The following tables list all the vRealize Network Insight inbound communication ports that need to be whitelisted for various setups:

Ports for the Platform Cluster Setup

Table 1.

Source

Target

Port

Protocol

Purpose

Sensitive

SSL

Authentication

SSH client

Platform

22

SSH

CLI or host access

No

Yes

User/Password or SSH key-based authentication

Client Web-Browser and vRNI Proxy

Platform

443

HTTPS

UI/API access and communication with vRNI Proxy

Yes

Yes

SSL channel encrypted with 2048b RSA key based SHA2 cert (or User configured custom cert). Proxy to Platform messages on this channel also encrypted further with HMAC.

Platform

Platform

2181

HTTP

Communication between zookeeper servers on other nodes (in case of cluster). And stores metdata information(znode data)

No

No

Platform

Platform

2888

HTTP

Used to connect to zookeeper leader

No

No

Platform

Platform

3000

HTTP

Used for email notifications

Yes

No

Platform

Platform

3888

HTTP

Used for zookeeper leader election

Yes

No

Platform

Platform

5432

jdbc

Storing VM configuration data and infra meta data

Yes

No

Platform

Platform

8020

TCP/RPC

Communicate between other name node(s) and data nodes

Yes

No

Platform

Platform

8025

HTTP

Node managers use this port to connect to resource manager

No

No

Platform

Platform

8030

HTTP

Used by resource manager to schedule the tasks

No

No

Platform

Platform

8032

HTTP

The address of the applications manager interface in the RM

No

No

Platform

Platform

8033

HTTP

The address of the RM admin interface

No

No

Platform

Platform

8042

HTTP

Node manager web app address

No

No

Platform

Platform

8080

HTTP

Serves UI requests

Yes

No

Platform

Platform

8088

HTTP

The HTTP address of the Resource Manager web application

No

No

Platform

Platform

8480

TCP/RPC

JournalNode HTTP server

No

No

Platform

Platform

8485

TCP/RPC

HDFS shared edits data dir

No

No

Platform

Platform

9090

HTTP

Serves requests from proxy and sends commands to proxy

Yes

Yes (protected via nginx)

Platform

Platform

9092

Binary over TCP

Port on which other brokers communicate

Yes

No

Platform

Platform

9200-9300

HTTP

Serves search requests. ES uses range of ports to listen, if 9200 is by it uses next port available.

Yes

No

Platform

Platform

9300

HTTP

Serves search requests. ES uses range of ports to listen, if 9200 is by it uses next port available.

Yes

No

Platform

Platform

30000:65535

TCP

Ephemeral ports range used by various processes to make the TCP connection with the other processes

No

No

Platform

Platform

60000

IPC

Used for communication between other hbase masters and region servers

Yes

No

Platform

Platform

60010

HTTP

Used for hbase web UI

No

No

Platform

Platform

60020

IPC

Communication between hbase master and region server

Yes

No

Ports for the Single Platform Setup

Table 2.

Source

Target

Port

Protocol

Purpose

Sensitive

SSL

Authentication

SSH client

Platform

22

SSH

CLI or host access

No

Yes

User/Password or SSH key-based authentication

Client Web-Browser and vRNI Proxy

Platform

443

HTTPS

UI/API access and communication with vRNI Proxy

Yes

Yes

SSL channel encrypted with 2048b RSA key based SHA2 cert (or User configured custom cert). Proxy to Platform messages on this channel also encrypted further with HMAC.

Ports for the Proxy Server

Table 3.

Source

Target

Port

Protocol

Purpose

Sensitive

SSL

Authentication

SSH client

Proxy

22

SSH

CLI or host access

No

Yes

User/Password or SSH key-based authentication

vRNI Proxy

Platform

443

HTTPS

Primary communication channel with Platform

Yes

Yes

SSL channel encrypted with 2048b RSA key based SHA2 cert (or User configured custom cert). Proxy to Platform messages on this channel also encrypted further with HMAC.

Flow Forwarder

Proxy

UDP 2055

NetFlow/IPFIX

Flows from target are pushed to this port

Yes

No