Discovery and security
When planning discovery, consider the following network security-related features:
- Firewall ports: If a firewall exists between any portions of the management infrastructure, certain TCP and UDP ports in the firewall must be opened for proper communications during discovery and for otherVMware Smart Assurancecommunications:
- SNMP polls: port 161
- SNMP traps: port 162
- Broker: port 426
- License Manager: port 1744
- Domain Manager: One port each, which can be configured
- VMware Smart AssuranceAdapters, including theSyslog Adapterand theSNMP Trap Adapter(Receiver). “Deploying Syslog Processing” on page 85 and “Deploy trap processing” on page 133 provide more information about theSyslog Adapterand theSNMP Trap Adapter.Document the opened ports in the deployment build guide.
- Use of access lists. If access lists are used, the IP addresses of servers that are runningVMware Smart Assuranceproducts must be added to the access list of devices that will communicate with theVMware Smart Assuranceproducts.
- Use of SNMP versions and their respective security capabilities. The version of SNMP that is used to communicate with the network devices can provide dramatically different levels of security. With SNMPv1 or v2c, the security is provided through the use of SNMP community strings. To properly configure theVMware Smart Assurance, you must know the SNMP read community strings for all SNMPv1/v2c devices that will be managed.For communications to devices using SNMPv3, the requirements are much greater. Obtain values for these configuration parameters for each SNMPv3 device:
- SNMPv3 username
- SNMP engine ID (optional)
- Authentication protocol and password
- Privacy protocol and password
- Context name, if used