Vcloud Director Network Security Requirements

  Vcloud Director Network Security Requirements

The DNS Configuration is critical for Vcloud Director. All Server names specific during Vcloud Director Installation must be resolvable by DNS. Including to the http service network interface and the console service network interface. Both short name and the fully qualified name (FQDN) must be resolvable. Reverse lookup of the addresses assigned must also be configured into the DNS server.

Host Name Resolution:

  • Forward and reverse lookup
  • Fully qualified domain name (FQDN)
  • Unqualified host name
  • Use the NSLOOKUP- command to confirm with the Vcloud Director server
  • For example, “Vcloud.example.com” with the a console IP address of the 192.168.1.1 and HTTPS address of 192.168.1.2:

NSLOOKUP Vcloud
NSLOOKUP Vcloud.example.com

NSLOOKUP 192.168.1.1

NSLOOKUP 192.168.1.2

Incoming Access Internal Network

Port Protocol Notes
111 TCP,UDP NFS port mapper used by the transfer service
920 TCP,UDP NFS rpc statd used by Transfer Service
61611 TCP Active MQ
61616 TCP Active MQ

 

Ports must be open on Vcloud Director Server to allow incoming traffic. (from non public networks).

 

Outgoing Access Internal Network.

Port Protocol Notes
25 TCP,UDP SMTP
53 TCP,UDP DNS
111 TCP,UDP NFS
123 TCP,UDP NTP
389 TCP LDAP
443 TCP Vcenter Server and ESX/ESXI
514 UDP Syslog
902 TCP Vcenter server and ESX/ESXI

 

Open to allow outgoing traffic from Vcloud.

Port Protocol Notes
903 TCP Vcenter Server and ESXI
920 TCP,UDP NFS
1433 TCP Microsoft SQL Server
1521 TCP Oracle database
5672 TCP, UDP AMQP(optional)
61611 TCP ActiveMQ
61616 TCP ActiveMQ

 


Leave a Reply

Your email address will not be published. Required fields are marked *