Network TCP Port Requirements
TCP ports can be statically or dynamically assigned. Commvault software uses them as follows:
- Static Ports
Several services used by the software listen for incoming network traffic on predefined network ports. The CommServe system, MediaAgents, and agents within the CommCell group communicate with each other through these ports. Essential CommServe services are automatically assigned registered, static port numbers during installation. MediaAgents, agents, and other software components can use the same default static port numbers or any static port numbers specified during installation.
For the services listed, the software registers the following ports by default:
Service Port Number Protocol Commvault Communications Service (GxCVD, found in all client computers) 8400 TCP Commvault Server Event Manager (GxEvMgrS, available in CommServe) 8401 TCP Commvault Client Manager Service (GxClMgrS, available in some Windows client computers)
Note: On UNIX client computers, the Commvault Client Manager Service (GxClMgrS) uses dynamic ports.
8402 TCP Commvault Firewall (tunnel HTTP/HTTPS port) 8403 TCP
For information on binding services to static ports, see Binding Services to Static Ports.
- Dynamic Ports
Dynamic ports are opened and closed by the running Commvault software to permit certain types of transient traffic.
The GxCVD service dynamically uses free ports between 1024 and 65535 to communicate during data protection and data recovery jobs. The system dynamically assigns a number of free ports to be used by each job to allow parallel data movement. After the job is finished, if no other job is pending, the dynamic ports are released.
If you have a large CommCell environment and you want to increase the range of dynamic ports, log on to the CommServe computer, open the command prompt, and then enter the following command:
netsh int [IPv4|IPv6]
set dynamicportrange [TCP|UDP] start=number num=range store=[active|persistent]
Network TCP port requirements remain the same whether the IPv4 or IPv6 protocol family is used. Dynamic port range assignment can be restricted by using Binding Services to Open Ports.
The following tables display the default ports used by Commvault and third-party applications. Based on your environment settings, you can configure the applications to use different port numbers.
Ports Used By Commvault Applications
|Analytics Engine MediaAgent||20000|
|Content Indexing Engine (Apache Solr)||27000|
|LREPListener (SnapVault) MediaAgent||10566|
|NFS/ESX, NFS (DataServer-IP) MediaAgent||111, 2049|
|Web Console (Apache Tomcat)||80, 443|
|Web Server (Apache Tomcat)||81|
Ports Used By Third-Party Applications
|Exchange, HTTP/HTTPS, SalesForce/ESX, SharePoint||80, 443|
|IIS, offline Commvault documentation||8080|
|LDAP catalog||3268, 3269|
|LDAP search/authentication||389, 636|
|Microsoft SQL Server||1433, 1434|
|MongoDB (Tagging Catalog CommServe)||27017|
|SMTP||25, 465, 587|
The default instance of a SQL server listens for incoming network traffic using static ports (1433 and 1434). But named instances, such as those used by this software, are configured by default to listen for incoming network traffic using dynamic ports. If a SQL Server instance is configured to listen for network traffic using dynamic ports, the instance will obtain an available port from the operating system and create an endpoint for that port. Incoming connections must then request that port number in order to connect to the software.
You have the option of configuring named instances to use static ports. For instructions, see Microsoft's TechNet article, Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager). If you do configure static ports for SQL Server, be sure to configure your firewall to allow TCP on port 1433 and UDP on port 1434.
Since a dynamic port number can change each time SQL Server launches, the SQL server software provides the SQL Server Browser Service to monitor ports and direct incoming network traffic to the current port used by the default instance. This capability ensures that all port traffic between the SQL Server and the software can be traced at any given time, which is especially useful in network troubleshooting scenarios.
Note: Changing this behavior manually may require additional configuration changes to the DSN (data source name) settings installed by the software. Therefore, we recommended that this behavior not be changed unless absolutely necessary.
Multi Instancing requires that each instance of the same agent (for example, the SQL Server iDataAgent) or MediaAgent have a unique set of static TCP port numbers assigned. For more information, see Considerations for Multi-Instance Installations.
For a given cluster server, the MediaAgent, agent, or other software component installed on every physical node in a cluster that is configured to host that cluster server must have the same port numbers configured. If, for example, you have a cluster server named VS1, and three physical computers configured to host VS1, all three computers must have the same Network TCP port numbers configured for the network interface used by VS1. For greater detail, consider this example:
- Node A is configured to host cluster server VS1. Instance001 has the Informix iDataAgent installed to protect Informix data on VS1. During install, Port 8502 was specified for the Communications Service (CVD).
- Node B is also configured to host VS1. Instance003 has the Informix iDataAgent installed to protect Informix data on VS1. During the Agent install, Port 8502 must be specified for the Communications Service (CVD) to match the Network TCP port number configuration of Node A.
For CommCell components to communicate across a firewall, the network TCP port numbers you select must be configured on your firewall. This specifically includes tunnel ports and additional ports.
Tunnel Port: This is the incoming port number through which the CommServe receives tunnel connections. Port 8403 is the default for Commvault software, but it can be configured to another port number. To determine what the incoming connections port has been set to, see Setting up Incoming Ports on the CommServe and MediaAgent, the step that sets Listen for tunnel connections on port.
Additional Open Ports: You can speed up data transfer for components that handle it (such as MediaAgent or File System iDataAgent), by opening additional ports on the firewall, and configuring them as open in this dialog. Specify the range of ports in the Additional open ports area, in the From and To fields. Click Add to add the ports. To remove a port from the listing, select the port and click Delete. The ports must be within the range of 1024 - 65000. Ensure that the ports specified here are not used by other applications.
For more information on additional open ports, see Opening Additional Ports.
- When specifying Network TCP port numbers, it is essential to choose Network TCP ports that are unassigned and unused. The software requires the ability to open the same ports across when the operating system or applications are restarted, and these ports must not be in use by other resources. All effort should be made to ensure that no other resource expects the specified ports to be open, as a port conflict will cause an application failure.
- When specifying a Network TCP Port Number other than 8400 for a MediaAgent's Communications Service (GxCVD), which may be necessary when more than one instance of the MediaAgent is installed on a computer, bear in mind that clients with an earlier release may not be able to communicate through that port. Therefore, when specifying a non-default port number in such cases, you should ensure that all clients using the MediaAgent support the Multi Instancing feature, and non-default network TCP port numbers.
If you need to change the network port numbers of a client or MediaAgent, see Changing Network Ports.