Certain features of the appliance require a small amount of pre-work. We have endeavored to create a platform that required almost zero client footprint, i.e. through our agentless discovery. To make that possible, however, we require the ability to remotely administer these endpoints from the CloudSphere appliance.
Appliance and Users connectivity to CAM Portal communication
The Virtual Appliances connect to the CloudSphere Account Management portal to securely transfer the discovered data for analysis. It also reaches out to the portal to download updates to the engine.
For both the users logging in to the CAM Web Portal, and the Virtual Appliances, you'll need to allow outbound 443 access to the following domains to ensure connectivity from the Appliance to the CloudSphere platform:
Protocol | Ports | Description |
HTTPS | 443 | https://*.cloudsphere.com |
If you're using a proxy in your environment for outbound access you will need to:
- Configure proxy settings on your Appliance for connecting to CloudSphere domains.
- Whitelist the "cloudsphere.com" domain (recommended) or the IP.Address (You can connect with the CloudSphere Support Team, to get the current IP address.).
Virtual Appliance to Target/Discovered Device communication
ICMP | N/A | Ping |
WMI, SMB, Windows Remote Registry, Windows Remote Process | 135, 137, 138, 139,445, 1024 -65535 | Windows Server Discovery |
VCenter/ vSphere | 443, 9443 | |
SSH | 22 | Unix Discovery |
Windows Inventory processes typically communicate over TCP ports 135, 139, and 445 (WMI, RPC, SMB) and UDP ports 137 and 138 (NetBIOS).
Windows Inventory communicates over those ports using the following “services”.
OSX, Linux and Solaris Inventory processes are carried out over SSH (TCP port 22).
Endpoints to Virtual Appliance (for Performance Metrics collection) communication
The network requirements for the performance scripts on endpoints to communicate back to the appliance:
Protocol | Ports | Description |
HTTP | 8080 | Performance metric script on device POSTs metrics to the appliance. |
Please check for the following:
- Network-based firewalls or Intrusion Prevention systems must allow communication from the appliance to your endpoints. Consider deploying an appliance in the network segment that has ACLs preventing access to it from other segments.
VMware vCenter Scanning (Optional): If scanning VMware vCenter ensure the CloudSphere appliance has access to vCenter on HTTPS (TCP port 443).
Appliance to Docker hub communication (optional, required for Appliance Upgrade)
Require to whitelist the following:
- *.Docker.io
- *.cloudflare.docker.com
- In case a load balancer is present, additional whitelisting might be required.