A typical SaaS Connector connects with the Cohesity DataProtect as a Service and the Data Sources. The following diagram shows the source, destination, ports, and protocols for traffic flow between the user-deployed SaaS Connector and the Data Sources and the user-deployed SaaS Connector and Cohesity DataProtect as a Service .
More information is provided in the sections that follow the diagram.
Legend
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and Cohesity Cloud Services:
Incoming NTP requests are detected by port 123.
Chrony is the default implementation of NTP used by recent versions of CentOS and RHEL. Open port 323 if you want to use the Chronyc tool to monitor the synchronization status of Chrony and make changes if necessary.
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and VMware environment:
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
| SaaS Connector | VMware vCenter | 443 | TCP | Required for making VMware API calls for backup and recovery over HTTPS/HTTPS (TLS). |
| SaaS Connector | ESXi Host(s) | 443 | TCP | Required for VMware Tools-based file and folder recoveries. Allow communication to each ESXi host over port 443 for VMware tools-based file and folder recovery, irrespective of whether the vCenter or Standalone ESXi host is registered with the Cohesity DataProtect as a Service. |
| SaaS Connector | ESXi Host(s) | 902 | TCP | Needs to be open on each ESXi host for VADP (vSphere Storage APIs for Data Protection), a vSphere API, that enables backup and restore operations via port 902. |
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and Hyper-V environment:
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
| Cohesity Agent running on Standalone Hyper-V and SCVMM server | Guest VM (local host) running on Standalone Hyper-V and SCVMM Server | 5986 | TCP | Required for file and folder recovery operations. |
| SaaS Connector | Standalone Hyper-V and SCVMM Server | 50051 | TCP | Required for backup and recovery operations.. |
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and the VMC in the AWS environment:
Required for making VMware API calls for backup and recovery over HTTPS/HTTPS (TLS).
Needs to be configured as a Management Gateway firewall rule in the VMC UI.
Required for VMware Tools-based file and folder recoveries. Allow communication to each ESXi host over port 443 for VMware tools-based file and folder recovery, irrespective of whether the vCenter or Standalone ESXi host is registered with the Cohesity cluster.
Needs to be configured as a Management Gateway firewall rule in the VMC UI.
Required for backup and recovery operations.
Cohesity recommends selecting “Any” in the Service column when configuring this Compute Gateway firewall rule in the VMC UI.
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and the VMC in the AVS environment:
Required for making VMware API calls for backup and recovery over HTTPS/HTTPS (TLS).
Refer to the VMware cloud provider's documentation for updating the gateway firewall rules.
Required for VMware Tools-based file and folder recoveries. Allow communication to each ESXi host over port 443 for VMware tools-based file and folder recovery.
Refer to the VMware cloud provider's documentation for updating the gateway firewall rules.
Required for backup and recovery operations.
Refer to the VMware cloud provider's documentation for updating the gateway firewall rules.
Each ESXi host must have port 902 open for VADP (vSphere Storage APIs for Data Protection), a vSphere API, allowing backup and restoring operations through port 902.
Refer to the VMware cloud provider's documentation for updating the gateway firewall rules.
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and Physical Servers:
Required for Backup and Recovery operations.
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and Oracle Server:
Required for Backup and Recovery operations.
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and Microsoft SQL Server:
Required for Backup and Recovery operations.
Ensure that the following ports are open to allow communication between the Cohesity SaaS Connector(s) and NAS Server:
To establish connection with the NAS source and carry out the Backup and Recovery operations.
