Before you start deploying and configuring vCloud Availability, ensure that the required network ports are opened and allow the vCloud Availability services communication within a site and between cloud sites.
To get a list of the required firewall ports to be opened, see vCloud-Availability Network Ports.
The following diagram shows the direction of the data flow, the data traffic type, and the required network ports for the communication between the vCloud Availability services and the disaster recovery infrastructure for a typical deployment in two cloud sites.
- The vCloud Availability vApp Replication Manager must have a TCP access to vCloud Director, vCloud Availability Replication Manager, vCenter Server, and to the Platform Services Controller, depending on where the vCenter Server Lookup service is hosted.
- The vCloud Availability Replication Manager must have a TCP access to the vCenter Server Lookup service and all the vCloud Availability Replicator instances in both local, and in remote sites.
- The vCloud Availability Replicator must have a TCP access to the vCloud Availability Replication Manager, vCenter Server, and the vCenter Server Lookup service.
vCloud Availability does not support any TLS terminating products or solutions placed between the appliances, for example, VMware NSX® Edge™ instances, HAProxy, Nginx, Fortinet, and others. If such solutions are in place, they must be configured in pass-thru mode, also known as TCP mode, to prevent from interfering with the TLS traffic of vCloud Availability.
|Original Destination||Translated Destination||Original Destination Port||DNAT Translated Port||Protocol||Description|
|Public Network/Uplink Interface||vCloud Availability Cloud Tunnel Appliance||443||8048||TCP||Used for incoming replication management and replication data traffic from public networks to vCloud Availability Tunnel. The tunnel then routes the traffic to the local services.|