Ports and protocols allow node-to-node communication paths in NSX-T Data Center, the paths are secured and authenticated, and a storage location for the credentials are used to establish mutual authentication.

Figure 1. NSX-T Data Center Ports and Protocols

By default, all certificates are self-signed certificates. The northbound GUI and API certificates and private keys can be replaced by CA signed certificates.

There are internal daemons that communicate over the loopback or UNIX domain sockets:

  • KVM: MPA, netcpa, nsx-agent, OVS

  • ESX: netcpa, ESX-DP (in the kernel)

In the RMQ user database (db), passwords are hashed with a non-reversible hash function. So h(p1) is the hash of password p1.


Central control plane


Local control plane


Management plane


Management plane agent


To get access to NSX-T Data Center nodes, you must enable SSH on these nodes.

NSX Cloud Note:

See Enable Access to ports and protocols on CSM for Hybrid Connectivity for a list of ports required for deploying NSX Cloud.