Minimum Required Connections
The following table lists the minimum ports that must be open for NetBackup to operate with a firewall in place.
If a computer is performing more than one responsibility (for example, a master server is also performing media server operations), that computer can be classified as a media server and a master server. Therefore, when looking at the tables, examine all the tables for all the operations that will be performed by that computer.
Between a media server and a client:
| Media Server
|
| Client
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Between a master server and a client (user backup or restore):
| Master Server
|
| Client
|
Outbound >
|
vopied >
|
Inbound (if authentication)
|
Outbound >
|
bpcd >
|
Inbound (if progress logging or DHCP)
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Inbound
|
< bprd
|
< Outbound
|
Between a master server and a client (multi-streamed scheduled backup):
| Master Server
|
| Client
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Between a master server and a media server:
| Master Server
|
| Media Server
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Outbound >
|
vnetd >
|
Inbound
|
Inbound
|
< bpjobd
|
< Outbound
|
Inbound
|
< bpdbm
|
< Outbound
|
Inbound
|
< bprd
|
< Outbound
|
Between a media server and a media server:
| Media Server
|
| Media Server
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Outbound >
|
vnetd >
|
Inbound
|
Outbound
|
robotic deamons >
|
Inbound
|
Between a media server and the volume database host:
| Media Server
|
| Volume Database Host
|
Outbound >
|
vnetd >
|
Inbound
|
Outbound
|
vmd >
|
Inbound
|
Between a media server and the global device database host:
| Media Server
|
| Global Device Database Host
|
Outbound >
|
vnetd >
|
Inbound
|
Outbound
|
vmd >
|
Inbound
|
Between a media server and the SSO device allocation host:
| Media Server
|
| SSO Scan Host
|
Outbound >
|
vnetd >
|
Inbound
|
Outbound
|
vmd >
|
Inbound
|
Note
The SSO device allocation host is the host that is serving as the volume database host for the robot with shared drives.
Between a media server and the SSO scan host:
| Media Server
|
| SSO Scan Host
|
Outbound >
|
vnetd >
|
Inbound
|
Outbound
|
vmd >
|
Inbound
|
Between a media server and an NDMP server:
| Media Server
|
| NDMP Server
|
Outbound >
|
ndmp >
|
Inbound
|
Between a NDMP tape/data server and an NDMP tape/data server:
| NDMP Tape/Data Server
|
| NDMP Tape/Data Server
|
Outbound >
|
ndmp >
|
Inbound
|
Note
In the preceding tables, an NDMP server refers to either a physical NDMP host or the Remote NDMP functionality. The Remote NDMP functionality resides on a NetBackup media server but it is not being considered as being part of the NetBackup media server.
Between a Windows System Admininistration Console and a client:
| Windows Console
|
| Client
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Inbound
|
< vopied
|
< Outbound
|
Between a Windows System Admininistration Console and a media server:
| Windows Console
|
| Media Server
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Outbound >
|
vnetd >
|
Inbound
|
Inbound
|
< vopied
|
< Outbound (if authentication/authorization)
|
Outbound >
|
vmd >
|
Inbound
|
Outbound >
|
Robotic daemons>
|
Inbound
|
Between a Windows System Admininistration Console and a master server:
| Windows Console
|
| Master Server
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Outbound >
|
vnetd >
|
Inbound
|
Inbound
|
< vopied
|
< Outbound (if authentication/authorization)
|
Outbound >
|
bprd >
|
Inbound
|
Outbound >
|
bpdbm >
|
Inbound
|
Outbound >
|
bpjobd >
|
Inbound
|
Between the NetBackup-Java Console and a NetBackup-Java application server:
| Java Console
|
| Java Server
|
Outbound >
|
bpjava-msvcd >
|
Inbound
|
Outbound >
|
vnetd >
|
Inbound
|
Outbound >
|
bpjobd >
|
Inbound
|
Between the NetBackup-Java Console Activity Monitor and a master server:
| Java Console Activity Monitor
|
| Master Server
|
Outbound >
|
vnetd >
|
Inbound
|
Outbound >
|
bpjobd >
|
Inbound
|
Between a NetBackup-Java application server and a client:
NetBackup-Java
Application Server
|
| Client
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Inbound
|
< vopied
|
< Outbound (If authorization/authentication)
|
Between a NetBackup-Java application server and a media server:
NetBackup-Java
Application Server
|
| Media Server
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Outbound >
|
vnetd >
|
Inbound
|
Inbound
|
< vopied
|
< Outbound (If authorization/authentication)
|
Outbound >
|
vmd >
|
Inbound
|
Outbound >
|
Robotic daemons >
|
Inbound
|
Between a NetBackup-Java application server and a master server:
NetBackup-Java
Application Server
|
| Master Server
|
Outbound >
|
bpcd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Outbound >
|
vnetd >
|
Inbound
|
Inbound
|
< vopied
|
< Outbound (If authorization/authentication)
|
Outbound >
|
bprd >
|
Inbound
|
Outbound >
|
bpdbm >
|
Inbound
|
Outbound >
|
bpjobd >
|
Inbound
|
Between a GDM Dashboard and a GDM server:
| GDM Dashboard
|
| GDM Server
|
Outbound >
|
visd >
|
Inbound
|
Inbound
|
< callback
|
< Outbound
|
Between a GDM server and a GDM-managed server:
| GDM Server
|
| GDM-Managed Server
|
Outbound >
|
visd >
|
Inbound
|
Inbound
|
< visd
|
< Outbound
|
Note
The range of port numbers for the source ports for GDM connections cannot be configured. The allocation of the source port numbers for GDM connections is left up to the operating system.
Between a NetBackup Advanced Reporter (NBAR) browser and a NBAR server:
| NBAR Browser
|
| NBAR Server
|
Outbound >
|
Web Server >
|
Inbound
|
Between a NBAR server and a GDM-managed server:
| NBAR Server
|
| GDM-Managed Server
|
Outbound >
|
ardbd >
|
Inbound
|
Inbound
|
< bpcd
|
< Outbound
|
Inbound
|
< bprd
|
< Outbound
|
Inbound
|
< ardbd
|
< Outbound
|
Inbound
|
< vnetd
|
< Outbound
|
Outbound >
|
vnetd >
|
Inbound
|
Note
The range of port numbers for the source ports for NBAR connections to the web server and ardbd cannot be configured. The allocation of the source port numbers for these connections is left up to the operating system.
To set up vnetd between a server and a client
-
In the NetBackup Administration Console, expand NetBackup Management > Host Properties > Master Servers > Double-click on master server > Client Attributes.
-
In the client list, select the client you wish to change.
-
Under BPCD Connect-back, select VNETD Port.
-
Click OK.
Or, add the client to the client database by running the bpclient command, located in /usr/openv/netbackup/bin/admincmd
To set up vnetd between servers
-
In the NetBackup Administration Console, expand NetBackup Management > Host Properties > Master Servers > Double-click on master server > Firewall.
-
In the host list, select the host you wish to change.
-
Under BPCD Connect-back, select VNETD Port.
-
Click OK.
To enable logging for vnetd
Create a vnetd directory in the following location, then restart vnetd:
On Windows: install_path\NetBackup\logs\vnetd
On UNIX: /usr/openv/netbackup/logs/vnetd
|
