You open required ports on your firewall to ensure that VMware Integrated OpenStack can operate properly.

All ports listed are TCP unless otherwise specified.

Object Port Number Protocol Network Service or Product Description
Manager and Controllers 22 Internal SSH SSH
Manager 53 TCP or UDP Internal DNS FQDN resolution
Controllers 53 TCP or UDP Public and Internal DNS FQDN resolution
Manager 443 Internal VIO Web UI VIO Web UI service
Controllers 443 Public and Internal OpenStack dashboard service VMware Integrated OpenStack dashboard
ESXi hosts 443 Internal ESXi hosts ESXi API endpoint
NSX Manager 443 Internal NSX Manager NSX Manager endpoint
vCenter Server Appliance 443 Internal vCenter Server vCenter Server API endpoint
Manager 2379 Internal Etcd Server Etcd API endpoint
Manager 2380 Internal Etcd Server Etcd API endpoint
Controllers 3306 Internal OpenStack database Database cluster
Controllers 4567 Internal OpenStack database MariaDB Galera replication traffic
Manager 5000 Internal Docker Registry Docker Registry service endpoint
Controllers 5000 Public and Internal OpenStack API services Keystone API endpoint
Controllers 5672 Internal OpenStack RPC bus RabbitMQ message bus
Controllers 6090 Public and Internal OpenStack console services MKS proxy
Manager 6443 Internal Kubernetes apiserver Kubernetes apiserver endpoint
Controllers 8000 Public and Internal OpenStack API services Heat CloudFormation API endpoint
Controllers 8004 Public and Internal OpenStack API services Heat API endpoint
Manager 8443 Internal VIO API VIO API endpoint
Controllers 8774 Public and Internal OpenStack API services Nova API endpoint
Controllers 8775 Internal OpenStack metadata Metadata service (required unless config drive is used)
Controllers 8776 Public and Internal OpenStack API services Cinder API endpoint
Controllers 8778 Public and Internal OpenStack API services Nova Placement API endpoint
Manager 8879 Internal Helm Repo Server Helm Repo service endpoint
Manager 9000 Internal VIO Web UI Authentication Proxy VIO Web UI Authentiation Proxy
Manager 9090 Internal VIO API swagger VIO API swagger endpoint
Manager and Controllers 9099 Internal Calico CNI Calico CNI
Controllers 9292 Public and Internal OpenStack API services Glance API endpoint
Controllers 9311 Public and Internal OpenStack API services Barbican API endpoint
vCenter Server Appliance 9443 Internal vCenter Server vCenter Server
Manager 9449 Internal vAPI vAPI
Controllers 9696 Public and Internal OpenStack API services Neutron API endpoint
Controllers 9876 Public and Internal OpenStack API services Octavia API endpoint
Manager and Controllers 10250 Internal Kubernetes kubelet Kubernetes kubelet
Manager 10251 Internal Kubernetes scheduler Kubernetes scheduler
Manager 10252 Internal Kubrernetes controller manager Kubernetes controller manager
Controllers 11211 Internal OpenStack control plane cache Memory cache services for controller nodes
Controllers 35357 Public and Internal OpenStack API services Keystone administrator API endpoint
Manager and Controllers 44134 Internal Tiller Server Tiller service endpoint

If you want to use LDAP or Active Directory, the following ports must also be open.

Object Port Number Network Service or Product Description

Active Directory or LDAP hosts

389

Internal

Domain controller or LDAP server

Serving LDAP requests (non-secured)

Active Directory or LDAP hosts

636

Internal

Domain controller or LDAP server (LDAPS)

Serving LDAP requests (secured)

Active Directory or LDAP hosts

3268

Internal

Domain controller

Serving LDAP requests with global catalog (non-secured)

Active Directory or LDAP hosts

3269

Internal

Domain controller (LDAPS)

Serving LDAP requests with global catalog (secured)

If you want to forward logs to vRealize Log Insight, the following port must also be open.

Object Port Number Network Service or Product Description
vRealize Log Insight syslog server 9000 (TCP or UDP)

Internal

Syslog server

Syslog service

If you deploy Ceilometer, the following ports must also be open.

Object Port Number Network Service or Product Description

Controllers

8041

Public and Internal

OpenStack API services

Gnocchi API endpoint

Controllers

8042

Public and Internal

OpenStack API services

Aodh API endpoint

Controllers

8779

Public and Internal

OpenStack API services

Panko API endpoint

If you deploy Designate, the following ports must also be open.

Object Port Number Network Service or Product Description

Controllers

53 (UDP)

Public and Internal

DNS

Designate MiniDNS service

Controllers

9001

Public and Internal

OpenStack API services

Designate endpoint

If you deploy Swift, the following port must also be open.

Object Port Number Network Service or Product Description

Controllers

8080

Public and Internal

OpenStack API services

Swift endpoint