Physical-to-Physical Server migration with Firewall Transversal

Posted by in VMware

A common tool that is used for X2P & X2V migrations is called PowerConvert from Platespin. Generally speaking the servers that are being migrated are put on the same internal network segment and therefore relatively easy to migrate. However, I wanted to examine how the process works if that is not the case and one or more of the elements are segregated by a firewall.

There are three elements involved in the migration process:

  1. Source Server
  2. Destination Server
  3. Platespin Powerconvert Server

The communication between these elements is over the following ports:

Server Discovery:

22 TCP SSH Port used when discovering Linux source servers or VMware
ESX/VMware Infrastructure 3 Servers

443 TCP SSL Port used to connect to the VI3 web services when discovering ESX servers.

135/445 TCP For DCOM/RPC communication as PowerConvert utilizes WMI when discovering Windows based servers so that no manual configuration is required

**WMI (RPC/DCOM) may use TCP ports 135 and 445 as well as random/dynamically assigned ports above 1024.

Server Conversion:

80 TCP – For HTTP communication between the PowerConvert Server and the source/target machines.

443 TCP – For HTTPS communication (if using SSL) between the PowerConvert Server and the source/target machines. This is also the default port for the VMware Infrastructure 3 Web service.

3725 TCP – File Transfer port used between the source and target machine.

SMB (TCP 139, TCP 445, UDP 137,UDP 138) – File Transfer of the Take Control folder (i386) and files from the PowerConvert server to the source server.

135/445 TCP – For DCOM/RPC communication as PowerConvert utilizes WMI when taking control and rebooting the source server.

**WMI (RPC/DCOM) may use TCP ports 135 and 445 as well as random/dynamically assigned ports above 1024.

These ports must be opened on the firewall to allow the conversion to complete. An alternate method would be to temporarily place a PowerConvert Server in the DMZ.

References:

http://support.platespin.com/kb2/article.aspx?id=20341

http://support.platespin.com/kb2/attachments/Ports_diagram.pps

Print Friendly, PDF & Email