03-27-2015 01:39 AM
Hi Team,
Can you please suggest the below mentioned ports are enough for Netbackup communication and data transfer from client to Netbackup Master /Media server. Client machines are VM ( snapshot backups) , Exchnage , SQL agent base backup
Please suggest , if more ports are required to open for data transfer --
Source | Destination | Source Port | Destination Ports | Bi-Directional |
Master Server | Media server | Any | TCP/1556 TCP/2821 TCP/13724 TCP/13782 TCP/13720 TCP/4032 TCP/10102 TCP/10082 TCP/443 TCP/111 TCP/7394 TCP/902 |
Yes |
VM Client machines | Media server | Any | TCP/1556 TCP/13724 TCP/10102 TCP/10082 TCP/443 TCP/2821 |
Yes |
VM Client machines | Master Server | Any | TCP/1556 TCP/13724 TCP/10102 TCP/10082 TCP/443 TCP/2821 |
Yes |
Solved! Go to Solution.
03-27-2015 02:29 AM
This is what I came up with. This will allow both agent and VMware backups.
Master -> Media TCP/1556
Master -> VM client TCP/1556
Master -> Vcenter TCP/443
Media -> ESX TCP/902
Media -> Clients TCP/1556
ClientS -> Media TCP/10102 & TCP/10082
Clients -> Master TCP/1556
No Netbackup 6.X compatibility. If required 13724 need to be added.
03-27-2015 02:10 AM
Symantec NetBackup 7.6 Network Ports Reference Guide
http://www.symantec.com/docs/DOC6716
Netbackup uses 1556 for backup only. Some additional ports are also used, but that very much dependent on the configuration.
03-27-2015 02:14 AM
Hi Nicolai , after reading this guide , I filtered the port ranges and pasted above.
I am not sure if the above mentioned ports are enough for data transfer from client to master / media server...
need your suggestion.
03-27-2015 02:16 AM
is this a pure VM backup configuration. Will agent based backup be used as well ?. What is the transfer method for VM backups ?
03-27-2015 02:27 AM
yes , all client servers are VM , Master / media servers are physical
for VM Backup -- Snapshot backup method ( SAN transport mode for SAN datastores and NDB mode for NFS datastores) and exclude DB backups.
For exchange - exchange running on VM will be agent base backup
For SQL - SQL running on VM will be agent base backup
CIFS will be mapped to master server and get backed up via snapshot backup.
03-27-2015 02:29 AM
This is what I came up with. This will allow both agent and VMware backups.
Master -> Media TCP/1556
Master -> VM client TCP/1556
Master -> Vcenter TCP/443
Media -> ESX TCP/902
Media -> Clients TCP/1556
ClientS -> Media TCP/10102 & TCP/10082
Clients -> Master TCP/1556
No Netbackup 6.X compatibility. If required 13724 need to be added.
03-27-2015 02:41 AM
HI SDO,
Protocol name means transport protocol ..is it ? I have mentionedd as TCP....or something else you want to say ?
NBU version - 7.6.0.3
I will use exchange and VM GRT , please suggest the port range
Please suggest the LU (LiveUpdate) port range & OpsCenter
Maybe also UDP/162 and or TCP/162 if you master, master/media, media are appliances and you want them to be able to send SNMP traps. And again, if you have appliances, maybe also TCP/123 (for NTP time server requests).
Master Media servers are not appliance. i want to send SNMP alerts by using nebackup MIB's and ops center. any ports required for this ?
I will add these ports also as you have suggested -
UDP/53 and TCP/53 for DNS
port TCP/25 outbound from master server
TCP/22 (ssh)
TCP/3389 (rdp) for Windows
03-27-2015 02:46 AM
thanks Nicolai,
Media -> ESX TCP/902 is missing in my list ...I will add it.
My doubt is , if 4-5 policies starts running at the same time and it will backup multiple clients ( example 20 clients) , do you think these ports are enough for data transfer ?
03-27-2015 02:47 AM
From the port guide - page 17
TCP port 111 (portmapper) needs to be open from the client to the media server.
TCP port 7394 (nbfsd) needs to be open from the client to the media server.
Regardig OPScenter - see page 19 in the port guide.
It would be really helpfull if you had a network diagram and location of firewalls. Port opening only matter if firewalls are in place. That the "possible firewall" on the opscenter drawing page 20.
03-27-2015 02:51 AM
yes - you do not need to worry. It's a non-issue.
There is a complicated technical answer behind that is out of scope right now.
03-27-2015 03:07 AM
thanks Nicolai,
Noted -
TCP port 111 (portmapper) needs to be open from the client to the media server.
TCP port 7394 (nbfsd) needs to be open from the client to the media server.
Checking page 19 for ops-center.. I will revert back in few mins
03-27-2015 03:48 AM
In addtion to all above, if you have DAG ports 1556, 13724, 13782 are required between farm nodes. Same goes for Sharepoint.
03-27-2015 04:08 AM
Nice table Brits.
Would be even nicer with the protocol 'name' next to the port number... :)
What version of NetBackup are you looking to implement?
.
IMO - you don't need master to/from media TCP/13720.
And, you shouldn't need VM Client to master/media TCP/13724 - BUT - you will need if if any backup clients are pre NetBackup v7.0.1 or are v7.5+ 'resilient' clients - and/or if you are using the native Windows Admin Console, or the Windows Java Admin Console, within any guest VM.
FYI - NDMP requires additional ports. GRT requires additional ports. BMR requires additional ports. Appliance KVM require additional ports. LU (LiveUpdate) requires additional ports. OpsCenter requires additional ports.
If your list is purely NetBackup ports - then it looks like you're fairly close to a definitive list for NetBackup.
Some sites prefer to list/capture/document everything required by infrastructure - so that everything required for a 'service' is listed in one place... if so, then your documentation may need to also cover...
Maybe also UDP/53 and TCP/53 for DNS.
Maybe also port TCP/25 (smtp) outbound from master server if you want to be able to email from the master server - e.g. the Catalog Backup DR email file. (very highly recommended to implement this).
Maybe also UDP/162 (snmp) and or TCP/162 (snmp) if you master, master/media, media are appliances and you want them to be able to send SNMP traps.
Maybe also TCP/123 (ntp) for time server requests - especially if you have appliances, but then shouldn't all nodes require accurate time services - so maybe TCP/123 for everything.
Maybe also TCP/22 (ssh) if you want to be able to logon using PuTTY, or even pscp 'binaries' kits to the servers and/or clients.
Maybe TCP/3389 (rdp) for Windows.
Maybe some ports for SMB/CIFS or NFS - especially if you have appliances and want to be able to upload kits.
03-27-2015 04:22 AM
http://en.wikipedia.org/wiki/OSI_model
The word "protocol" on its own can sometimes be a bit mis-leading in some circumstances/contexts.
So, TCP is a "transport" protocol at OSI layer 4, whereas TCP/1556 is an "application" protocol at OSI "data" layers 5/67, with an application protocol name of "veritas-pbx", which, oddly, is not listed here:
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
...but is listed here:
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=27
.
I can't remember off the top of my head all the ports for BMR, GRT, and LU (which depends how you implement it).
This doc might show some light on the ports for BMR which vary depending upon OS family of NetBackup Client:
https://www-secure.symantec.com/connect/articles/netbackup-76-blueprints-bmr
...so, maybe several of the Blueprint docs might contain hints and tips re port numbers (apologies but I haven't checked in detail) (I have a job to do too):
https://www-secure.symantec.com/connect/forums/list-netbackup-blueprints
03-27-2015 05:05 AM
Are you sure about that ?
13724, 13782 are NBU 6.x legacy ports.
Page 14 in the port manual
13782: Only needed for pre- 7.0.1 clients.
13724: Only needed for pre- 7.0.1 clients or 7.5+ resilient clients.
03-27-2015 07:47 AM
I am sure for SharePoint, had to open a support case to learn it. Exchange not so sure, never tried with 1556 only. Since sharepoint issue, I'm requesting all 3 of these every time.
03-27-2015 08:36 AM
hi Nicolai,
I have added 25 , 162 , 1556 port for ops- centera alerts and all other port detail also which you have suggested above.
Many thanks for help.
03-27-2015 08:42 AM
thank you very much SDO for these useful links. They will definately help me.
For now, my requirement was to get the port details for Netbackup and your response is really helpful.