB 5555. 902 VNX® VClient 443 WebHostLogAcc ess (Primary) 443 WebHostAccess 9443.6392. 60020 Remote Diagnostic Agent EMC Secure Remote Services Port Requirements Diagnostics (occasional) . 23004 HTTPSa VMAX® Cloud Edition Passive FTPa (CE) SWUCH Outbound to ESRS Inbound from ESRS SMTP 22 443. 2163. 80 WebVClient 5480 vAppAccess (Primary) HTTPSa Administration (frequent) Outbound to ESRS ConnectEMC Service notification N/A Inbound from ESRS KTCONS Remote support Troubleshooting (occasional) Passive FTPa SMTP 13456 13456. 23003. 8000 Unisphere/USM/ Navisphere SecureCLI 6391. 13457 RemoteKTrace Administration (frequent) Troubleshooting (frequent) 9519 10 RemotelyAnywhere 22 CLI (via SSH) 80. 80. 7000 InlineCS 7000 RemoteBrowser 9519 RemotelyAnywhe re 5555.

The default port for HTTPS is 443. Refer to product documentation. These ports are used for passive mode FTP of connect-home messages as well as for the GWExt loading and output.Application open Destination name HTTPSa Outbound to Customer SMTP server ConnectEMC Service notification Inbound from ESRS CLI (via SSH) Remote support to ESRS ConnectEMC from ESRS Invista Element Manager Passive FTP SMTP 22 80 and 443 VPLEX® SMTP 443 Outbound Inbound 22 VSPEX BLUE HTTPSa Unisphere CLI (via SSH) Service notification N/A Remote support Troubleshooting (frequent) CLI (via SSH) Outbound to Advanced troubleshooting (by EMC Symmetrix Engineering) (rare) ConnectEMC Service notification N/A CLI (via SSH) Remote support Troubleshooting (frequent) ESRS Passive FTP Administration (occasional) Troubleshooting (frequent) SMTP 22 Inbound from ESRS Outbound to ESRS ConnectEMC Service notification N/A Inbound from ESRS CLI (via SSH) Remote support Troubleshooting (frequent) 5900. 443.EMC product VNXe® Communication (network traffic) type Performed by authorized EMC Global Services personnel: Support objective (frequency) N/A TCP port or Protocol Notes for port settings Direction Source -or. 80. EMC Secure Remote Services Port Requirements 11 . This range indicates the data channel ports available for response to PASV commands. Use of HTTPS for service notifications is dependent on the version of ConnectEMC used by the managed device. The value for Passive Port Range in FTP is set to 21 and 5400 through 5413. 42502 XTREMIOGUI a. 5901 XtremIO® HTTPSa VNC Passive FTPa SMTP 22. 443 80.

” EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION. copying. Use. and distribution of any EMC software described in this publication requires an applicable software license.com.emc. go to Technical Documentation and Advisories section on the EMC Online Support Site (support.com). THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.Port requirements for devices Copyright © 2015 EMC Corporation. For the most up-to-date listing of EMC product names. All other trademarks used herein are the property of their respective owners. AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. EMC believes the information in this publication is accurate as of its publication date. For the most up-to-date regulatory document for your product line. All rights reserved. The information is subject to change without notice. 12 EMC Secure Remote Services Port Requirements . see EMC Corporation Trademarks on EMC.