Tuesday, June 23, 2009

Which ports should be opened on Virtuozzo hardware node and Service VE?

Resolution

Parallels Virtuozzo Containers 4.0

Hardware node:
  • 4433 - TCP VZAgent non-crypted XML connections to VZAgent
  • 4434 - TCP VZAgent SSL (crypted) XML connections to VZAgent
  • 4435 - TCP VZAgent binary data transfer connections to VZAgent
  • 4646 - TCP VZAgent SOAP
  • 4643 - Parallels Infrastructure Manager
  • 80 - HTTP redirect for Parallels Infrastructure Manager
  • 443 - Parallels Infrastructure manager
  • 22* - SSH. Used in case when Service CT is created in compat mode
  • 8443, 8080 - Plesk integration
  • 3389 - Remote Desktop
If you would like to close required ports on the node you can use the following script (to apply it please create .cmd file and just copy script commands there):

netsh firewall set opmode enable
netsh firewall set portopening protocol=TCP port=3389
netsh firewall set portopening protocol=TCP port=22 name="SSH/VZAagent"
netsh firewall set portopening protocol=TCP port=4643 name="VZCP"
netsh firewall set portopening protocol=TCP port=4646 name="SOAP"
netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP1"
netsh firewall set portopening protocol=TCP port=8080 name="Plesk-VZPP2"
netsh firewall set portopening protocol=TCP port=443 name="HTTPS redirect for Parallels Infrastructure Manager"
netsh firewall set portopening protocol=TCP port=80 name="HTTP redirect for Parallels Infrastructure Manager"
netsh firewall set portopening protocol=TCP port=4433 name="TCP VZAgent non-crypted XML connections to VZAgent"
netsh firewall set portopening protocol=TCP port=4434 name="TCP VZAgent SSL (crypted) XML connections to VZAgent"
netsh firewall set portopening protocol=TCP port=4435 name="TCP VZAgent binary data transfer connections to VZAgent"
pause

Service Container

  • 22* - SSH. Used in case when Service CT is created in compat mode
  • 8443, 8080 - Plesk integration
  • 4646 - TCP VZAgent SOAP
  • 4643 - Parallels Infrastructure Manager
  • 4450,4452 - used for connection to ADAM and PIM authorization
  • 1433 - Used by PMC, to retrive statistics from MSSQL database inside SCT
If you would like to close required ports inside service container directly from the node you can use the following script (to apply it please create .cmd file and just copy script commands there):

vzctl exec 1 netsh firewall set opmode enable
vzctl exec 1 netsh firewall set portopening protocol=TCP port=22 name="SSH/VZAagent"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4643 name="Parallels Infrastructure Manager"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4646 name="SOAP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4450 name="ADAM and PIM authorization 4450"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4452 name="ADAM and PIM authorization 4452"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=1433 name="for PMC, to retrive statistics from MSSQL database"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP 8443"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=8080 name="Plesk-VZPP 8080"
pause 10


Virtuozzo 3.5.1

The following ports should be opened on hardware node and service VE:

- 22: this port should be opened inside the Service VE and is needed to be able to establish an SSH connection to the Service VE from the computer where VZMC is installed;

- 4643: this port should be opened inside the Service VE and is needed to be able to connect to the Service VE and other VEs on the Node thru VZCC/VZPP.

- 4646 - SOAP

- 3141: this port should be opened on the Hardware Node and is needed to be able to view the information on the current HN resources consumption on the Monitor Node or thru a standard Web browser.

- 3389: this port should be opened on the Hardware Node and is needed to connect to your Virtual Environments(for 3.5.1 version) by means of the standard Windows Remote Desktop Connection (RDP) application.

Note: Starting from Virtuozzo 3.5.1 Service Pack 1 , 3389 port should be opened inside each VE because each VE has its own Terminal Server inside.

- 8049: this port should be opened on the Hardware Node and is needed to check the information on the current state of the Hardware Node thru a standard Web browser.

- 139 and 445 for name pipes, as VZAgent communicates with VZAOP service on the node via it.

- 8443 port should be opened inside Service VE. It’s required for Plesk/VZPP integration.

If you would like to close required ports inside service VE directly from the node you can use the following script (to apply it please create .cmd file and just copy script commands there):

vzctl exec 1 netsh firewall set opmode enable
vzctl exec 1 netsh firewall set portopening protocol=TCP port=3389
vzctl exec 1 netsh firewall set portopening protocol=TCP port=22 name="SSH/VZAagent"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4643 name="VZCP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=4646 name="SOAP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP"
vzctl exec 1 netsh firewall set portopening protocol=TCP port=139 scope=all profile=all
vzctl exec 1 netsh firewall set portopening protocol=TCP port=445 scope=all profile=all
pause 10
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)