1.5
Table Of Contents
- vCloud Director Installation and Configuration Guide
- Contents
- VMware vCloud Director Installation and Configuration Guide
- Overview of vCloud Director Installation and Configuration
- vCloud Director Architecture
- Configuration Planning
- vCloud Director Hardware and Software Requirements
- Creating a vCloud Director Server Group
- Upgrading vCloud Director
- vCloud Director Setup
- Index
Network Security Recommendations
Secure operation of vCloud Director requires a secure network environment. Configure and test this network
environment before you begin installing vCloud Director
Connect all vCloud Director servers to a network that is secured and monitored. vCloud Director network
connections have several additional requirements:
n
Do not connect vCloud Director directly to the public Internet. Always protect vCloud Director network
connections with a firewall. Only port 443 (HTTPS) must be open to incoming connections. Ports 22 (SSH)
and 80 (HTTP) can also be opened for incoming connections if needed. All other incoming traffic from a
public network must be rejected by the firewall.
Table 1-10. Ports That Must Allow Incoming Packets From vCloud Director Hosts
Port Protocol Comments
111 TCP, UDP NFS portmapper used by transfer service
920 TCP, UDP NFS rpc.statd used by transfer service
61611 TCP ActiveMQ
61616 TCP ActiveMQ
Do not connect the ports used for outgoing connections to the public network.
Table 1-11. Ports That Must Allow Outgoing Packets From vCloud Director Hosts
Port Protocol Comments
25 TCP, UDP SMTP
53 TCP, UDP DNS
111 TCP, UDP NFS portmapper used by transfer service
123 TCP, UDP NTP
389 TCP, UDP LDAP
443 TCP vCenter and ESX connections
514 UDP Optional. Enables syslog use
902 TCP vCenter and ESX connections
903 TCP vCenter and ESX connections
920 TCP, UDP NFS rpc.statd used by transfer service
1433 TCP Default Microsoft SQL Server database port
1521 TCP Default Oracle database port
5672 TCP, UDP Optional. AMQP messages for task extensions
61611 TCP ActiveMQ
61616 TCP ActiveMQ
n
Do not connect physical host computers to physical networks that are uplinks for the vNetwork distributed
switches that back vCloud Director network pools.
n
Route traffic between vCloud Director servers and the vCloud Director database server over a dedicated
private network if possible.
n
Virtual switches and distributed virtual switches that support provider networks must be isolated from
each other. They cannot share the same level 2 physical network segment.
vCloud Director Installation and Configuration Guide
14 VMware, Inc.