Category: System Administration

vSphere Standard Switch vs Distributed switch

vSphere Standard Switches (vSS)

provides network connectivity to hosts and virtual machines. Standard switch can bridge traffic internally between virtual machines in the same VLAN and also link to external networks. Standard switches uses physical Network adapters (NICs) of the ESXi hosts as uplink ports on the standard switch which helps the virtual machines to talk to the outside network. Virtual Machines have it s virtual network adapters (vNICs) that will connect to the port groups on the standard switches. Every port group can use one or more physical NICs of ESXi host attached to it to handle its network traffic.For the Port group with no physical NIC connected to it will allow virtual machines to communicate only with the virtual machines connected on the same port group and will not allow to communicate to external network. In simple terms, vSphere Standard Switches need to be created on each individual hosts.

vSphere Distributed Switch (vDS)

provides centralized management and monitoring of the network configuration of all the ESXi hosts that are associated with the dvswitch. Distributed switch can be created and configured at vCenter server system level and all its settings are propagated to all the hosts that are associated with the switch. dvSwitch is designed to create a consistent switch configuration across every hosts in the datacenter. Network configuration and management for all the hosts that associated with the switch can be performed centralized on the vCenter server system. vDS is only available as part of vSphere Enterprise plus licensing and it’s not created by default.The dvswitch consists of two components, the control plane and the I/O or data plane. vSphere Distributed Switch is also referred as vDS (vSphere Distributed Switch and dvs (Distributed virtual switch).

Continue reading “vSphere Standard Switch vs Distributed switch”

Windows Server Fail-over Clustering / SQL Cluster Firewall Access Rules

Windows Server Clustering
TCP/UDP Port Description
TCP/UDP 53 User & Computer Authentication [DNS]
TCP/UDP 88 User & Computer Authentication [Kerberos]
UDP 123 Windows Time [NTP]
TCP 135 Cluster DCOM Traffic [RPC, EPM]
UDP 137 User & Computer Authentication [NetLogon, NetBIOS]
UDP 138 DSF, Group Policy [DFSN, NetLogon, NetBIOS Datagram Service]
TCP 139 DSF, Group Policy [DFSN, NetLogon, NetBIOS Datagram Service]
UDP 161 SNMP
TCP/UDP 162 SNMP Traps
TCP/UDP 389 User & Computer Authentication [LDAP]
TCP/UDP 445 User & Computer Authentication [SMB, SMB2, CIFS]
TCP/UDP 464 User & Computer Authentication [Kerberos Change/Set Password]
TCP 636 User & Computer Authentication [LDAP SSL]
TCP 3268 Microsoft Global Catalog
TCP 3269 Microsoft Global Catalog [SSL]
TCP/UDP 3343 Cluster Network Communication
TCP 5985 WinRM 2.0 [Remote PowerShell]
TCP 5986 WinRM 2.0 HTTPS [Remote PowerShell SECURE]
TCP/UDP 49152-65535 Dynamic TCP/UDP [CAN BE CHANGED]

SQL Server 
TCP/UDP Port Description
TCP 1433 SQL Server/Availability Group Listener [CAN BE CHANGED]
UDP 1434 SQL Server Browser
UDP 2382 SQL Server Analysis Services Browser
TCP 2383 SQL Server Analysis Services Listener
TCP 5022 SQL Server DBM/AG Endpoint [CAN BE CHANGED]
UDP 49152-65535 Dynamic TCP/UDP [CAN BE CHANGED]

Active Directory Traffic
Source IP Range : Server’s IP Range
Destination IP Range [Active Directory Servers]
TCP Ports 53,88,389,464,636,3268,3269
UDP Ports 53,88,389,464

Windows Server Fail-over Clustering Traffic
TCP Ports 135,139,445,1433,2383,3343,5022,5985,5986
UDP Ports 137,138,445,1434,2382,3343,49152-65535

Windows Time Traffic
TCP Ports N/A
UDP Ports 123

Client SQL Server Access Traffic
TCP Ports 1433,2383 (If default port used)
UDP Ports 1434,2382

For a comprehensive list of Services and their associated network port numbers, please refer the Microsoft Official Guide

[source: Microsoft]