All Windows servers that host IaaS components must meet certain prerequisites. Before you deploy the Cloud Management Applications, you must ensure the IaaS Windows Servers, IaaS Web Server, and IaaS Manager Service Host meet the requirements.

IaaS Windows Servers

  • Install Microsoft .NET Framework 4.5.2 or later.

  • IaaS servers use TLS for authentication, which is enabled by default on some Windows servers. Some sites disable TLS for security reasons, but you must leave at least one TLS protocol enabled. This version of vRealize Automation supports TLS 1.2.

  • SHA-512 for TLS 1.2 is disabled in Windows by default. Verify that you have installed the Windows update in Microsoft KB 2973337 if you use SHA-512 certificates for vRealize Automation.

  • Enable the Distributed Transaction Coordinator (DTC) service. IaaS uses DTC for database transactions and actions such as a workflow creation. For more information on DTC enablement, see VMware KB 2038943 .

  • Verify that the Secondary Log On service is running. You can stop the service after the deployment is complete.

  • Ports on the IaaS Windows servers must be configured before the deployment of vRealize Automation.

Table 1. Incoming Ports for IaaS Windows Servers

Port

Protocol

Component

Comments

443

TCP

Manager Service

Communication with IaaS components and vRealize Automation appliance over HTTPS

443

TCP

vRealize Automation appliance

Communication with IaaS components and vRealize Automation appliance over HTTPS

443

TCP

Infrastructure Endpoint Hosts

Communication with IaaS components and vRealize Automation appliance over HTTPS. Typically, 443 is the default communication port for virtual and cloud infrastructure endpoint hosts, but refer to the documentation provided by your infrastructure hosts for a full list of default and required ports.

443

TCP

Guest agent Software bootstrap agent

Communication with Manager Service over HTTPS

443

TCP

DEM Worker

Communication with NSX Manager

Table 2. Outgoing Ports for IaaS Windows Servers

Port

Protocol

Component

Comments

53

TCP, UDP

All

DNS

67, 68, 546, 547

TCP, UDP

All

DHCP

123

TCP, UDP

All

NTP

443

TCP

Manager Service

Communication with vRealize Automation appliance over HTTPS

443

TCP

Distributed Execution Managers

Communication with Manager Service over HTTPS

443

TCP

Proxy agents

Communication with Manager Service and infrastructure endpoint hosts over HTTPS

443

TCP

Management Agent

Communication with the vRealize Automation appliance over HTTPS

443

TCP

Guest agent Software bootstrap agent

Communication with Manager Service over HTTPS

1433

TCP

Manager Service Website

MSSQL

5480

TCP

All

Communication with the vRealize Automation appliance.

As you enable DTC between all servers, DTC requires port 135 over TCP and a random port between 1024 and 65535. The Prerequisite Checker validates that DTC is running and the required ports are open.