Firewall configuration required by the management node

Unified Compute Platform (UCP) Advisor Software Installation Guide

Version
4.5.x
Audience
anonymous
Part Number
MK-92UCP120-13

Security administrators use firewalls to protect the network, or selected components in the network, from intrusion. A firewall might be deployed between UCP and your management environment, depending on your deployment.

UCP Advisor requires that specific ports are open on the VM. These ports are preconfigured in the UCP Advisor plugin. You do not need to open them.

For a comprehensive list of TCP and UDP ports, see the following tables.

Required firewall port exceptions

The ports in the following table are used for UCP Advisor management traffic. To access UCP Advisor from the production network, exceptions for these ports are necessary.

UCP Advisor VM

Source Destination Protocol/Port
IO card discovery microservice Compute BMC/iLO UDP/623, TCP/443
IO card pcie card upgrade microservice Compute BMC/iLO UDP/623, TCP/443
Client UCP Advisor Master Node IP TCP/23019
idm microservice UCP Advisor Master Node IP TCP/8081
BMC UCP Advisor Master Node IP TCP/2049
UCP Advisor Master Node IP TCP/111
UCP Advisor Master Node IP TCP/2048
UCP Advisor Master Node IP TCP/2050
UCP Advisor Master Node IP TCP/32765
UCP Advisor Master Node IP TCP/32767
UCP Advisor Master Node IP TCP/18443
license-server UCP Advisor Master Node IP TCP/6379
Client UCP Advisor Master Node IP TCP/443
UCP Advisor Master Node IP TCP/8444
VCSA UCP Advisor Master Node IP TCP/8877
BMC UCP Advisor Master Node IP UDP/2049
UCP Advisor Master Node IP UDP/2048
UCP Advisor Master Node IP UDP/111
UCP Advisor Master Node IP UDP/32765
UCP Advisor Master Node IP UDP/32767
UCP Advisor Master Node IP UDP/32768
UCP Advisor Master Node IP UDP/1888
Storage Array UCP Advisor Master Node IP UDP/10441
UCP Advisor Master Node IP UDP/10442
Client UCP Advisor Master Node IP TCP/6443
UCP Advisor Master Node IP TCP/2379
UCP Advisor Master Node IP TCP/2380
UCP Advisor Master Node IP TCP/10250
UCP Advisor Master Node IP UDP/8472
sdi gateway compute microservice Compute BMC/iLO UDP/623, TCP/443
sdi gateway network microservice FC/Ethernet switch TCP/443, TCP/22
sdi gateway storage microservice Storage array TCP/1099, TCP/51099, TCP/51100
sdi gateway storage External sdi gateway storage TCP/8444, UDP/10441, UDP/10442
Serviceability Serviceability in the other Advisor node TCP/23033
Ethernet/Fibre Channel scp host ip TCP/22
Device scp host ip TCP/22
UCP Advisor Master Node IP License-server TCP/6379
UCP Advisor Gateway VM Storage TCP/443, UDP 9444-9449
UCP Advisor Gateway VM Network TCP/22, TCP/443
UCP Advisor Gateway VM Server TCP TCP/443, UDP 161-162,UDP 623
SSH client All Node IPs TCP/22

UCP Advisor Service Console VM

Source Destination Protocol/Port
Service Console VM Server BMC (Redfish) TCP/HTTP/UDP80/443/623
Service Console VM ESXi SSH/22
Service Console VM vCenter (Pyvomi) TCP/HTTP 80/443
Note: ICMP pings are used for diagnosing laptop-to-BMC and laptop-to-ESXi outbound types.

Optional firewall port exceptions

The ports in the following table are used for UCP Advisor management traffic, element management traffic, and system integration traffic (DNS and NTP). The security administrator can configure firewall port exceptions.

Source Destination Protocol/Port
Hitachi Remote Ops VM UCP Advisor Master Node VM TCP/443