Enterprise Workloads Editions: β Business | β Enterprise | β Elite
Firewall rules for data protection of Enterprise Workloads
If a firewall is configured in your environment, ensure that the following patterns are allowed for seamless backups and restores.
*.druva.com
*s3.amazonaws.com/*
s3-*.amazonaws.com
s3*.*.amazonaws.com
Click to determine your deployment region
Click to determine your deployment region
To determine your deployment region, perform the following steps:
URLs for the US deployment region
login.druva.com
globalapis.druva.com
phoenix.druva.com
downloads.druva.com
deviceapigw-phoenix.druva.com
backup-phoenix.druva.com
pub-devicemgmt-devicenotifier-dcp.druva.com
devicemgmt-reverseproxy-dcp.druva.com
π Note
You must configure the firewall rules to allow both the FQDN and Alias URLs.
Purpose | FQDN | Alias |
Log download |
|
|
Proxy upgrade |
|
|
URLs for the APAC deployment region
login.druva.com
globalapis.druva.com
phoenix.druva.com
downloads.druva.com
deviceapigw-ap1-phoenix.druva.com
backup-ap1-phoenix.druva.com
pub-devicemgmt-devicenotifier-ap1-dcp.druva.com
devicemgmt-reverseproxy-ap1-dcp.druva.com
π Note
You must configure the firewall rules to allow both the FQDN and Alias URLs.
Purpose | FQDN | Alias |
Log download |
|
|
Proxy upgrade |
|
|
Common storage URLs for backup proxy 7.0.0 and later
For backup proxy with version 7.0.0 or later, if you have configured firewall rules in your environment, allow the following S3 URLs to access storage during backup and restore:
π Note
You must configure the firewall rules to allow both the FQDN and Alias URLs.
Storage Region | S3 FQDN | S3 Alias |
Hong Kong (ap-east-1) |
|
|
Mumbai (ap-south-1) |
|
|
Singapore (ap-southeast-1) |
|
|
Sydney (ap-southeast-2) |
|
|
Tokyo (ap-northeast-1) |
|
|
Northern Virginia (us-east-1) |
|
|
Northern California (us-west-1) |
|
|
Oregon (us-west-2) |
|
|
Montreal (ca-central-1) |
|
|
Frankfurt (eu-central-1) |
|
|
Ireland (eu-west-1) |
|
|
London (eu-west-2) |
|
|
Paris (eu-west-3) |
|
|
Stockholm (eu-north-1) |
|
|
SΓ£o Paulo (sa-east-1) |
|
|
UAE (me-central-1) |
|
|
Ports and communication protocols
The following table describes the port and communication protocols used for communication between Druva and various VMware components. For more information, see Ports and communication protocols for VMware virtual machines.
π Note
βCommunication happens from a backup proxy to other parties on various ports. Here, the backup proxy is the communication initiator, which is unidirectional. These ports are used for outgoing (unidirectional) communication, not incoming communication. However, data in the form of a response can flow in the opposite direction. Standard system ports such as 22 (SSH) and 2049 (NFS-SERVER) are used for incoming requests.
Port | Communication Protocol | Description |
443 | HTTPS+SSL | Druva uses Port 443 to establish a secure connection and communication between the following:
π Note |
902 | TCP/UDP | Druva uses port 902 to establish a connection between the backup proxy and ESXi host registered with Druva through vCenter Server.
By default, VMware uses the port 902 for the |
3542 | HTTPS+SSL | For application-aware backups, the backup proxy uses VMware Tools to inject two executables and a few supporting files such as certificates into the guest OS of the virtual machine. When the executables run, they start guest OS processes called |
3545 | HTTPS+SSL | For application-aware backups, the SQL executable service |
3389/22 | TCP/UDP | During the backup cycle, the backup proxy sends network packets to Windows virtual machines (where VMware tools are installed) on port 3389 to identify if the RDP port is open or not. For Linux virtual machines, the port is 22, which is used for SSH.
This is used for Disaster Recovery or DR restores. |
123 | UDP | Backup proxy accesses NTP server on Port 123 (UDP) for time synchronization. |
443 | HTTPS+TLS | Druva uses TLS 1.2 or a secure connection that happens between the following:
|