Which ports are used by HCP?

Document created by Steven Looby on Jun 21, 2017Last modified by Michael Ratner on Sep 14, 2017
Version 5Show Document
  • View in full screen mode

Port

Type

Direction

Scope

Function/Notes

What primarily uses this port

7

UDP

Inbound

System

Internet Control Message Protocol ECHO (ping)

Normally open. The ability to respond to  ping can be disabled in System Management Console

Any network Client to HCP

22

TCP

Inbound

System

Secure Shell version 2 (SSH2)

Can be disabled in System Management Console. Can be limited to specific source IP  addresses. Password auth disabled. Keys are required.

Any network Client to HCP

25

TCP

Both

Namespace

Simple Mail Transfer Protocol (SMTP)

Open when SMTP service is enabled. Can be limited to specific source IP addresses. Email alerting (configurable port).

Mail Servers to HCP

HCP to Mail Servers

53

TCP/UDP

Both

System

Domain Name Service (DNS)

Always open. Every HCP system is a domain.

DNS Servers to HCP

HCP to DNS Servers

80

TCP

Inbound

Per Tenant

Hypertext Transfer Protocol (HTTP) for data access

Redirected to port 8080.

Application servers to HCP

88

TCP/UDP

Inbound

Namespace

Kerberos (CIFS)

Open when CIFS is enabled and Active Directory authentication is requested.

Authentication servers to HCP

111

TCP/UDP

Inbound

Namespace

Portmapper (RPC for NFS)

Open when NFS service is enabled.

Application servers to HCP

123

TCP/UDP

Both

System

Network Time Protocol (NTP)

NTP server to HCP

HCP server to NTP

137

TCP/UDP

Inbound

Namespace

NETBIOS name service (CIFS)

Open when CIFS is enabled. Can be limited to specific source IP addresses.

Application Servers to HCP

138

TCP/UDP

Inbound

Namespace

NETBIOS datagram service (CIFS)

Open when CIFS is enabled. Can be limited to specific source IP addresses.

Application Servers to HCP

139

TCP/UDP

Inbound

Namespace

NETBIOS session service (CIFS)

Open when CIFS is enabled. Can be limited to specific source IP addresses.

Application Servers to HCP

161

UDP

Inbound

System

Simple Network Management Protocol (SNMP) data

Open when SNMP is enabled and allow write/updates of HCP settings through SNMP has been selected. Can be limited to specific source IP addresses.

Any network client to HCP

162

UDP

Outbound

System

Simple Network Management Protocol (SNMP) traps

Open when SNMP is enabled.

HCP to SNMP Manager

443

TCP

Inbound

Per Tenant

Hypertext Transfer Protocol (HTTPS) over Secure Socket Layer (SSL) for data access

Redirected to port 8483.

Application servers to HCP

445

TCP/UDP

Inbound

Namespace

Common Internet File System (CIFS)

Open when CIFS is enabled. Can be limited to specific source IP addresses.

Application servers to HCP

514

UDP

Outbound

System

System Log (syslog)

Open if remote system logging is enabled. Logs to specific IP addresses.

HCP to Syslog server

2001

TCP

Outbound

System

Hitachi Device Manager (HDvM)

Open if Enable scheduled updates to HDvM is selected at the System Management Console.

HCP to Hitachi Device
Manager Server

2049

TCP/UDP

Inbound

Namespace

Network File System Protocol (NFS)

Open when NFS is enabled. Can be limited to specific source IP addresses.

Application Servers to HCP

2050

TCP/UDP

Inbound

Namespace

Mount Daemon (NFS)

Open when NFS is enabled. Can be limited to specific source IP addresses.

Application Servers to HCP

2051

TCP/UDP

Inbound

Namespace

Lock Daemon (NFS)

Open when NFS is enabled. Can be limited to specific IP source addresses.

Application Servers to HCP

2052

TCP/UDP

Inbound

Namespace

Stat Daemon (NFS)

Open when NFS is enabled. Can be limited to specific IP addresses.

Application Servers to HCP

5747

TCP

Inbound

System

HCP Replication

Open for replication target systems upgraded from prior releases of HCP that have peers using insecure replication. Accepts only replication request notifications until a replication request is accepted in the System Management Console. Accepts replication data thereafter.

HCP to HCP

5748

TCP

Inbound

Any Tenant

Secure HCP Replication (using SSL)

Open for replication target  systems. Certificate from replication source required. Accepts only replication request notifications until a replication request is accepted in the System Management Console. Accepts encrypted and/or signed replication data thereafter.

HCP to HCP

8000

TCP

Inbound

System

Any Tenant

HCP administration (HTTPS)

System Management Console. Tenant Management Consoles. Console access can be limited to specific source IP addresses. The System Management Console and each Tenant Management Console have independent allow/deny lists.

Any network client to HCP

8080

TCP

Inbound

Namespace

Hypertext Transfer Protocol (HTTP)

HTTP/HTTPS are optional when  using the default namespace, but one is required when using any authenticated namespace. hcp-ns-auth cookie required to authenticate in authenticated namespaces. Can be limited to specific source IP addresses.

Application servers to HCP

8483

TCP

Inbound

Namespace

Hypertext Transfer Protocol (HTTPS) over Secure Socket Layer (SSL)

HTTP/HTTPS are optional when using the default namespace, but one is required when using any authenticated namespace.  hcp-ns-auth cookie required to authenticate in authenticated namespaces. Can be limited  to specific source IP addresses.

Application servers to HCP

8888

TCP

Inbound

System

HCP web search interface  (HTTPS)

Open if Search is enabled.

Any network client to HCP

9090

TCP

Inbound

System

HCP Management API interface (HTTPS)

Open if MAPI is enabled for the system. hcp-api-auth cookie required to authenticate for both system admin and tenant admin level.

Application servers to HCP

10000

TCP

Inbound

Namespace

Network Data Management Protocol (NDMP)

Open if NDMP is enabled. Can be limited to specific source IP addresses.

Backup servers to HCP

Configurable

TCP

Outbound

System

RADIUS (user authentication)

HCP to Authentication Server

Dynamic

TCP

Outbound

Namespace

Active Directory (AD) authentication

HCP to Authentication Server

Attachments

    Outcomes