IBM Storage Defender Data Protect

Connecting IBM Storage Defender Data Protect and IBM Storage Defender Data Management Service

You must open certain ports in the firewall to allow the IBM Storage Defender Data Protect cluster to transmit and receive data. The cluster sends the following types of traffic over the network. You can isolate traffic on physical or logical networks to improve performance and security.

• IPMI traffic for admins to access nodes, typically for pre-boot BIOS access and postboot console access.
• Management traffic from Nodes to external services such as Active Directory, DNS, NTP and SNMP.
• Management traffic for admins to access the IBM Storage Defender Data Protect cluster
• Backup and restore traffic for moving data between protected sources and the cluster.
• Replication traffic for replicating data from one cluster to another cluster.
• Data access (NAS) traffic for accessing data on the cluster by using protocols such as NFS, SMB or S3.
• Archive and tiering traffic for moving data to external targets such as a cloud or tape system.
• Internal traffic between nodes on a cluster.

Follow the IBM Storage Defender Data Protect documentation to configure the firewall and ports for the listed traffic. See section Cluster Administration -> Manage Firewall Rules and Ports.

The traffic that is not part of the documentation but requires firewall and port settings is the communication between IBM Storage Defender Data Protect and IBM Storage Defender Data Management Service.

To allow this traffic you can configure the below firewall and port rules:

• Source: IBM Storage Defender Data Protect cluster
• Destination: usea-prod.storage-defender.ibm.com, usea-data.storage-defender.ibm.com
• Destination Port: 443
• Protocol: TCP
• Usage Notes: Standard IBM Storage Defender Data Protect traffic is sent to usea-prod.storage-defender.ibm.com. Query and API call traffic is sent to usea-data.storage-defender.ibm.com