Veeam agent linux ports

Содержание

Used Ports
Used Ports
Editing Connection to Veeam Backup Server
Used Ports

Used Ports

The following tables describe network ports that must be opened to ensure proper communication of components in the Veeam Agent management infrastructure.

Veeam Backup & Replication Connections

For information about network ports that must be opened to ensure proper communication of the backup server with backup infrastructure components, see the Used Ports section in the Veeam Backup & Replication User Guide.

For information about ports that must be opened to ensure communication of the backup server with Veeam Cloud Connect infrastructure components, see the Used Ports section in the Veeam Cloud Connect Guide.

In addition to general port requirements applicable to a Veeam backup server, the backup server used in the Veeam Agent management scenario must have the following ports opened:

Veeam Backup Server

Veeam Agent Computer

Default port used for communication with the Veeam Agent for Microsoft Windows Service.

If port 6184 is already in use, Veeam Agent for Microsoft Windows Service will try to use the next port number.

135 1 ,
137 to 139 2 ,
445,
6160,
11731

Default ports used for communication with the Veeam Installer Service.

[For Microsoft SQL logs shipping] Ports used to collect Microsoft SQL logs from the Veeam Agent computer.

6167,
2500 to 3300

[For Microsoft SQL logs shipping] Ports used to collect Microsoft SQL logs from the Veeam Agent computer operating as part of a failover cluster with SQL Server AlwaysOn Availability Groups.

[For storage snapshots support] Port used for communication with the hardware VSS provider. For more information, see Storage Snapshots Support .

Veeam Agent Computer

Default port used as a control channel from the Veeam Backup Server to the Veeam Agent computer.

135 1 ,
137 to 139 2 ,
445,
6160,
11731

Ports on a Microsoft Windows server used for deploying the Distribution Server component.

Dynamic RPC port range. For more information, see this Microsoft KB article .

Default port used for communication with the Veeam Distribution Service.

[For storage snapshots support] Port used for communication with the hardware VSS provider. For more information, see Storage Snapshots Support .

Veeam Agent Computer

Dynamic RPC port range. For more information, see this Microsoft KB article .

The port range is required for communication with the Veeam Installer Service.

Ports on the Veeam Agent computer used for deploying Veeam Agent .

Veeam Agent Computer

Default port used to establish an SSH connection for the purpose of Veeam Agent packages transmission and deployment control.

Veeam Agent Computer Connections

Veeam Agent Computer

Veeam Backup Server

Default port used by Veeam Agent for Microsoft Windows operating in the managed mode for communication with the Veeam Backup server.

Data between the Veeam Agent computer and backup repositories is transferred directly, bypassing Veeam backup servers.

Veeam Agent Computer

Ports used locally on the Veeam Agent computer for communication between Veeam Agent components and Veeam Agent for Microsoft Windows Service.

If the default port number is already in use, V Veeam Agent for Microsoft Windows Service will try to use the next port number.

Veeam Agent Computer

(Linux, Unix, macOS)

Veeam Backup Server

Default port used for communication with the Veeam Backup server.

Data between the Veeam Agent computer and backup repositories is transferred directly, bypassing Veeam backup servers.

Veeam Agent Computer

Default range of ports used for communication between Veeam Agent for Linux components during data transmission. For every TCP connection that a backup job uses, one port from this range is assigned.

Communication with Veeam Backup & Replication Repositories

Veeam Agent Computer

Linux server performing the role of a backup repository

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Microsoft Windows server performing the role of a backup repository

49152 to 65535
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see this Microsoft KB article .

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Shared folder CIFS (SMB) share

137 to 139 2 ,
445

Ports used as a transmission channel from the Veeam Agent computer to the target CIFS (SMB) share.

Gateway Microsoft Windows server

137 to 139 2 ,
445

If a CIFS (SMB) share is used as a backup repository and a Microsoft Windows server is selected as a gateway server for this CIFS share, these ports must be opened on the gateway Microsoft Windows server.

Dynamic RPC port range. For more information, see this Microsoft KB article .

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

1 Port 135 is used for WMI queries. WMI queries are mandatory to back up failover clusters and optional to provide faster deployment.
2 Ports 137 to 139 are used by backup infrastructure components to communicate using NetBIOS.

Источник

Used Ports

Make sure that you open ports listed below to enable proper work of Veeam Agent for Linux .

Veeam Agent computer

Veeam backup server

Default port used for communication with the Veeam backup server.

Data between the Veeam Agent for Linux computer and backup repositories is transferred directly, bypassing Veeam backup servers.

Shared folder SMB (CIFS) share

135, 137 to 139, 445

Ports used as a data transmission channel from the Veeam Agent for Linux computer to the target SMB (CIFS) share.

Shared folder NFS share

Standard NFS ports used as a data transmission channel from the Veeam Agent for Linux computer to the target NFS share.

Veeam Agent computer

Default range of ports used for communication between Veeam Agent for Linux components during data transmission. For every TCP connection that a backup job uses, one port from this range is assigned.

Communication with Veeam Backup & Replication Repositories

Veeam Agent computer

Linux server performing the role of a backup repository

Default range of ports used as data transmission channels. For every TCP connection that a backup job uses, one port from this range is assigned.

Microsoft Windows server performing the role of a backup repository

49152 to 65535
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see this Microsoft article .

Default range of ports used as data transmission channels. For every TCP connection that a backup job uses, one port from this range is assigned.

Communication with Veeam Cloud Connect Repositories

Veeam Agent computer

Port on the cloud gateway used to transport Veeam Agent data to the Veeam Cloud Connect repository.

Certificate Revocation Lists

80 or 443 (most popular)

Veeam Agent computer needs access to CRLs (Certificate Revocation Lists) of the CA (Certification Authority) who issued a certificate to the Veeam Cloud Connect service provider.

Generally, information about CRL locations can be found on the CA website.

IMPORTANT

The list of ports required for computers booted from the Veeam Recovery Media is the same as the list of ports required for Veeam Agent computers.

Источник

Editing Connection to Veeam Backup Server

You can edit the following parameters for a connection to a Veeam backup server:

To change a name for the Veeam backup server, use the following command:

veeamconfig vbrserver edit —name

— desired name for the backup server.

$ veeamconfig vbrserver edit —name vbr01

To change the IP address and port used to connect to the Veeam backup server , use the following command:

veeamconfig vbrserver edit —address —port

— DNS name or IP address of the Veeam backup server.

IMPORTANT

If you specify a DNS name of the Veeam backup server, make sure that the Veeam backup server name is resolved into IPv4 address on the machine where Veeam Agent is installed. The Veeam Backup Service in Veeam Backup & Replication listens on IPv4 addresses only. If the Veeam backup server name is resolved into IPv6 address, Veeam Agent will fail to connect to the Veeam backup server.

— port over which Veeam Agent for Linux must communicate with Veeam Backup & Replication .

$ veeamconfig vbrserver edit —address 172.17.53.1 —port 10006

NOTE

If you change an account to connect to the Veeam backup server and then start a backup job targeted at the backup repository managed by this backup server, Veeam Agent will start a new backup chain on the backup repository.

To change an account whose credentials will be used to connect to the Veeam backup server, use the following command:

veeamconfig vbrserver edit —login —domain —password

— name of the account that has access to the Veeam backup repository.
— name of the domain in which the account that has access to the Veeam backup repository is registered.

— password of the account that has access to the Veeam backup repository.

$ veeamconfig vbrserver edit —login veeam —domain tech —password P@ssw0rd2

Changing Several Backup Server Parameters

You can change several parameters for the connection to the Veeam backup server simultaneously. For example, the following command changes the name and connection settings for the Veeam backup server:

$ veeamconfig vbrserver edit —name vbr02 —address 172.17.53.2 —port 10006

Источник

Used Ports

The following table describes network ports that must be opened to ensure proper communication of the Veeam Cloud Connect infrastructure components.

To learn what ports are required for other Veeam Backup & Replication components in the Veeam Cloud Connect infrastructure, see the Used Ports section in the Veeam Backup & Replication User Guide.

SP backup server

Port on the SP backup server used to listen to cloud commands from the tenant side. Tenant cloud commands are passed to the Veeam Cloud Connect Service through the cloud gateway.

Port on the SP backup server used by SP-side network redirector(s) to connect to the Remote Access Console and establish a Remote Desktop Connection to tenant.

Port range used during transfer of the Veeam Service Provider Console agent from the SP backup server to the tenant backup server.

SP backup repository

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Note: This range of ports applies to newly installed Veeam Backup & Replication starting from version 10.0, without upgrade from previous versions. If you have upgraded from an earlier version of the product, the range of ports from 2500 to 5000 applies to the already added components.

SP backup proxy

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

For replication of Microsoft Hyper-V VMs, the SP backup proxy resides on the target Hyper-V host.

For replication of VMware vSphere VMs, the role of the backup proxy can be assigned to the backup server or another machine in the Veeam backup infrastructure.

Provider-side network extension appliance

Port used to establish secure VPN connection for network extension during partial site failover.

If a tenant has several IP networks, additional odd ports should be opened starting from 1195 — one port per tenant’s IP network.

For example, a tenant Tenant1 replicates VMs that are connected to 3 IP networks. In the Veeam Cloud Connect infrastructure, the SP deployed a network extension appliance for Tenant1 . In this case, the SP needs to open between the network extension appliance and the cloud gateway the following ports: 1195, 1197, 1199 .

Default port used for data transfer between WAN accelerators.

Veeam Service Provider Console server

Port on the Veeam Service Provider Console server used to communicate with the tenant backup server.

Communication between tenant backup servers and Veeam Service Provider Console server goes through cloud gateways.

SP backup server

Default port used by the Veeam Installer Service for deployment of the Veeam Cloud Gateway Service and during failover operations.

Port on the cloud gateway used to listen for cloud commands from the Veeam Cloud Connect Service. The service cloud commands from the Veeam Cloud Connect Service are sent to set up, delete and check the status of data transport channels between tenants and the cloud repository.

Provider-side network extension appliance

Port used for communication with the network extension appliance.

SP backup server needs access to the SP network extension appliance over ICMP.

Port used for LDAP connections to Active Directory domain controller(s) for Active Directory tenants authentication.

Ports used for LDAPS connections to Active Directory domain controller(s) for Active Directory tenants authentication.

Controlling port for RPC calls.

SP backup repository
(or gateway server)

Port used for connections during the following operations:

Creating a replica from a cloud backup
Replica seeding from a cloud backup

SP Veeam Backup & Replication console

SP backup server

Port used by the Veeam Backup & Replication console to connect to the backup server when managing the Veeam Cloud Connect infrastructure.

Tenant backup server

Port on the cloud gateway used to transport VM data from the tenant side to the SP side (UDP is used only during partial failover of a cloud replica).

Tenant-side network extension appliance

Port used for communication with the network extension appliance.

Certificate Revocation Lists

80 or 443 (most popular)

Tenant backup server needs access to CRLs (Certificate Revocation Lists) of the CA (Certification Authority) who issued a certificate to the SP.

Generally, information about CRL locations can be found on the CA website.

Endpoint used by the Automatic Root Certificates Update component

Port used by the Automatic Root Certificates Update component for communication with the Windows Update endpoint.

Applicable to Microsoft Windows 10 and later, Microsoft Windows Server 2016 and later.

Veeam Update Notification Server (dev.veeam.com)

Default port used to download information about available updates from the Veeam Update Notification Server over the internet.

Veeam License Update Server (autolk.veeam.com)

Default port used for license auto-update.

Port used for communication with the Veeam Backup Service (locally on the backup server).

Provider-side network extension appliance

Port used to establish secure VPN connection for network extension during partial site failover.

If a tenant has several IP networks, additional odd ports should be opened starting from 1195 — one port per tenant’s IP network.

Tenant-side network extension appliance

Port used to carry tenant VM traffic from the tenant network extension appliance to the SP network extension appliance through the cloud gateway.

Tenant backup proxy (VMware vSphere) or Hyper-V server / off-host backup proxy (Microsoft Hyper-V)

Port used for VM data transport to the cloud repository by backup jobs.

Tenant backup repository (Microsoft Windows server / Linux server / gateway server for CIFS share)

Port used for VM data transport to the cloud repository by backup copy jobs.

Remote Access Console
(SP LAN)

SP backup server

Port used for communication with the Veeam Cloud Connect Service and SP-side network redirector(s).

Port used for communication with the Veeam Backup Service.

Remote Access Console
(Internet)

Default port used for communication with the SP Veeam Cloud Connect Service and SP-side network redirector(s).

Certificate Revocation Lists

80 or 443 (most popular)

Remote Access Console needs access to CRLs (Certificate Revocation Lists) of the CA (Certification Authority) who issued a certificate to the SP.

Generally, information about CRL locations can be found on the CA website.

Tenant desktop computer or portable device

Veeam Cloud Connect Portal

Port used for accessing Veeam Cloud Connect Portal by tenants.

Veeam Cloud Connect Portal is installed on the SP Veeam Backup Enterprise Manager server as an optional component. It should be published on the internet by the SP administrator.

Источник