Skip to main content

How can we help you?

Druva Documentation

Ports and communication protocols

Phoenix Editions: File:/tick.png Business File:/cross.png Enterprise File:/tick.png Elite


Druva Phoenix communicates with your virtual infrastructure to backup and restore virtual machine data. This communication happens via ports and communication protocols that are secure for communication and transition of data.

Druva Phoenix uses a combination of Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols for establishing a connection and initiating communication between Druva Phoenix components and your virtual infrastructure components such as vCenter Server, ESXi hosts, and virtual machines.

The following diagram depicts the ports and communication protocols that are used by Druva Phoenix for secure connection and communication during the backup and restore operations.

Ports and Communication protocols.png

The following table describes the port and communication protocols used for communication between Druva Phoenix and various VMware components.


Communication Protocol




Druva Phoenix uses Port 443 to establish a secure connection and communication between the following:

  • Backup Proxy to Druva Cloud
  • Backup Proxy to Phoenix CloudCache
  • Backup Proxy to vCenter Server
Note: Backup proxy establishes connection with ESXi host over Port 443 only if it registered with Druva Phoenix as Standalone ESXi. If the ESXi host is registered with Druva Phoenix through vCenter Server, backup proxy communicates with the ESXi host over Port 902.



Druva Phoenix uses port 902 to establish a connection between the backup proxy and ESXi host registered with Druva Phoenix through vCenter Server.

Note: By default, VMware uses the port 902 for the vixDiskLib connection (All Transport Modes). You must use the VixDiskLib to access a virtual disk.  All operations require a VixDiskLib connection to access virtual disk data.

3542 HTTPS+SSL For application-aware backups, the backup proxy uses VMware Tools to inject two executables and a few supporting files such as certificates into the guest OS of the virtual machine. When the executables run, they start guest OS processes called guestossvc and PhoenixSQLGuestPlugin. The backup proxy uses the opened port 3542 on the guest OS so that it can communicate with guestossvc to run SQL Server backups. Ensure that this port is open on the guest OS.

The backup proxy also uses this port to restore databases to the virtual machine.
3545 HTTPS+SSL For application-aware backups, the SQL executable service PhoenixSQLGuestPlugin  queries the Microsoft VSS APIs to back up and restore SQL Server databases. The guestossvc service interacts with the PhoenixSQLGuestPlugin  service using this port. The PhoenixSQLGuestPlugin service cannot directly communicate with the backup proxy. 




During the backup cycle, the backup proxy sends network packets to Windows virtual machines (where VMware tools are installed) on port 3389 to identify if the RDP port is open or not. For Linux virtual machines, the port is 22, which is used for SSH.

This is used for Phoenix DraaS or DR restores.

123 UDP Backup proxy accesses NTP server on Port 123 (UDP) for time synchronization.



Druva Phoenix uses TLS 2.0 or a secure connection that happens between the following:

  • Backup proxy and Druva Cloud
  • Backup proxy and Phoenix CloudCache
  • Phoenix CloudCache and Druva Cloud
  • Was this article helpful?