Considering security and firewalls
Based on the security information you obtained earlier, you must plan design solutions so that the applications can function properly in the network’s
security environment:
- Configure security policies (rules) to enable a one-way connection from the FLEXnet license server and the Broker to the various applications.For communication between s across firewalls, plan on opening a hole in the firewall for theVMware Smart Assurancecommunications. Certain UDP and TCP ports must be opened for proper communications:
- : Port 426
- License Manager: Port 1744
- : one port each, which can be configured
- Adapters, includingSNMP Trap Adapterand Syslog Adapter. The provides details.
- Consider proxy servers when communicating withVMware Smart Assuranceapplications that reside behind firewalls. Using a proxy server reduces the number of firewall ports that need to be opened to one firewall port.“Configuring the Java clients to use a proxy server” on page 86provides additional information on the procedure to configure the Java clients to use a proxy server.
- If access lists are used, plan on deploying the IP addresses of hosts that include s to the access list of devices that will be managed.VMware Smart Assuranceapplications must have full access to browse the MIBs of the devices. The lists the specific MIBs. Depending on the network size and complexity, this may require scheduling to obtain support from the organization’s network personnel.
- You must have a listing of SNMP versions and related security parameter values that are used by specific devices in the organization’s network. Due to security concerns, it may not be appropriate to include them in the deployment build guide.