2.3 Access and Communication Requirements across your Migration Network

This section provides information about setting up user authorization and authentication, configuring your network environment, and managing your product’s default settings and behavior.

2.3.1 Requirements for Discovery

The following table lists software, network, and firewall requirements that systems in your environment must meet for the discovery and inventory process. For information about the actual discovery procedures, see Discovering Source Workloads and Migration Targets in your User Guide.

Table 2-4 Network Communication Prerequisites for Discovery Operations



All workloads

Ping (ICMP echo request and response) support

All Windows sources

  • Microsoft .NET Framework version 2.0 or 3.5 SP1

  • Credentials with local or domain admin privileges

Windows Vista

Windows 7;

Windows Server 2008;

Windows Server 2008 R2;

Windows Server 2012

  1. Built-in Administrator or a domain account credentials (mere membership in the local Administrators group is insufficient). On Vista, the account must be enabled (it is disabled by default).

  2. The Windows Firewall configured to allow File and Printer Sharing. Use one of these options:

    • Option 1, using Windows Firewall: Use the basic Windows Firewall Control Panel item (firewall.cpl) and select File and printer Sharing in the list of exceptions.

      - OR -

    • Option 2, using Firewall with Advanced Security: Use the Windows Firewall with Advanced Security utility (wf.msc) with the following Inbound Rules enabled and set to Allow:

      • File and Printer Sharing (Echo Request - ICMPv4In)

      • File and Printer Sharing (Echo Request - ICMPv6In)

      • File and Printer Sharing (NB-Datagram-In)

      • File and Printer Sharing (NB-Name-In)

      • File and Printer Sharing (NB-Session-In)

      • File and Printer Sharing (SMB-In)

      • File and Printer Sharing (Spooler Service - RPC)

      • File and Printer Sharing (Spooler Service - RPC-EPMAP)

  3. (Conditional) If the volumes are encrypted with the BitLocker disk encryption feature, they must be unlocked.

All Linux sources

Citrix Xen Server

  • Secure Shell (SSH) server

  • Open port 22 (TCP)

  • Root-level access. For information on using an account other than root, see KB Article 7920711.

  • Custom SSH ports are supported; specify the port number during discovery: <hostname | IP_address>:port_number.

VMware ESX/ESXi Servers

VMware vCenter Servers

  • VMware account with an Administrator role

  • VMware Web services API and file management API (HTTPS / port 443 TCP)

2.3.2 Requirements for Migration

The following table lists firewall requirements that systems in your environment must meet for problem-free operation during workload migration jobs.

Table 2-5 Network Communication Prerequisites for Workload Portability


Open Port (Default)


PlateSpin Server hosts

Either TCP 80 or TCP 443 TCP

  • Port 80 (TCP) is required for HTTP communication among the PlateSpin Server, sources, and targets.

  • Port 443 (TCP) is required for HTTPS communication (if SSL is used) between the PlateSpin Server and the source or target machines.

All source workloads except those in image deployment jobs.

TCP 3725

Required for targets to initiate communication during file-level data transfer, except for I2X jobs, during which this port needs to be open on the migration target only. For Server Sync jobs, this port is required for both sources and targets.

All targets

TCP 3725

Required for:File-based Server Sync / Image Sync

  • File-level Server Sync

  • Image synchronization jobs

All Windows sources and targets

NetBIOS 137 - 139

Required for NetBIOS communications.

All sources

SMB (TCP 139, 445 and UDP 137, 138)

Required for communication and file-level data transfer during offline migration.

All Linux sources

Citrix Xen Server

TCP 22

Required for communication during offline migration.

PlateSpin Server hosts;

All Windows sources

TCP 135/445

For DCOM/RPC communication between PlateSpin Server and a source for taking control of and rebooting the workload through WMI.

NOTE:WMI (RPC/DCOM) can use TCP ports 135 and 445 as well as random/dynamically assigned ports above 1024.

2.3.3 Migrations Across Public and Private Networks through NAT

In some cases, a source, a target, or PlateSpin Migrate itself, might be located in an internal (private) network behind a network address translator (NAT) device, unable to communicate with its counterpart during migration.

PlateSpin Migrate enables you to address this issue, depending on which of the following hosts is located behind the NAT device:

  • PlateSpin Server: n your server’s PlateSpin Server Configuration tool, record the additional IP addresses assigned to that host:

    1. From any Web browser, open the https://Your_PlateSpin_Server/platespinconfiguration/tool.

    2. Locate the AlternateServerAddresses server parameter, click Edit, then add additional IP addresses, delimited by a a semicolon (;), for example:;
  • Source: As part of that specific migration job, record the additional IP addresses assigned to that workload. See Specifying Network Options.

  • Target: When you are attempting to discover a target, such as VMware ESX, specify the public (or external) IP address in the discovery parameters.