Chapter 8. Security topics
The Red Hat Enterprise Virtualization Hypervisor has various security features enabled. Security-Enhanced Linux (SELinux) and the
iptables firewall are fully configured and enabled by default.
Administrators can receive the latest security advisories from the Red Hat Enterprise Virtualization watch list. Subscribe to the Red Hat Enterprise Virtualization watch list to receive new security advisories for RHEV products by email. Subscribe by completing this form: http://www.redhat.com/mailman/listinfo/rhev-watch-list/.
RHEV uses various network ports for management and other virtualization features. These ports must be open for Red Hat Enterprise Linux to function as a host with Red Hat Enterprise Virtualization. The list below covers ports and their usage by Red Hat Enterprise Virtualization:
- ICMP requests must be accepted. ICMP packets are used for network testing by the Red Hat Enterprise Virtualization Manager.
- Port 22 should be open for SSH access and the initial installation.
- Ports 80 or 443 (depending on the security settings on the Red Hat Enterprise Virtualization Manager) are used by the vdsm-reg service to communicate information about the host.
- Ports 5634 to 6166 are used for guest virtual machine console access.
- Ports 49152 to 49216 are used for migrations. Migration may use any port in this range depending on the number of concurrent migrations occurring.
- Port 54321 is used by default, by VDSM for management, storage and inter-host communication. This port can be modified.
