JavaScript is required to for searching.
  »  ...Oracle® ZFS Storage Appliance ...  »  Data Services
Skip Navigation Links
Exit Print View
Oracle® ZFS Storage Appliance Security Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Oracle ZFS Storage Appliance Security Overview

Initial installation

Physical Security

Administrative Model

ZFSSA Users

Access Control Lists (ACL)

Storage Area Network (SAN)

Data Services

NFS Authentication and Encryption Options

Security Modes

Kerberos Types

iSCSI

RADIUS Support

Server Message Block (SMB)

Active Directory (AD) Domain Mode Authentication

Workgroup Mode Authentication

Local Groups and Privileges

Administrative Operations via the Microsoft Management Console (MMC)

Virus Scan

Delay Engine for Timing Attacks

Data Encryption on the Wire

File Transfer Protocol (FTP)

Hypertext Transfer Protocol (HTTP)

Network Data Management Protocol (NDMP)

Remote Replication

Shadow Migration

SSH File Transfer Protocol (SFTP)

Trivial File Transfer Protocol (TFTP)

Directory Services

System Settings

Remote Administrative Access

Logs

More Information

Documentation Mapping

Data Services

Table 1  Data Services
SERVICE
DESCRIPTION
PORTS USED
NFS
Filesystem access via the NFSv3 and NFSv4 protocols
111 and 2049
iSCSI
LUN access via the iSCSI protocol
3260 and 3205
SMB
Filesystem access via the SMB protocol
SMB-over-NetBIOS 139
SMB-over-TCP 445
NetBIOS Datagram 138
NetBIOS Name Service 137
FTP
Filesystem access via the FTP protocol
21
HTTP
Filesystem access via the HTTP protocol
80
NDMP
NDMP host service
10000
Remote Replication
Remote replication
216
Shadow Migration
Shadow data migration
SFTP
Filesystem access via the SFTP protocol
218
SRP
Block access via the SRP protocol
TFTP
Filesystem access via the TFTP protocol
Virus Scan
Filesystem virus scanning

Minimum Needed Ports:

To provide security on a network, you can create firewalls. Port numbers are used for creating firewalls and uniquely identify a transaction over a network by specifying the host and the service.

The following list shows the minimum ports required for creating firewalls:

Inbound Ports

Additional inbound ports if http file sharing is used (typically it is not)

Outbound Ports

Note: For replication, use Generic Routing Encapsulation (GRE) tunnels where possible. This lets traffic run on the back end interfaces and avoid the firewall where traffic could be slowed. If GRE tunnels are not available on the NFS core, you must run replication over the front end interface. In this case, port 216 must also be open.

Copyright © 2013, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next