Communication Details For HyperV&SCVMM
In order to manage HyperV Hosts using SCVMM below ports/protocols should be open on the firewall.
VMM Server
80 (HTTP, WS-MAN)
443 (HTTPS, BITS)
8100 (WCF Connections to PowerShell or Admin Console)
SQL Server
1433 (Remote SQL instance connection)
1434 (SQL browser service) - only needed for initial setup
Host / Library
80 (HTTP, WS-MAN)
443 (HTTPS, BITS)
3389 (RDP)
2179 (VMConnect on Hyper-V hosts for single-class console view)5900 (VMRC on Virtual Server hosts)
The list of all ports and protocols can be found in the official MS document :
http://technet.microsoft.com/en-us/library/cc764268.aspx
Most of the FW rules above has been created by the SCVMM Installer and the role setup wizard for IIS,HyperV.
Additionally during the deployment of the SCVMM agent on the HyperV host the SMB-IN 445 should be available on HyperV host because the Agent Installer file has been moved to the ADMIN$ share of the HyperV host.
Necessary Configuration For Remote Management
General Rule Groups You Must Enable in Windows Firewall to Allow Remote Management by an MMC Snap-in
In order to manage HyperV hosts remotely enable the below rule groups :
netsh advfirewall firewall set rule group="Windows Firewall Remote Management" new enable=yes
netsh advfirewall firewall set rule group=" Remote Administration" new enable=yes
For Device Manager apart from the rulegroups above you need to enable the GPO for :
Allow remote access to the PnP interface
For Disk Manager :
Make sure VDS service is running and enabled on startup. Also enable the below rule :netsh advfirewall firewall set rule group=" Remote Volume Management" new enable=yes
Also in order to make HP System Management Homepage available enable TCP port 2381 on Hyper Host inbound rules.
Summary of Local Firewall Rules
Below images shows all rules enabled on SCVMM and HyperV host to make remote management possible. The default Outbound rule for all profiles is “Allowed”. That’s why only INBOUND rules has been placed inside the document.
SCVMM Input :
Hyper-V Input :
No comments:
Post a Comment