The following tables list all the vRealize Network Insight inbound communication ports that need to be whitelisted for various setups:

Ports for the Platform Cluster Setup

Table 1.
Source Target Port Protocol Purpose Sensitive SSL Authentication
SSH client Platform 22 SSH CLI or host access No Yes User/Password or SSH key-based authentication
Client Web-Browser and vRNI Collector Platform 443 HTTPS UI/API access and communication with vRNI Collector Yes Yes SSL channel encrypted with 2048b RSA key based SHA2 cert (or User configured custom cert). Collector to Platform messages on this channel also encrypted further with HMAC.
Platform Platform 2181 HTTP Communication between zookeeper servers on other nodes (in case of cluster). And stores metdata information(znode data) No No
Platform Platform 2888 HTTP Used to connect to zookeeper leader No No
Platform Platform 3000 HTTP Used for email notifications Yes No
Platform Platform 3888 HTTP Used for zookeeper leader election Yes No
Platform Platform 5432 jdbc Storing VM configuration data and infra meta data Yes No
Platform Platform 8020 TCP/RPC Communicate between other name node(s) and data nodes Yes No
Platform Platform 8025 HTTP Node managers use this port to connect to resource manager No No
Platform Platform 8030 HTTP Used by resource manager to schedule the tasks No No
Platform Platform 8032 HTTP The address of the applications manager interface in the RM No No
Platform Platform 8033 HTTP The address of the RM admin interface No No
Platform Platform 8042 HTTP Node manager web app address No No
Platform Platform 8080 HTTP Serves UI requests Yes No
Platform Platform 8088 HTTP The HTTP address of the Resource Manager web application No No
Platform Platform 8480 TCP/RPC JournalNode HTTP server No No
Platform Platform 8485 TCP/RPC HDFS shared edits data dir No No
Platform Platform 9090 HTTP Serves requests from collector and sends commands to collector Yes Yes (protected via nginx)
Platform Platform 9092 Binary over TCP Port on which other brokers communicate Yes No
Platform Platform 9200-9300 HTTP Serves search requests. ES uses range of ports to listen, if 9200 is by it uses next port available. Yes No
Platform Platform 9300 HTTP Serves search requests. ES uses range of ports to listen, if 9200 is by it uses next port available. Yes No
Platform Platform 30000:65535 TCP Ephemeral ports range used by various processes to make the TCP connection with the other processes No No
Platform Platform 60000 IPC Used for communication between other hbase masters and region servers Yes No
Platform Platform 60010 HTTP Used for hbase web UI No No
Platform Platform 60020 IPC Communication between hbase master and region server Yes No
Platform Platform 4500-4510 TCP Communication between Foundation DB servers running on different platforms Yes No

Ports for the Single Platform Setup

Table 2.
Source Target Port Protocol Purpose Sensitive SSL Authentication
SSH client Platform 22 SSH CLI or host access No Yes User/Password or SSH key-based authentication
Client Web-Browser and vRNI Collector Platform 443 HTTPS UI/API access and communication with vRNI Collector Yes Yes SSL channel encrypted with 2048b RSA key based SHA2 cert (or User configured custom cert). Collector to Platform messages on this channel also encrypted further with HMAC.

Ports for the Collector Server

Table 3.
Source Target Port Protocol Purpose Sensitive SSL Authentication
SSH client Collector 22 SSH CLI or host access No Yes User/Password or SSH key-based authentication
vRNI Collector Platform 443 HTTPS Primary communication channel with Platform Yes Yes SSL channel encrypted with 2048b RSA key based SHA2 cert (or User configured custom cert). Collector to Platform messages on this channel also encrypted further with HMAC.
Flow Forwarder Collector UDP 2055 NetFlow/IPFIX Flows from target are pushed to this port Yes No
Flow Forwarder Collector UDP 6343 sFlow Flows from target are pushed to this port Yes No
ESXi Host Collector 1991 TCP Collecting latency measurement of virtual infrastructure, for example: latency between vNIC to pNIC, VTEP to VTEP, TEP to TEP, and so on. No No
Dell OS10 Collector 50000 GRPC Receiving buffer stats telemetry information from Dell OS10 devices No No