Network access requirements for SQL Server
Network architecture
The diagram Delphix Virtualizing and Masking SQL Server Network Architecture below depicts the overall network architecture for Delphix virtualizing and masking SQL Server. In the diagram, each of the arrows represents the direction of a network connection between two nodes. Next to each arrow is a label indicating the network protocol (TCP) and the port number indicating the network service. Also, indicated in red are the recommended network latencies between the major components of the architecture.
You can optionally configure a separate Connector Environment, specifically used to discover databases on the source during Environment creation. You can also use your Staging Target Host to be used as the Connector Environment, as seen in the image below.
Ports
Based on the table below, the Windows Network Administrator needs to complete a series of tasks. For each port listed, determine whether it must be opened in your firewall between your Delphix Engine and source or target systems. Work with your Delphix Administrator to understand what requirements are there, and ensure that they have been met before proceeding.
Port | Network Service | Required for virtualization? | Required for masking? | Description and usage |
---|---|---|---|---|
22 | SSH | Yes | Yes | Used for accessing command-line interface (CLI) and internal Delphix OS accounts |
80 | HTTP | Yes | No | Used for GUI console access on Delphix Engine by default, disabled when HTTPS in use |
443 | HTTPS | Yes | No | Used for GUI console access on Delphix Engine, disabled when HTTP in use |
445 | SMB | Yes | No | Used for attaching shared folders on Windows. To take a copy-only backup or use Delphix Managed backups, this port is required to allow the source environment access to the staging environment. |
1433 | JDBC | Yes | Yes | Used for accessing SQL Server databases for queries on data-dictionary. This port is the default, but you can use other ports instead. |
3260 | iSCSI | Yes | No | Used for network-attached storage (NAS) on Windows database servers |
53261 | iSCSI (Encryption) | Yes | No | Provides a connection from a staging or target environment to the engine when encryption is enabled for the Windows environment. |
8415 | DSP | Yes | No | Used for the below DSP operations
This port needs to be open from the VDB target host/Staging Target Host to Delphix Engine. |
(32768-60999)/9100 | Delphix Windows Connector | Yes | No | Used for connecting to the Delphix Connector service installed on Windows target database servers. |
50001 | iPERF | No | No | Used for network throughput testing with the open-source iPerf package through the Delphix CLI, this is purely optional (but useful) functionality |
Applying network access requirements to Windows cluster configurations
Follow the below points to apply Network Access Requirements to Windows Cluster configurations
For Target Windows Cluster Environments (running Target Failover Cluster Instances), you need to access TCP 445 of the Windows Cluster Virtual IP from the Staging Server.
For Source Windows Cluster Environments (running Source Always-On Availability Group databases), you need to access the following:
From the Staging Server:
TCP 445 of the Windows Cluster Virtual IP
The SQL Server port (default TCP 1433) of each SQL Server instance running on the cluster
The SQL Server port (default TCP 1433) of all Availability Group Listener Virtual IP addresses that contain Source Databases
From the Delphix Engine:
The SQL Server port (default TCP 1433) of each SQL Server instance running on the cluster
The SQL Server port (default TCP 1433) of all Availability Group Listener Virtual IP addresses that contain Source Databases
For Source Windows Cluster Environments on Azure, some Azure configuration changes may be required, see Additional requirements for Azure SQL Server Availability Groups for more details.
For both Source and Target Windows Cluster Environments, the required connectivity for a standalone host should be configured for every node of the cluster. For example, Delphix Engine should be able to connect to the Delphix Connector service installed on each target windows cluster node listening on the Delphix Connector port configured at installation.