Network security
IBM Power Virtual Server in IBM data center
The infrastructure provides virtual LAN (VLAN) isolation between different tenants, which are enforced at Virtual I/O Server (VIOS) and physical switches and routers.
Default firewall ports
The IBM® Power® Virtual Server network security architecture relies on a set of fixed firewall ports open on the Juniper vSRX firewalls:
- 22 (SSH)
- 443 (HTTPS)
- 992 (IBM i5250 emulation SSL)
- ICMP traffic
There are plans to add the ability to dynamically configure the firewall rules in the future.
The following firewall ports are also open, typically used for IBM i logical partitions (LPARs):
- 2005
- 2007
- 2010
- 2012
- 9470
- 9475
- 9476
The port 6443 is also open for miscellaneous purposes. However, the port 6443 is not open for the WDC04 and DAL13 data centers.
If you need extra ports to be opened, use a customer-specific firewall option. The option is available by using an IBM Cloud firewall, such as Vyatta, Juniper vSRX, or FortiGate, and by connecting to Power Virtual Server by using Direct Link Connect. To understand the Power Virtual Server connection methods, see Network architecture diagrams.