Ports and protocols allow node-to-node communication paths in NSX-T Data Center, the paths are secured and authenticated, and a storage location for the credentials are used to establish mutual authentication.

Configure the ports and protocols required to be open on both the physical and the host hypervisor firewalls in NSX-T Data Center. Refer to https://ports.vmware.com/home/NSX-T-Data-Center for more details.

By default, all certificates are self-signed certificates. The northbound GUI and API certificates and private keys can be replaced by CA signed certificates.

There are internal daemons that communicate over the loopback or UNIX domain sockets:
  • KVM: MPA, OVS
  • ESXi: nsx-cfgagent, ESX-DP (in the kernel)
Note: To get access to NSX-T Data Center nodes, you must enable SSH on these nodes.
NSX Cloud Note: See Enable Access to Ports and Protocols for a list of ports required for deploying NSX Cloud.