locked
Source and Destination servers - Firewalls RRS feed

  • Question

  • Firewalls in place between Source and Destination environments, so being asked by network security which servers need access to which servers.

    2007 Primary Site with remote SQL

    2012 Primary Site with remote SQL 

    I thought it was 2012 provider to 2007 provider and SQL but then this, to me is a little ambiguous and I need to specify server to server, not environment. So clarification would be appreciated

    ---------------------------------------------------------------------------------------------

    When gathering data, the following network protocols and ports are used:

    • NetBIOS/SMB – 445 (TCP)
    • RPC (WMI) - 135 (TCP)
    • SQL Server - The TCP ports in use by both the source and destination site databases.

    ------------------------------------------------------------------------------------------------


    thanks in anticupation


    Solutions Architect


    • Edited by Nick_B64 Tuesday, June 9, 2015 11:18 AM
    Tuesday, June 9, 2015 11:17 AM

Answers

  • Nick,

    You 2012 site server needs access to the 2012 SQL DB on 1433 and:

    • NetBIOS/SMB – 445 (TCP) - 2012 site server to 2007 site server
    • RPC (WMI) - 135 (TCP) - 2012 site server to 2007 site server
    • SQL Server - The TCP ports in use by both the source and destination site databases. - 2012 site server to 2007 site database server




    Cheers Paul |

    • Proposed as answer by Joyce L Tuesday, June 23, 2015 10:05 AM
    • Marked as answer by Joyce L Friday, June 26, 2015 2:41 AM
    Tuesday, June 9, 2015 2:03 PM

All replies

  • Tuesday, June 9, 2015 11:23 AM
  • Nick,

    Here are some details re: RPC ports

    https://sccmentor.wordpress.com/2014/10/13/sccm-2007-to-2012-migration-ports/


    Cheers Paul |

    Tuesday, June 9, 2015 11:26 AM
  • thanks, Ive already read those - and Im still a little confused.

    I think I get that ports are required for

    2012 Site Server to 2007 Site Server and its remote SQL server

    What either of those links doesnt clarify is (or I cant see :) ) which server (s) in the source environment needs access back to the 2012 SQL server in the destination, based on this statement

    "SQL Server - The TCP ports in use by both the source and destination site databases."


    Solutions Architect

    Tuesday, June 9, 2015 11:56 AM
  • Nick,

    2012 Source > 2007 Destination if you are setting up a migration hierarchy.


    Cheers Paul |

    Tuesday, June 9, 2015 12:04 PM
  • sorry what I mean is, based on my original post (ie remote SQL )

    which parts of the 2012 source need to connect to which parts of the 2007 hierarchy, and which parts of the 2007 hierarchy need access to SQL in 2012 so I can open the correct ports for the specific servers

    These are network firewalls not windows firewalls and I need to provide exact point to point port requirements

    so,  as an example SCCM2012 Primary to SCCM 2007 primary :port 135

         SCCM2012 Primary to "2007" SQL Server : port 1433

    and based on this statement - SQL Server - The TCP ports in use by both the source and destination site databases."

    what needs access BACK to the 2012 SQL database server (this is remote and NOT the SCCM server)

          


    Solutions Architect


    • Edited by Nick_B64 Tuesday, June 9, 2015 1:53 PM
    Tuesday, June 9, 2015 1:52 PM
  • Nick,

    You 2012 site server needs access to the 2012 SQL DB on 1433 and:

    • NetBIOS/SMB – 445 (TCP) - 2012 site server to 2007 site server
    • RPC (WMI) - 135 (TCP) - 2012 site server to 2007 site server
    • SQL Server - The TCP ports in use by both the source and destination site databases. - 2012 site server to 2007 site database server




    Cheers Paul |

    • Proposed as answer by Joyce L Tuesday, June 23, 2015 10:05 AM
    • Marked as answer by Joyce L Friday, June 26, 2015 2:41 AM
    Tuesday, June 9, 2015 2:03 PM
  • thanks Paul  

    • SQL Server - The TCP ports in use by both the source and destination site databases. - 2012 site server to 2007 site database server

    thats the bit that's confusing me -  if "both" are used, isnt that suggesting that something is communicating back to the 2012 SQL server ?   or am I reading too much into that


    Solutions Architect

    Tuesday, June 9, 2015 2:08 PM
  • My brain hurts just reading it. 

    Cheers Paul |

    Tuesday, June 9, 2015 2:16 PM
  • I think we'll just have to suck it and see when it comes to testing/validating it.

    I'll update this thread to confirm once we're done,  in case anyone is interested  :) 


    Solutions Architect

    Tuesday, June 9, 2015 3:12 PM
  • Nick,

    The method I advised worked for me on the the last migration hierarchy I worked on. This was a remote SQL in both 2007 and 2012.


    Cheers Paul |

    Tuesday, June 9, 2015 3:14 PM