On-Premises Data Center
The following ports must be configured to use JetStream DR software.
VMware vCenter Server
| HTTPS Port | If using a firewall, HTTPS port 443 must be open. |
JetStream DR Management Server Appliance (MSA)
| Network | Static or dynamically assigned (DHCP) IP addresses can be used for the MSA interface. The FQDN should be registered with DNS. |
| Ports | When JetStream DR software is installed, a range of ports will automatically be opened on the source ESXi hosts. For most users, no additional action is necessary. In cases where the on-premises/source setup has special firewall rules blocking these ports, additional administrative steps will be needed to manually open these ports. |
| Port Range: 32873-32878 |
Network Between Protected Site and Recovery Site
A JetStream DR network with the following characteristics must be established between the protected site and the recovery site:
| JetStream DR Management Server Appliance (MSA) | A management network is required for the MSA. This network is used for access to the JetStream DR RESTful APIs and making other data path calls. If a private network is available for connecting to the object store, this private network should be added to the MSA VM as a separate network. If no private network is available, make sure the management network can be used to connect to the object store. |
| Management Network: Required | |
| External Network (for object store access): A dedicated external network can be used; otherwise, data traffic will be sent over the management network. | |
| JetStream DR Virtual Appliance (DRVA) | If the only network used is the management network, make sure it has access to both IO Filter and the object store. If multiple networks exist within the cluster, all must be attached to the DRVA VMs. |
| Recovery from Object Cloud Virtual Appliance (RocVA) | If the only network used is the management network, make sure it has access to both the ESXi host(s) and the object store. If multiple networks exist within the cluster, all must be attached to the RocVA VM. The RocVA is a temporary VM that is automatically created when needed for VM recovery, then removed when it is no longer needed. |
| Object Store / Blob Storage | The object store/Blob Storage should be accessible to both the protected site and the recovery site. |
| Replication Log Store | DR Virtual Appliances (DRVAs) and ESXi host(s) must have direct access to this storage. |
AVS Setup
If JetStream DR will be used with AVS, additional port requirements must also be considered:
AVS Local Traffic
| JetStream MSA to vCenter | TCP 443 |
| JetStream MSA to vCenter | TCP 80 |
| vCenter to JetStream MSA | TCP 443 |
| JetStream MSA to ESXi hosts (CIM Server) | TCP 5989 |
| JetStream IO Filter Daemon listener (ESXi host) Inbound, used as needed for troubleshooting only | TCP 32873 |
| JetStream IO Filter (ESXi hosts) to DRVA (DATA) | TCP 32877 |
| JetStream MSA to JetStream DRVA (REST) | TCP 32878 |
| JetStream MSA to JetStream RocVA (REST) | TCP 32878 |
| JetStream RocVA to JetStream DRVA (DATA) | TCP 32877 |
| JetStream RocVA to JetStream ReVM (iSCSI) | TCP 3260 |
| JetStream MSA, DRVA and DNS | TCP/UDP 53 |
AVS to Azure/Internet
| AVS Run Command systems to JetStream MSA | TCP 443 |
| AVS Run Command systems to JetStream MSA | TCP 8443 |
| JetStream MSA to Azure Storage Account | TCP 443 |
| JetStream DRVA to Azure Storage Account | TCP 443 |
| JetStream RocVA to Azure Storage Account | TCP 443 |
| JetStream MSA to Azure Active Directory | login.microsoftonline.com |
| OAuth 2.0 (For Storage Account AAD Authentication) | TCP 443 |
| JetStream DRVA to Azure Active Directory | login.microsoftonline.com |
| JetStream RocVA to Azure Active Directory | login.microsoftonline.com |
| JetStream MSA to JetStream Azure metering website (jsdr-mms.azurewebsites.net) | TCP 443 |
| JetStream MSA, DRVA and DNS | TCP/UDP 53 |