VoC Firewall rules Prerequisites

VoC Infrastructure: Firewall Prerequisites

1. Overview

This document outlines the network port requirements for the VAST Data Cloud platform, based on internal configuration specifications. These rules must be implemented in the cloud provider firewall or security groups to ensure seamless communication between VAST components and services.

Note that this document contains the minimum rules required for Vast On Cloud to be deployed and run; additional rules may be required for additional functionality, including connectivity to 3rd-party components such as monitoring systems.

The information in this document is applicable for all public cloud providers, however as different elements inside each providers may be subject to changes from time to time it is advised to validate against Vast RnD teams if there any special conditions that needs to be considered

2. TCP Inbound/Outbound Rules

The following TCP ports are required for management, file protocol access, and internal node orchestration.

Port(s)	Service / Protocol	Description
22	SSH	Secure Shell access.
80, 443	HTTP / HTTPS	Web management interface and API access.
111, 2049	RPC / NFS	RPC Portmapper and NFS protocol services.
389, 636	LDAP / LDAPS	Directory services and Secure LDAP.
445	SMB	Microsoft Active Directory and SMB file sharing.
3128	Callhome Proxy	Outbound proxy communication for VAST support.
3268, 3269	Global Catalog	LDAP Global Catalog (Standard and SSL).
4000, 4001	DNode Internal	Distributed Node internal communication.
4100, 4101	DNode Internal	Distributed Node internal communication.
4200, 4201	CNode Internal	Compute Node internal communication.
4420, 4520	SPDK Target	Storage Performance Development Kit targets.
5000	Docker Registry	Internal container image management.
5200, 5201	CNode Dataenv	Compute Node internal data environment.
5551	VMS Monitor	VAST Management Suite monitoring.
6000, 6001	Leader	Cluster leader election and management.
6126	MLX Shared	Mellanox shared services.
7000, 7001	DNode Internal	Distributed Node internal communication.
7100, 7101	DNode Internal	Distributed Node internal communication.
8000	MCVMS	Management Cluster VMS.
9090	Tabular	Tabular data services.
9092, 9093	Kafka / SSL	Message bus for telemetry and logging.
20048	Mount	NFS Mount protocol.
20106, 20107	NSM / NLM	Network Status Monitor and Network Lock Manager.
20108	NFS RQuota	Remote Quota services.
49001, 49002	Replication	VAST-to-VAST data replication traffic.

3. UDP Inbound/Outbound Rules

These ports are utilized for low-latency internal node communication and silo management.

Port(s)	Service / Protocol	Description
4005, 4105	DNode Internal	UDP-based DNode communication.
4205	CNode Internal	UDP-based CNode communication.
5205 – 5240	CNode Silos	Range allocated for Compute Node silo processing.
6005	Leader	UDP-based leader orchestration.
7005, 7105	DNode Internal	UDP-based DNode communication.