Ports and protocols allow node-to-node communication paths in NSX-T, the paths must be secured and authenticated, and a storage location for the credentials must be used to establish mutual authentication.

By default, all certificates are self-signed certificates. The northbound GUI and API certificates and private keys can be replaced by CA signed certificates.

There are internal daemons that communicate over the loopback or UNIX domain sockets:

  • KVM: MPA, netcpa, nsx-agent, OVS

  • ESX: netcpa, ESX-DP (in the kernel)

In the RMQ user database (db), passwords are hashed with a non-reversible hash function. So h(p1) is the hash of password p1.

CCP

Central control plane

LCP

Local control plane

MP

Management plane

MPA

Management plane agent

Note:

You must enable SSH to access NSX-T nodes.