The following tables show the User Account and Authentication (UAA) internal network communication paths with other VMware Tanzu Application Service for VMs (TAS for VMs) components.

For more information about UAA, see User Account and Authentication (UAA) Server.

Inbound communications

The following table lists network communication paths that are inbound to UAA:

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
cloud_controller uaa 8443 TCP HTTPS OAuth 2.0 or none*
diego_brain (SSH Proxy) uaa 443 TCP HTTPS OAuth 2.0
loggregator_trafficcontroller uaa 8443 TCP HTTPS TLS
mysql_monitor uaa 8443 TCP HTTPS OAuth
router uaa 8443 TCP HTTPS OAuth 2.0

*The authentication method depends on the type of request.

Outbound communications: Internal to TAS for VMs

The following table lists network communication paths that are outbound from UAA:

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
uaa mysql_proxy* 3306 TCP MySQL MySQL authentication**
uaa (Route Registrar) nats 4222 TCP NATS Basic authentication

*Applies only to deployments where internal MySQL is selected as the database.

** MySQL authentication uses the MySQL native password method.

Outbound communications: External to TAS for VMs

The following table lists network communication paths from UAA that are outbound to external systems:

Source VM Destination VM Port Transport Layer Protocol App Layer Protocol Security and Authentication
uaa LDAP LDAP server communication port TCP LDAP/LDAPS Basic authentication (LDAP bind)
uaa SAML/OIDC 80 or 443 (HTTP port) TCP HTTP/HTTPS Key

BOSH DNS communications

By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.

check-circle-line exclamation-circle-line close-line
Scroll to top icon