2.3 Access and Communication Requirements across your Protection Network

2.3.1 Access and Communication Requirements for Workloads

The following software, network, and firewall requirements are for workloads that you intend to protect by using PlateSpin Forge.

Table 2-2 Access and Communication Requirements for Workloads

Workload Type

Prerequisites

Required Ports (Defaults)

All workloads

Ping (ICMP echo request and response) support

 

All Windows workloads

Microsoft .NET Framework version 2.0 or 3.5 SP1

 

Windows 7;

Windows Server 2008;

Windows Vista

  • Built-in Administrator or domain administrator account credentials (membership only in the local Administrators group is insufficient). On Vista, the account must be enabled (it is disabled by default).

  • The Windows Firewall configured to allow File and Printer Sharing. Use one of these options:

    • Option 1, using Windows Firewall: Use the basic Windows Firewall Control Panel item (firewall.cpl) and select File and printer Sharing in the list of exceptions.

      - OR -

    • Option 2, using Firewall with Advanced Security: Use the Windows Firewall with Advanced Security utility (wf.msc) with the following Inbound Rules enabled and set to Allow:

      • File and Printer Sharing (Echo Request - ICMPv4In)

      • File and Printer Sharing (Echo Request - ICMPv6In)

      • File and Printer Sharing (NB-Datagram-In)

      • File and Printer Sharing (NB-Name-In)

      • File and Printer Sharing (NB-Session-In)

      • File and Printer Sharing (SMB-In)

      • File and Printer Sharing (Spooler Service - RPC)

      • File and Printer Sharing (Spooler Service - RPC-EPMAP)

TCP 3725

NetBIOS 137 - 139

SMB (TCP 139, 445 and UDP 137, 138)

TCP 135/445

Windows Server 2003 (including SP1 Standard, SP2 Enterprise, and R2 SP2 Enterprise)

NOTE:After enabling the required ports, run the following command at the server prompt to enable PlateSpin remote administration:

netsh firewall set service RemoteAdmin enable

For more information about netsh, see the Microsoft TechNet article, http://technet.microsoft.com/en-us/library/cc785383%28v=ws.10%29.aspx..

  • TCP: 3725, 135, 139, 445

  • UDP: 137, 138, 139

Windows Server 2000;

Windows XP

  • Windows Management Instrumentation (WMI) installed

WMI (RPC/DCOM) can use TCP ports 135 and 445 as well as random or dynamically assigned ports above 1024. If problems occur when adding the workload, consider temporarily placing the workload in a DMZ or temporarily opening the firewalled ports while adding the workload to PlateSpin Forge.

For additional information, such as guidance in limiting the port range for DCOM and RPC, see the following Microsoft technical articles.

TCP 3725

NetBIOS 137 - 139

SMB (TCP 139, 445 and UDP 137, 138)

RPC (TCP 135)

All Linux workloads

Secure Shell (SSH) server

TCP 22, 3725

2.3.2 Protection Across Public and Private Networks Through NAT

In some cases, a source, a target, or PlateSpin Forge itself, might be located in an internal (private) network behind a network address translator (NAT) device, unable to communicate with its counterpart during protection.

PlateSpin Forge enables you to address this issue, depending on which of the following hosts is located behind the NAT device:

  • PlateSpin Server: In your server’s PlateSpin Server Configuration tool, record the additional IP addresses assigned to that host. See Configuring the Application to Function through NAT.

  • Workload: When you are attempting to add a workload, specify the public (external) IP address of that workload in the discovery parameters.

  • Failed-over VM: During failback, you can specify an alternative IP address for the failed-over workload in Failback Details (Workload to VM).

  • Failback Target: During an attempt to register a failback target, when prompted to provide the IP address of the PlateSpin Server, provide either the local address of the Protect Server host or one of its public (external) addresses recorded in the server’s PlateSpin Server Configuration tool (see PlateSpin Server above).

Configuring the Application to Function through NAT

To enable the PlateSpin Server to function across NAT-enabled environments, you must record additional IP addresses of your PlateSpin Server in the PlateSpin Server Configuration tool’s database that the server reads upon startup.

For information on the update procedure, see Configuring PlateSpin Server Behavior through XML Configuration Parameters.

2.3.3 Overriding the Default bash Shell for Executing Commands on Linux Workloads

By default, the PlateSpin Server uses the /bin/bash shell when executing commands on a Linux source workload.

If required, you can override the default shell by modifying the corresponding registry key on the PlateSpin Server.

See KB Article 7010676.