Cloudstack常用端口（Ports used by CloudStack）

證券，金融或者對網絡環境要求較嚴格，開放網絡中端口訪問都需要安全審計的公司太扯淡。不過從安全考慮，還是很有必要的。

複雜網絡中部署CS中需要調試網絡連通性以便保證通信正常。

下面是官方給出的CS常用端口：

管理服務器：
8080: 主界面 / 授權API端口
8096: 用戶/客戶端連接CS管理端 (不可靠的)
8787: CloudStack (Tomcat) debug socket
9090: Cloudstack羣集管理服務接口
45219: JMX console

系統VM代理通信 - 必須在管理服務器上打開
3922: 安全系統的安全通信端口
8250: 系統VM與管理服務器未加密的通信端口

MySQL Server
3306: MySQL 服務

虛擬化平臺
22/443: XenServer, XAPI
22: KVM
443: vCenter

外部端口：
53: DNS
111/2049: NFS與SSVM通信
860/3260: iSCSI軟件連接器通信端口
7080: AWS API server

另外附上管理端（management server）和系統虛擬機（system VM's）監聽的端口和開放的服務：

	Interface	Port	Process	Config File	Note
1	*	3306	mysqld	/etc/my.cnf	MySQL database, the port should be protected.
2	*	8080	tomcat		Default Web Console HTTP Port
3	*	8250	tomcat	simulator.properties	MS-Agent Communication
4	*	7080	tomcat	server.xml	AWSAPI
5	*	9090	tomcat	db.properties	MS-MS Communication
6	*	20400	tomcat	server.xml	AJP Connector
7	*	45219	tomcat	tomcat6.conf	JMX Port (no authentication)
8	*	other high end ports	tomcat

	Interface	Port	Process	Note
1	Guest	53	dnsmasq
2	Guest	80	apache2
3	Guest	443	apache2
4	Guest	8080	socat	password server: /opt/cloud/bin/serve_password.sh
5	Link Local	3922	sshd
6	*	35999	haproxy	does haproxy need to listen on all interfaces?

	Interface	Port	Process	Config File	Note
1	*	443	java		Console Proxy Listening Port
2	*	8001	java	/usr/local/cloud/systemvm/conf/consoleproxy.properties	Deprecated. Console proxy internal port for management server to get current load status of a running proxy(this will be obsolete since load report is done via secure agent/management server channel)
3	Link Local	3922	sshd

	Interface	Port	Process	Note
1	*	111	rpc.portmap	Should be closed if not needed or limited to internal interfaces
2	*	high end port	rpc.statd	Should be closed if not needed or limited to internal interfaces
3	public	80	apache2	zone-to-zone copy over http
4	public	443	apache2	zone-to-zone copy over https
5	Link Local	3922	sshd