Friday, January 27, 2012

Ports used by Specops Deploy

For those of you with strict networking rules and firewalls controlling traffic between client and servers, for example using Microsoft Domain & Server Isolation, here is a list of all needed ports for Specops Deploy, grouped by the different functions and roles.

Here is the information in a Excel file, for easier reading.

You will find a definition of the protocols at the end of the list.






Specops Deploy / App


Name

Source and
Destination

Description

Microsoft CIFS (SMB)

Clients to Installation Share

To download
and install software

Microsoft CIFS (SMB)

Clients to
Specops Deploy / App Server 

To report
feedback to Deployment Server

Specops Deploy
Feedback

Admin PC to
Specops Deploy / App Server

To read Feedback
from Deployment Server

SQL over TCP

Deployment
Server to SQL Server

To read and
store Feedback information




Specops Deploy / OS


Capture Client





Name

Source and
Destination

Description

IKE Client

Capture Client
to Image Server

Internet Key
Exchange (IKE) Protocol

Microsoft CIFS (SMB)

Capture Client
to Image Server

Connect to MDT
Network Share

Microsoft DS-Traffic

Capture Client
to Image Server

Upload Capture to Server




PXE Boot and Installation


Name

Source and
Destination

Description

Boot Relay

Clients to Deployment
Server

PXE Booting

IKE Client

Clients to Deployment
Server

Internet Key
Exchange (IKE) Protocol

Microsoft CIFS (SMB)

Clients to Deployment
Server

Connect to MDT
Share and download Image

TFTP

Clients to Deployment
Server

Download WinPE

Multicast Traffic

Clients to Deployment
Server

To use
Multicast, else falling back to Unicast




Admin Tools to Reinstall a PC


Name

Source and
Destination

Description

Microsoft CIFS (SMB)

Admin PC to Clients

To read GUID
and Trigger Reboot

RPC

Admin PC to Clients

To read GUID
and Trigger Reboot

RPC High
Ports

Admin PC to Clients

To read GUID
and Trigger Reboot




Deployment and Image Server Communication


Name

Source and
Destination

Description

Microsoft CIFS (SMB)

Twoway between Image and
Deployment Servers

Installation/Upgrade
of Servers, DFS-R

RPC

Twoway between Image and
Deployment Servers

Installation/Upgrade
of Servers, DFS-R

RPC High
Ports

Twoway between Image and
Deployment Servers

Installation/Upgrade
of Servers, DFS-R

Deployment Server Remoting

Twoway between Image and
Deployment Servers

Installation/Upgrade
of Servers, DFS-R




Admin Tools to Image and Deployment Servers


Name

Source and
Destination

Description

Microsoft CIFS (SMB)

Admin PC to
Image and Deployment Servers

Upload of
Images, Drivers etc

Netbios Name Service

Admin PC to
Image and Deployment Servers

Upload of
Images, Drivers etc

Netbios Session

Admin PC to
Image and Deployment Servers

Upload of
Images, Drivers etc

RPC

Admin PC to
Image and Deployment Servers

Configuration, Restart Services, etc

RPC High
Ports

Admin PC to
Image and Deployment Servers

Configuration, Restart Services, etc

Specops Deployment
Server Remoting

Admin PC to
Deployment Servers

Status Information, Error Reporting Etc

Specops Image Server Remoting

Admin PC to
Image Server

Status Information, Error Reporting Etc







General Ports
used
in Testing.


Name

Source and
Destination

Description

DHCP Request

Clients to
DHCP and Deployment Servers

To PXE Boot
and get DHCP Addresses

DHCP Relay

DHCP and
Deployment Servers to Clients

To PXE Boot
and get DHCP Addresses

DNS

DNS Servers
(DC's) to Internet

For DNS
Servers to allow name resolution.

DNS

Clients and
Servers to DC’s

General AD
Traffic to DC’s

IKE Client

Clients and
Servers to DC’s

General AD
Traffic to DC’s

Kerberos-SEC (TCP)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

Kerberos-SEC (UDP)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

LDAP

Clients and
Servers to DC’s

General AD
Traffic to DC’s

LDAP (Ping)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

LDAP (UDP)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

LDAP (GC)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

LDAPS

Clients and
Servers to DC’s

General AD
Traffic to DC’s

LDAPS (GC)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

Microsoft CIFS (TCP)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

Microsoft CIFS (UDP)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

Netbios Datagram

Clients and
Servers to DC’s

General AD
Traffic to DC’s

Netbios Name Service

Clients and
Servers to DC’s

General AD
Traffic to DC’s

Netbios Sessions

Clients and
Servers to DC’s

General AD
Traffic to DC’s

NTP (UDP)

Clients and
Servers to DC’s

General AD
Traffic to DC’s

Ping

Clients and
Servers to DC’s

General AD
Traffic to DC’s

RPC

Clients and
Servers to DC’s

General AD
Traffic to DC’s

RPC High
Ports

Clients and
Servers to DC’s

General AD
Traffic to DC’s

HTTP

Clients and
Servers to Internet

General Web
Traffic (Windows Update etc)

HTTPS

Clients and
Servers to Internet

General Web
Traffic (Windows Update etc)




Protocol Definition


Name

Port

Description

Microsoft CIFS

445/TCP

Fileshare Traffic

SQL over TCP

1433/TCP

SQL Server communication

IKE Client

500/UDP

Internet Key
Exchange (IKE) Protocol

Microsoft-DS Traffic

445/TCP, 445/UDP

Fileshare Traffic

Boot Relay

4011/UDP

PXE Booting

TFPT

69/UDP

Download WinPE

RPC

135/TCP

Remote Actions

RPC High
Ports

49152-65535/TCP

For Vista and later

Specops Deployment
Server Remoting

4375/TCP

Status Information, Error Reporting Etc

Specops Image Server Remoting

4376/TCP

Status Information, Error Reporting Etc

Specops Deploy
Feedback

4373/TCP

Feedback for
Specops Deploy / App







1 comment:

  1. Impressive documentation, I wish every software maker could provide such a detailed information!!

    ReplyDelete