1.3. Networking Requirements
1.3.1. DNS Requirements
The Manager and all hosts must have a fully qualified domain name and full, perfectly aligned forward and reverse name resolution. Red Hat strongly recommends using DNS; using the /etc/hosts file for name resolution typically requires more work and has a greater chance for errors.
Due to the extensive use of DNS in a Red Hat Virtualization environment, running the environment’s DNS service as a virtual machine hosted in the environment is not supported. All DNS services that the Red Hat Virtualization environment uses for name resolution must be hosted outside of the environment.
1.3.2. Red Hat Virtualization Manager Firewall Requirements
The Red Hat Virtualization Manager requires that a number of ports be opened to allow network traffic through the system’s firewall.
The engine-setup script can configure the firewall automatically, but this overwrites any pre-existing firewall configuration if you are using iptables. If you want to keep the existing firewall configuration, you must manually insert the firewall rules required by the Manager. The engine-setup command saves a list of the iptables rules required in the /etc/ovirt-engine/iptables.example file. If you are using firewalld, engine-setup does not overwrite the existing configuration.
The firewall configuration documented here assumes a default configuration.
Table 1.4. Red Hat Virtualization Manager Firewall Requirements
| Port(s) | Protocol | Source | Destination | Purpose |
|---|---|---|---|---|
| - | ICMP | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Red Hat Virtualization Manager | Optional. May help in diagnosis. |
| 22 | TCP | System(s) used for maintenance of the Manager including backend configuration, and software upgrades. | Red Hat Virtualization Manager | Secure Shell (SSH) access. Optional. |
| 2222 | TCP | Clients accessing virtual machine serial consoles. | Red Hat Virtualization Manager | Secure Shell (SSH) access to enable connection to virtual machine serial consoles. |
| 80, 443 | TCP | Administration Portal clients VM Portal clients Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) REST API clients | Red Hat Virtualization Manager | Provides HTTP and HTTPS access to the Manager. |
| 6100 | TCP | Administration Portal clients VM Portal clients | Red Hat Virtualization Manager |
Provides websocket proxy access for a web-based console client, |
| 7410 | UDP | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Red Hat Virtualization Manager | Must be open for the Manager to receive Kdump notifications, if Kdump is enabled. |
| 54323 | TCP | Administration Portal clients | Red Hat Virtualization Manager (ImageIO Proxy server) | Required for communication with the ImageIO Proxy (ovirt-imageio-proxy). |
1.3.3. Host Firewall Requirements
Red Hat Enterprise Linux hosts and Red Hat Virtualization Hosts (RHVH) require a number of ports to be opened to allow network traffic through the system’s firewall. The firewall rules are automatically configured by default when adding a new host to the Manager, overwriting any pre-existing firewall configuration.
To disable automatic firewall configuration when adding a new host, clear the Automatically configure host firewall check box under Advanced Parameters.
To customize the host firewall rules, see https://access.redhat.com/solutions/2772331.
Table 1.5. Virtualization Host Firewall Requirements
| Port(s) | Protocol | Source | Destination | Purpose |
|---|---|---|---|---|
| 22 | TCP | Red Hat Virtualization Manager | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Secure Shell (SSH) access. Optional. |
| 2223 | TCP | Red Hat Virtualization Manager | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Secure Shell (SSH) access to enable connection to virtual machine serial consoles. |
| 161 | UDP | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Red Hat Virtualization Manager | Simple network management protocol (SNMP). Only required if you want Simple Network Management Protocol traps sent from the host to one or more external SNMP managers. Optional. |
| 111 | TCP | NFS storage server | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | NFS connections. Optional. |
| 5900 - 6923 | TCP | Administration Portal clients VM Portal clients | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Remote guest console access via VNC and SPICE. These ports must be open to facilitate client access to virtual machines. |
| 5989 | TCP, UDP | Common Information Model Object Manager (CIMOM) | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Used by Common Information Model Object Managers (CIMOM) to monitor virtual machines running on the host. Only required if you want to use a CIMOM to monitor the virtual machines in your virtualization environment. Optional. |
| 9090 | TCP | Red Hat Virtualization Manager Client machines | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Required to access the Cockpit user interface, if installed. |
| 16514 | TCP | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Virtual machine migration using libvirt. |
| 49152 - 49216 | TCP | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Virtual machine migration and fencing using VDSM. These ports must be open to facilitate both automated and manual migration of virtual machines. |
| 54321 | TCP | Red Hat Virtualization Manager Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | VDSM communications with the Manager and other virtualization hosts. |
| 54322 | TCP | Red Hat Virtualization Manager (ImageIO Proxy server) | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Required for communication with the ImageIO daemon (ovirt-imageio-daemon). |
| 6081 | UDP | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Red Hat Virtualization Host(s) Red Hat Enterprise Linux host(s) | Required, when Open Virtual Network (OVN) is used as a network provider, to allow OVN to create tunnels between hosts. |
1.3.4. Database Server Firewall Requirements
Red Hat Virtualization supports the use of a remote database server for the Manager database (engine) and the Data Warehouse database (ovirt-engine-history). If you plan to use a remote database server, it must allow connections from the Manager and the Data Warehouse service (which can be separate from the Manager).
Similarly, if you plan to access a local or remote Data Warehouse database from an external system, such as Red Hat CloudForms, the database must allow connections from that system. Accessing the Manager database from external systems is not supported.
Table 1.6. Database Server Firewall Requirements
| Port(s) | Protocol | Source | Destination | Purpose |
|---|---|---|---|---|
| 5432 | TCP, UDP | Red Hat Virtualization Manager Data Warehouse service External systems |
Manager (
Data Warehouse ( | Default port for PostgreSQL database connections. |
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.