Table 11 Network connections that may be initiated by the storage system (continued)
Service Protocol Port Description
NFS TCP/UDP 4000 Used to provide NFS statd services. statd is the NFS file-
locking status monitor and works in conjunction with lockd to
provide crash and recovery functions for NFS.
NFS TCP/UDP 4001 Used to provide NFS lockd services.lockd is the NFS file-
locking daemon. It processes lock requests from NFS clients
and works in conjunction with the statd daemon.
NFS TCP/UDP 4002 Used to provide NFS rquotad services. The rquotad daemon
provides quota information to NFS clients that have mounted
a file system.
VSI TCP 5080 This port provides for VSI plugin. If closed, VSI plugin will not
be available.
HTTPS TCP 8443 HTTPS traffic for secure remote support when ESRS is
enabled and Integrated ESRS is configured on the storage
system. If closed, there will be a significant decrease in
remote support performance, which will directly impact the
time to resolve issues on the Unity storage system.
REST TCP 9443 Used to send service notifications to an ESRS gateway server
when ESRS is enabled and Centralized ESRS is configured on
the storage system.
IWD Internal 60260 IWD initial configuration daemon. If closed, initialization of the
array will be unavailable through the network.
a.
The LDAP and LDAPS port numbers can be overridden from inside Unisphere when configuring Directory Services. The default
port number is displayed in an entry box that can be overridden by the user. Also, the Remote Syslog port number can be
overridden from inside Unisphere.
Storage system certificate
The storage system automatically generates a self-signed certificate during its first
initialization. The certificate is preserved both in NVRAM and on the backend LUN.
Later, the storage system presents it to a client when the client attempts to connect
to the storage system through the management port.
The certificate is set to expire after 3 years; however, the storage system will
regenerate the certificate one month before its expiration date. Also, you can upload a
new certificate by using the svc_custom_cert service command. This command
installs a specified SSL certificate in PEM format for use with the Unisphere
management interface. For more information about this service command, see the
Service Commands Technical Notes
document. You cannot view the certificate through
Unisphere or the Unisphere CLI; however, you can view the certificate through a
browser client or a web tool that tries to connect to the management port.
Communication Security
Storage system certificate 41
To Next Page
Loading...
Need help?
General
