Let me say that I think that firewall requirements for Snapcenter deployments are excessive.
I suppose that there will be good technical reasons behind it, but think about the customer perspective for one moment: Do you think that is reasonable to be mandatory that every single host using snapshot funcionalities shoud be given management access to the SVM?
A first look at the documentation suggests that SnapCenter will work the proper way (from my point of view) , that is, the management communications take place only between the snapcenter host and the plug-in hosts and between the snapcenter host and the storage, but sadly appears that it doesn't work that way.
This picture is taken from the Snapcenter documentation. I understand that "data" should mean iSCSI or FCP, not HTTPS communications with the SVM.
Could you please clarify what does"management" refer to in this picture? Thanks in advance.