Home > Data Protection > PowerProtect Data Manager > Dell PowerProtect Data Manager: Deployment Best Practices > Planning networking
The following sections outline the networking requirements for deploying PowerProtect Data Manager.
Networking requirements are as follows:
PowerProtect Data Manager is a single node in a virtual appliance that uses the Linux SLES 12 firewall to protect and limit external access to the system. PowerProtect Data Manager uses a direct socket connection to communicate and move data internally and across the network to the required service with minimal overhead.
To enable communication between the PowerProtect Data Manager system and other applications, PowerProtect Data Manager configures firewall rules for ports that are used for inbound and outbound communication. The following table shows the port requirements for PowerProtect Data Manager:
Description | Communication | Port |
SSH communications | Bi-directional communication between the SSH client and the PowerProtect Data Manager appliance | 22 TCP/UDP |
SQL, Oracle, Exchange, SAP HANA, file system | Bi-directional communication between the PowerProtect Data Manager agent and the PowerProtect Data Manager appliance Requirement applies to Application Direct and VM Direct. | 7000 TCP |
REST server | Bi-directional communication between the HTTP client and the PowerProtect Data Manager appliance | 8443 TCP |
RESTAPI server – VM Direct | Bi-directional communication between the PowerProtect Data Manager agent and the PowerProtect Data Manager appliance Requirement applies to SQL VM application aware. | 8443 TCP |
UI redirect | Inbound only |
|
LDAP | Outbound only |
|
Discovery (devices) | Outbound between the PowerProtect Data Manager appliance and the device |
|
PowerProtect Data Manager agent | Bi-directional communication between the database hosts and the PowerProtect Data Manager appliance This requirement applies to both Application Direct and VM Direct. | 7000 TCP |
Embedded VM Direct service | Outbound | 9090 TCP |
PowerProtect controller | Outbound between the PowerProtect Data Manager appliance and PowerProtect Controller on the Kubernetes cluster PowerProtect Data Manager uses this port to pull the logs from the controller pod. | 30095 TCP |
PowerProtect DD series appliance | Bi-directional port should be open between DD series appliance and External VM Direct or application hosts. |
|
vCenter
| Bi-directional between the PowerProtect Data Manager and vCenter for discovery, initiating Hot Add transport mode, restores including Instant access restore. |
|
Note: To get a detailed list, see the PowerProtect Data Manager Security Configuration Guide.
Best practices: