When planning your deployment, consider the following security and firewall settings:
- Configure security policies (rules) to enable a one-way connection to the license server and two-way connections between the Broker and the various Domain Managers. For communication between Managers across firewalls, plan on opening a hole in the firewall for the Smart Assurance communications. Certain UDP and TCP ports must be opened for proper communications:
- Broker: Port 426
- License Manager: Port 1744
- Manager: one port each, which can be configured
- Adapters, including SNMP Trap Adapter and Syslog Adapter.
- Consider proxy servers when communicating with Smart Assurance applications that reside behind firewalls. Using a proxy server reduces the number of firewall ports that need to be opened to one firewall port.
- If access lists are used, plan on deploying the IP addresses of hosts that include Managers to the access list of devices that will be managed. Smart Assurance applications must have full access to browse the MIBs of the devices. The VMware Smart Assurance IP Manager User Guide lists the specific MIBs. Depending on the network size and complexity, this may require scheduling to obtain support from the organization’s network personnel.
- You must have a listing of SNMP versions and related security parameter values that are used by specific devices in the organization’s network.