证券,金融或者对网络环境要求较严格,开放网络中端口访问都需要安全审计的公司太扯淡。不过从安全考虑,还是很有必要的。
复杂网络中部署CS中需要调试网络连通性以便保证通信正常。
下面是官方给出的CS常用端口:
管理服务器:
8080: 主界面 / 授权API端口
8096: 用户/客户端连接CS管理端 (不可靠的)
8787: CloudStack (Tomcat) debug socket
9090: Cloudstack群集 管理服务接口
45219: JMX console
系统VM代理通信 - 必须在管理服务器上打开
3922: 安全系统的安全通信端口
8250: 系统VM与管理服务器未加密的通信端口
MySQL Server
3306: MySQL 服务
虚拟化平台
22/443: XenServer, XAPI
22: KVM
443: vCenter
外部端口:
53: DNS
111/2049: NFS与SSVM通信
860/3260: iSCSI软件连接器通信端口
7080: AWS API server
另外附上管理端(management server)和系统虚拟机(system VM's)监听的端口和开放的服务:
管理服务器:
|
1
|
*
|
3306
|
mysqld
|
/etc/my.cnf
|
MySQL database, the port should be protected.
|
|
2
|
*
|
8080
|
tomcat
|
|
Default Web Console HTTP Port
|
|
3
|
*
|
8250
|
tomcat
|
simulator.properties
|
MS-Agent Communication
|
|
4
|
*
|
7080
|
tomcat
|
server.xml
|
AWSAPI
|
|
5
|
*
|
9090
|
tomcat
|
db.properties
|
MS-MS Communication
|
|
6
|
*
|
20400
|
tomcat
|
server.xml
|
AJP Connector
|
|
7
|
*
|
45219
|
tomcat
|
tomcat6.conf
|
JMX Port (no authentication)
|
|
8
|
*
|
other high end ports
|
tomcat
|
|
|
虚拟路由器: 虚拟路由器有3个接口,分别连接到:公共网络,来宾网络和 cloud link local network
|
1
|
Guest
|
53
|
dnsmasq
|
|
|
2
|
Guest
|
80
|
apache2
|
|
|
3
|
Guest
|
443
|
apache2
|
|
|
4
|
Guest
|
8080
|
socat
|
password server: /opt/cloud/bin/serve_password.sh
|
|
5
|
Link Local
|
3922
|
sshd
|
|
|
6
|
*
|
35999
|
haproxy
|
does haproxy need to listen on all interfaces?
|
CPVM: CPVM有3个接口,并且连接到:公共网络,管理网络和cloud link local network
|
1
|
*
|
443
|
java
|
|
Console Proxy Listening Port
|
|
2
|
*
|
8001
|
java
|
/usr/local/cloud/systemvm/conf/consoleproxy.properties
|
Deprecated. Console proxy internal port for management server to get current load status of a running proxy(this will be obsolete since load report is done via secure agent/management server channel)
|
|
3
|
Link Local
|
3922
|
sshd
|
|
|
SSVM: SSVM有4个接口,并且连接到:公共网络,管理网络,存储网络和 cloud link local network
|
1
|
*
|
111
|
rpc.portmap
|
Should be closed if not needed or limited to internal interfaces
|
|
2
|
*
|
high end port
|
rpc.statd
|
Should be closed if not needed or limited to internal interfaces
|
|
3
|
public
|
80
|
apache2
|
zone-to-zone copy over http
|
|
4
|
public
|
443
|
apache2
|
zone-to-zone copy over https
|
|
5
|
Link Local
|
3922
|
sshd
|
|
