Storage System Certificate - EMC Unity Family Security Configuration Manual

Service Protocol
NFS TCP/UDP
NFS TCP/UDP
NFS TCP/UDP
VSI TCP
HTTPS TCP
REST TCP
IWD Internal
a.
The LDAP and LDAPS port numbers can be overridden from inside Unisphere when configuring Directory Services. The default
port number is displayed in an entry box that can be overridden by the user. Also, the Remote Syslog port number can be
overridden from inside Unisphere.

Storage system certificate

Table 11 Network connections that may be initiated by the storage system (continued)
Port
4000
4001
4002
5080
8443
9443
60260
The storage system automatically generates a self-signed certificate during its first
initialization. The certificate is preserved both in NVRAM and on the backend LUN.
Later, the storage system presents it to a client when the client attempts to connect
to the storage system through the management port.
The certificate is set to expire after 3 years; however, the storage system will
regenerate the certificate one month before its expiration date. Also, you can upload a
new certificate by using the svc_custom_cert service command. This command
installs a specified SSL certificate in PEM format for use with the Unisphere
management interface. For more information about this service command, see the
Service Commands Technical Notes document. You cannot view the certificate through
Unisphere or the Unisphere CLI; however, you can view the certificate through a
browser client or a web tool that tries to connect to the management port.
Description
Used to provide NFS statd services. statd is the NFS file-
locking status monitor and works in conjunction with lockd to
provide crash and recovery functions for NFS.
Used to provide NFS lockd services.lockd is the NFS file-
locking daemon. It processes lock requests from NFS clients
and works in conjunction with the statd daemon.
Used to provide NFS rquotad services. The rquotad daemon
provides quota information to NFS clients that have mounted
a file system.
This port provides for VSI plugin. If closed, VSI plugin will not
be available.
HTTPS traffic for secure remote support when ESRS is
enabled and Integrated ESRS is configured on the storage
system. If closed, there will be a significant decrease in
remote support performance, which will directly impact the
time to resolve issues on the Unity storage system.
Used to send service notifications to an ESRS gateway server
when ESRS is enabled and Centralized ESRS is configured on
the storage system.
IWD initial configuration daemon. If closed, initialization of the
array will be unavailable through the network.

Storage system certificate

Communication Security
41