secure remote services - dell › en-us › collaterals › unauth › ... · https 443 usage of...
TRANSCRIPT
Secure Remote ServicesRelease 3.40
Port Requirements
REV 01
October 16, 2019
Note: EMC Secure Remote Services (ESRS) has been rebranded to SecureRemote Services (SRS).
This document contains supplemental information about SecureRemote Services (SRS), Release 3.40. SRS 3.40 is the virtual edition ofSRS. This document includes the following topics:
◆ Communication between SRS and Dell EMC .................................. 2◆ Communication between SRS and Policy Manager........................ 2◆ Communication between SRS and devices ...................................... 2◆ Port requirements for SRS and Policy Manager (PM) servers ....... 4◆ Port requirements for devices............................................................. 7
Note: Some ports used by SRS and devices may be registered for use by otherparties, or may not be registered by Dell EMC. Dell EMC is addressing theseregistration issues. In the meantime, be aware that all ports listed for use by theSRS servers and devices will be in use by the Dell EMC applications listed.
1
2
Communication between SRS and Dell EMC
Communication between SRS and Dell EMCTo enable communication between your Secure Remote Services(SRS) Virtual Edition Server and Dell EMC, you must configure yourexternal network and/or firewalls to allow traffic over the specificports as shown in Table 1 on page 5. These tables identify theinstallation site network firewall configuration open-portrequirements for SRS. The protocol/ports number and direction areidentified relative to the SRS servers and storage devices. Figure 1 onpage 3 shows the communication paths.
Communication between SRS and Policy ManagerTo enable communication between SRS and Policy Manager, youmust configure your internal firewalls to allow traffic over thespecific ports as shown in Table 1 on page 5. These tables identify theinstallation site network firewall configuration open-portrequirements for SRS. The protocol/ports number and direction areidentified relative to the SRS servers and storage devices. Figure 1 onpage 3 shows the communication paths.
Communication between SRS and devicesThere are two connection requirements between the SRS server andyour managed devices:
◆ The first is the communication between SRS and your manageddevices for remote access connections. SRS secures remote accessconnections to your Dell EMC® devices by using a session-basedIP port-mapped solution.
◆ The second communication requirement is between SRS and yourmanaged devices for Connect Home messages. SRS brokersConnect Home file transfers from your managed devices thatsupport Connect Home through SRS, thus ensuring securetransport, authorization, and auditing for those transfers.
To enable communication between SRS and your devices, you mustconfigure your internal firewalls to allow traffic over the specificports as shown in Table 1 on page 5 and Table 2 on page 7. Thesetables identify the installation site network firewall configurationopen-port requirements for SRS IP. The protocol/ports number and
Secure Remote Services Port Requirements
direction are identified relative to the SRS servers and storagedevices. Figure 1 on page 3 shows the communication paths.
Figure 1 Port diagram for generic Dell EMC managed product
Note: For the optional failover, ports 990 and 25 are used on the SRS VirtualEdition outbound to Dell EMC only when the failover Connect Home isconfigured for FTPS and/or the email option is used as the failover channel.
3Secure Remote Services Port Requirements
4
Port requirements for SRS and Policy Manager (PM) servers
Port requirements for SRS and Policy Manager (PM) serversTable 1 on page 5 lists the port requirements as follows:
Note: See Knowledgebase (KB) Article 494729, “What IP addresses are usedby Secure Remote Services IP Solution.” You can access this article throughhttps://support.emc.com/kb/494729.
Secure Remote Services Port Requirements
Table 1 Port requirements for SRS and Policy Manager servers
Dell EMCproduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communication(network traffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
SRS HTTPS 443 Outbound to Dell EMC Client service Servicenotification,setup, all trafficexcept remotesupport
N/A
HTTPS 443and 8443
Outbound to Dell EMCGlobal AccessServers (GAS)
Client service Remote support N/A
IMPORTANT:Port 8443 is not required for functionality, however without this port beingopened, there will be a significant decrease in remote supportperformance, which will directly impact the time to resolve the issues on theend devices.
Port 990 forConnect Homefailover (ifconfigured)
Supports Connect Home failover if the SRS Channel isunavailable
Outbound FTPS to DellEMC FEP
HTTPS 443 Usage of the HTTPS for the inbound service notificationsis dependent on the version of ConnectEMC used by themanaged device. For more information, refer to theproduct documentation. If configured, you MUST use thecustomer SMTP server.
Inbound fromManaged device(Dell EMCproduct)
Apache httpdlistener
Servicenotification fromdevice
N/A
Port 9443HTTPS 9443
• Customer access to SRS GUI• Use HTTPS 9443 for making RESTful service calls to
add/remove/update manage devices, to sendConnect Homes, to utilize Managed File Transfer(MFT), and to send device heartbeat check to SRS
Inbound • fromcustomernetwork
• fromManageddevice (DellEMCproduct)
• SRS VirtualEdition WebUI
• SRS VirtualEdition RESTCommunication Channel
• SRSv3serverManagement traffic
• Servicenotificationfrom device
N/A
Port 22 Customer access to SRS Virtual Edition console Inbound from customernetwork
CLI (via SSH) SRSv3 serverManagementtraffic
N/A
Passive FTPports: 21,5400–5413
During the SRS-IP installer execution, the value forPassive Port Range in FTP is set to 21 and 5400 through5413. This range indicates the data channel portsavailable for response to the PASV commands. See RFC959 for the passive FTP definition. These ports are usedfor the Passive FTP mode of the Connect Home messagesas well as for the GWExt loading and output. GWExt usesHTTPS by default but can be configured to use FTP.
Inbound fromManaged device(Dell EMCproduct)
SRS: Apachehttpdftp
Servicenotification fromdevice
N/A
SMTP 25 • Acts as failover if heartbeat fails• Alert customer’s contact
Outbound from SRS VirtualEdition
Customer’s emailserver
Servicenotification
N/A
Process Connect Home files Inbound from SRSmonitoreddevices
SRS: postfix Action request N/A
IMPORTANT:When opening the ports for the devices in Table 2, you must also open the same ports on the SRS server, identified as “Inbound from SRS Virtual Edition (VE) server”.
HTTP(configurable)Default = 8090
Outbound toPolicy Manager
Client service Policy query N/A
HTTPS 8443
HTTP 8118 To support SRS proxy Inbound ToGateway
Proxy client ServiceseLicensingrequests andinbound traffic tothe gateway forMFT. Leveragedby standaloneembedded SRSDevice Clients.
N/A
5Secure Remote Services Port Requirements
6
Port requirements for SRS and Policy Manager (PM) servers
PolicyManager
HTTP(configurable)Default = 8090
Inbound from SRS Clients(and customernetwork)
Policy Managerservice
Policy query(and policymanagement bycustomer)
N/A
HTTPS 8443
SMTP 25 Outbound to Customeremail server
Action request
Dell EMCproduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communication(network traffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
Secure Remote Services Port Requirements
Dp
A
A
A
Port requirements for devicesTable 2 on page 7 lists the port requirements for Dell EMC devices.
IMPORTANT!The SRS team highly recommends using HTTPS transport protocolas FTP and SMTP are plain text protocols.
Note: Any device using REST to communicate to SRS will use port 9443 onthe gateway (that is, HTTPS 9443 needs to be opened from device to SRS).
Note: If using integrated model see product documentation.
Table 2 Port requirements for devices
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
ppSync HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
HTTPSa
tmos® HTTPSa Outbound to SRS ConnectEMC Servicenotification
N/A
Passive FTP(21)
SMTP (25) to SRS or toCustomerSMTP server
22 Inbound from SRS CLI (via SSH) Remotesupport
Administration (occasional)
443 Secure Web UI Troubleshooting (frequent)
vamar® HTTPS 9443 Outbound toSRS
REST Servicenotification
N/A
HTTPSa ConnectEMC
Passive FTP(21)
SMTP (25) to SRS or toCustomerSMTP server
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Administration (occasional)
443 AVInstaller Troubleshooting (frequent)
80,443, 8778,8779, 8780,8781, 8580,8543, 9443,7778, 7779,7780, and 7781
Enterprise Manager
7778, 7779,7780, 7781, and9443
MCGUI
7Secure Remote Services Port Requirements
8
Port requirements for devices
C
DC
CaCp
C
Dp
elerra® HTTPSa Outbound toSRS
ConnectEMC Servicenotification
Note: NAS code 5.5.30.x andearlier supports only FTP;NAS code 5.5.31.x supportsboth FTP and SMTP forConnect Home by using SRS.
Passive FTP(21)
SMTP (25)
All of: 80, 443,and 8000
Inbound fromSRS
Celerra Manager(Web UI)
Remotesupport
Administration (occasional)
22 CLI (via SSH) Troubleshooting (frequent)
23 This Telnet port should be enabled onlyif SSH (port 22) cannot be used.
Telnet Troubleshooting (rare)Use only if CLI cannot beused
ell EMCentera®
SMTP (25) Outbound to CustomerSMTP server
ConnectEMC Servicenotification
N/A
Both 3218 and3682
Inbound fromSRS
Dell EMC CenteraViewer
Remotesupport
Diagnostics (frequent)
22 CLI (via SSH) Troubleshooting (frequent)
LARiiON®
ndLARiiONortion of EDL
HTTPSa The service notification for CLARiiONand EDL is supported only on thecentrally managed devices via amanagement server. For the servicenotifications, the distributed CLARiiONdevices (including EDL) use SRS or theCustomer email server (SMTP).
Outbound toSRS
ConnectEMC Servicenotification
N/A
Passive FTPa
(21)
SMTP (25) ConnectEMC,Navisphere® SPAgent
13456 Inbound fromSRS
KTCONS,RemoteKTrace
Remotesupport
Troubleshooting (occasional)
Both 80 and443, oroptionally(depending onconfiguration),both 2162 and2163
For more information, refer to theCLARiiON documentation.
NavisphereManager;also allowsNavisphereSecureCLI
Administration (frequent) forNavisphere Manager
Troubleshooting (frequent) forNavisphere SecureCLI
9519 RemotelyAnywhere,RemoteKTrace
5414 EMCRemote
All of: 6389,6390
Navisphere CLI
6391, 6392 Remote DiagnosticAgent
Diagnostics (occasional)
9519, 22 RemoteKTrace Administration (occasional)
loudArray HTTPS 9443 Outbound toSRS
REST Servicenotification
N/A
HTTPSa ConnectEMC orDialEMC
Passive FTPa
(21)
SMTP (25)
41022 Inbound from SRS CLI (via SSH) Remotesupport
Administration (occasional)
443 BMCUICLOUDARRAYUI
Troubleshooting (frequent)
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
Secure Remote Services Port Requirements
C
C
C
CMm
D
DS
DE
Dp
loudBoost HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
HTTPSa ConnectEMC orDialEMC
Passive FTPa
(21)
SMTP (25)
22 Inbound from SRS CLI (via SSH) Remotesupport
Administration (occasional)
loudIQ-CLTR HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
HTTPSa ConnectEMC orDialEMC
Passive FTPa
(21)
SMTP (25)
22 Inbound from SRS CLI (via SSH) Remotesupport
Administration (occasional)
onnectrix® HTTPSa When using Connectrix Manager Outbound toSRS
ConnectEMC orDialEMC
Servicenotification
N/A
Passive FTPa
(21)
SMTP (25)
HTTPS 9443 When using CMCNE 14.0.1+ REST
5414 Inbound fromSRS
EMCRemote Remotesupport
Troubleshooting (frequent)
3389 Remote desktop
22 CLI (via SSH)
ustomeranage-ent Station
5414 Inbound fromSRS
EMCRemote Remotesupport
Troubleshooting (frequent)
9519 RemotelyAnywhere
3389 Remote desktop
80, 443, 8443 WebHTTP/HTTPS
22 CLI (via SSH)
ata Domain HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
443, 25, 21 ConnectEMC
80, 443 Inbound fromSRS
Enterprise Manager Remotesupport
Administration (occasional)Troubleshooting (frequent)
22 CLI (via SSH) Remotesupport
Administration (occasional)Troubleshooting (frequent)
23 This Telnet port should be enabled onlyif SSH (port 22) cannot be used.
Telnet Troubleshooting (rare)Use only if CLI cannot beused
ellEMCymphony
HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
L3Dngine
SMTP (25) Outbound to CustomerSMTP server
CentOS Servicenotification
N/A
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
443 Secure Web UI
11576 EDL Mgt Console
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
9Secure Remote Services Port Requirements
10
Port requirements for devices
DD
D
D
D
Eo
Dp
Lm, DLm3,Lm4
HTTPSa Outbound toSRS
ConnectEMC Servicenotification
N/A
Passive FTPa
(21)
SMTP (25)
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
80, 443, 8000 Celerra Manager(Only for DLm)
80, 443 DLmConsole (Onlyfor DLm3 andDLm4)
23 This Telnet port should be enabled onlyif SSH (port 22) cannot be used.
Telnet (Only forDLm)
Troubleshooting (rare)Use only if CLI cannot beused
PA HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
HTTPSa ConnectEMC
Passive FTPa
(21)
SMTP (25)
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
9002, 9003,9004
DPA GUI
3389 Remote desktop
PAppliance HTTPSa Outbound to SRS ConnectEMC Servicenotification
N/A
Passive FTPa
(21)
SMTP (25)
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
8543 DPAppliance ACM
443 Data ProtectionSearch UI, vSphereWeb Client, IDRACWeb
SSD HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
HTTPSa ConnectEMC
Passive FTPa
(21)
SMTP (25)
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
lasticCloudStrage (ECS)
HTTPSa Outbound to SRS ConnectEMC Servicenotification
N/A
Passive FTPa
(21)
SMTP (25)
HTTPS 9443 REST
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
80, 443, 4443 ECS UI
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
Secure Remote Services Port Requirements
EE(
EN
DECM
GDCA(
IEM
IC
Dp
DLngine
except DL3D)
HTTPSa The service notification for EDL issupported only on the centrallymanaged devices via a managementserver. For the service notifications, thedistributed CLARiiON devices (includingEDL) use SRS or the Customer emailserver (SMTP).
Outbound toSRS
ConnectEMC Servicenotification
Passive FTPa
(21)
SMTP (25)
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
11576 EDL Mgt Console Administration (occasional)
443 Secure Web UI Diagnostics (occasional)
mbeddedAS (eNAS)
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
2022 Troubleshooting (rare)
ell EMCnterpriseopy Dataanagement
HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
HTTPSa ConnectEMC
Passive FTP(21)
SMTP (25)
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
9000 Skyline UI
14443 SkylineUpgradeUI
8443 SkylineRESTAPIUI
reenplumataomputingppliance
DCA)®
HTTPSa Outbound to CustomerSMTP server
ConnectEMC Servicenotification
Passive FTP(21)
SMTP (25)
22 Inbound fromSRS
CLI (via SSH) N/A Administration (occasional)
Troubleshooting (frequent)
nvista®
lementanager
HTTPSa Outbound toSRS
ConnectEMC N/A Troubleshooting (frequent)
Passive FTPa
(21)
SMTP (25)
nvistaPCs
5414 Inbound fromSRS
EMCRemote N/A Troubleshooting (frequent)
All of: 80, 443,2162, and 2163
Invista ElementManager andInvistaSecCLI
5201, 6390,6391, 6392
ClassicCLI(InvistaCLI)
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
11Secure Remote Services Port Requirements
12
Port requirements for devices
I
I
N
N
P
PA
PD
RP
Dp
silon® HTTPS 9443 Outbound toSRS
REST Servicenotification
N/A
HTTPSa ConnectEMC
Passive FTP(21)
SMTP (25)
Managed FileTransfer (MFT)8118
• Within Isilon OneFS 7.1, theisi_gather_info script will send theIsilon log file back to Dell EMC viaMFT using port 8118 on SRS. Allother Connect Homes will useConnectEMC to send the files toSRS using HTTPS, Passive FTP, orSMTP.
• MFT for Isilon is not considered fullMFT and therefore is not handled assuch in the SRS Web UI.
ISI-Gather LogProcess
Configurationinformation
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Administration (occasional)
8080 Secure Web UI Troubleshooting (frequent)
silon SD Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
etWorker HTTPS 9443 Outbound to SRS REST Servicenotification
NA
7938 Inbound from SRS N/A Monitoring/polling
eutrino® HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
80, 443 Neutrino® UI
owerPath HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Administration (occasional)Troubleshooting (frequent)
owerProtectppliance
HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
443 Inbound from SRS PowerProtectManagement
Remotesupport
443 PowerProtectApplianceManagement
22 CLI (via SSH)
owerProtectataManager
HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
443 Inbound from SRS PowerProtectManagement
Remotesupport
22 CLI (via SSH)
ecover-oint
REST Outbound toSRS
REST Servicenotification
N/A
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
80, 443, and7225
RecoverPointManagement GUI
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
Secure Remote Services Port Requirements
S
SB
SC
S
U
UU
U
Dp
caleIO HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
6611 Inbound from SRS ScaleIOClient Remotesupport
Troubleshooting (frequent)
22 CLI (via SSH)
3389 Remote desktop
witch–rocade-B
HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
SMTP (25) Requires separate Windows monitoringworkstation running Fabric ManagerServer 5.x or higher
to CustomerSMTP server
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
23Note: Ifmanaged byConnectrixManager, thenuse port 5414
This Telnet port should be enabled onlyif SSH (port 22) cannot be used.
Telnet Troubleshooting (rare)Use only if CLI cannot beused
3389 Remote desktop Troubleshooting (frequent)
witch–isco
HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
SMTP (25) Requires separate Windows monitoringworkstation running Fabric ManagerServer 5.x or higher
to CustomerSMTP server
22 SSH must be enabled and configured. Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
23 This Telnet port should be enabled onlyif SSH (port 22) cannot be used.
Telnet Troubleshooting (rare)Use only if CLI cannot beused
ymmetrix® HTTPSa Outbound toSRS
ConnectEMC orDialEMC
Servicenotification
N/A
Passive FTPa
(21)
SMTP (25)
HTTPS 9443 MFT
9519 Inbound fromSRS
RemotelyAnywhere Remotesupport
Troubleshooting (frequent)
5414 EMCRemote
All of: 4444,5555, 7000,23003, and23004
SGBD/Swuch/ ChatServer/RemoteBrowser/InlineCS
Advanced troubleshooting (byDell EMC SymmetrixEngineering) (rare)
CC 22 Inbound from SRS CLI (via SSH) Remotesupport
N/A
nity®/nityVSA
HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
80, 443 Unisphere
nisphere HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
13Secure Remote Services Port Requirements
14
Port requirements for devices
V
V
V
VP
Dp
CE Vision HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
443 Secure Web UI
iPR HTTPSa Outbound toSRS
ConnectEMC Servicenotification
N/A
Passive FTPa
(21)
SMTP (25)
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
443, 4443, 80 ViPR ManagementGUI (ViPRUI)
iPR SRM HTTPS 9443 Outbound toSRS
REST Servicenotification
N/A
HTTPSa ConnectEMC
Passive FTPa
(21)
SMTP (25)
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
3389 Remote desktop
58443, 58080 ViPRSRM UI
MAX3/owerMax
HTTPSa Outbound toSRS
ConnectEMC Servicenotification
N/A
Passive FTPa
(21)
SMTP (25)
HTTPS 9443 REST/MFT- VMAX3
22 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
5414 EMCRemote
4444, 5555,7000
InlineCS
7000 RemoteBrowser
9519 RemotelyAnywhere
5555, 23004,23003, 1300
SGDB
5555, 23004 SWUCH
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
Secure Remote Services Port Requirements
V
V
V
V
V
V
Dp
NX® HTTPSa Outbound toSRS
ConnectEMC Servicenotification
N/A
Passive FTPa
(21)
SMTP (25)
HTTPS 9443 MFT
13456 Inbound fromSRS
KTCONS Remotesupport
Troubleshooting (occasional)
13456, 13457 RemoteKTrace Administration (frequent)
Troubleshooting (frequent)
9519 Remotely-Anywhere
22, 2022 CLI (via SSH)
80, 443, 2162,2163, 8000
Unisphere/USM/NavisphereSecureCLI
6391,6392,60020
Remote DiagnosticAgent
Diagnostics (occasional)
NXe® HTTPSa Outbound to CustomerSMTP server
ConnectEMC Servicenotification
N/A
Passive FTP(21)
SMTP (25)
HTTPS 9443 to SRS MFT
22, 2022 Inbound fromSRS
CLI (via SSH) Remotesupport
Administration (occasional)
80 and 443 Unisphere Troubleshooting (frequent)
PLEX® SMTP (25) Outbound toSRS
ConnectEMC Servicenotification
N/A
CLI (via SSH)
443 Inbound from SRS Invista ElementManager
Remotesupport
Troubleshooting (frequent)
22 CLI (via SSH) Advanced troubleshooting (byDell EMC SymmetrixEngineering) (rare)
xFlexOS HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
6611 Inbound from SRS ScaleIOClient Remotesupport
Troubleshooting (frequent)
22 CLI (via SSH)
3389 Remote desktop
xRack FLEX HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
8080 Inbound from SRS Secure Web UI RemoteSupport
Troubleshooting (frequent)
3389 Remote desktop
22 CLI (via SSH)
xRack SDDC HTTPS 9443 Outbound to SRS REST Servicenotification
N/A
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
15Secure Remote Services Port Requirements
16
Port requirements for devices
V(B
X
Nn
Dp
xRailVSPEXLUE®)
HTTPS 9443 Outbound toSRS
REST Servicenotification
N/A
HTTPSa ConnectEMC
Passive FTP(21)
SMTP (25)
22 Inbound from SRS CLI (via SSH) Remotesupport
Troubleshooting (frequent)
tremIO® HTTPS 9443 Outbound toSRS
REST Servicenotification
N/A
HTTPSa ConnectEMC
Passive FTPa
(21)
SMTP (25)
22, 80, 443 Inbound fromSRS
CLI (via SSH) Remotesupport
Troubleshooting (frequent)
80, 443, 42502 XTREMIOGUI
a. The use of HTTPS for service notifications is dependent on the version of ConnectEMC used by the managed device. For moreinformation, refer to the product documentation. The default port for HTTPS is 443. The value for Passive Port Range in FTP is set to 21and 5400 through 5413. This range indicates the data channel ports available for the response to the PASV commands. These ports areused for the Passive FTP mode of the Connect Home messages as well as for the GWExt loading and output.
ote: If connectivity is restricted to allow only communication from your products to the SRS VE, then Dell EMC will only be able to receive connect home information and willot be able to use SRS to connect in remotely to your products. Customers choosing this configuration should have alternate connect-in means available.
ell EMCroduct
TCP portor Protocol Notes for port settings
Directionopen
Source -or-Destination
Applicationname
Communi-cation(networktraffic)type
Performed byauthorized Dell EMCGlobal Servicespersonnel: Supportobjective (frequency)
Secure Remote Services Port Requirements
Copyright © 2019 Dell EMC Corporation. All rights reserved.
Dell EMC believes the information in this publication is accurate as of its publication date. The informationis subject to change without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS IS.” DELL EMC CORPORATIONMAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THEINFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OFMERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Use, copying, and distribution of any Dell EMC software described in this publication requires an applicablesoftware license.
For the most up-to-date regulatory document for your product line, go to the Documentation and Advisoriessections on the Dell EMC Online Support Site (support.emc.com).
For the most up-to-date listing of Dell EMC product names, see Dell EMC Corporation Trademarks onEMC.com.
All other trademarks used herein are the property of their respective owners.
17Secure Remote Services Port Requirements