vRealize Automation uses designated ports for communication and data access.

Although vRealize Automation uses only port 443 for communication, there might be other ports to open on the system. Because open, unsecured ports might present security vulnerabilities, verify that only ports required by your business applications are open.

vRealize Automation Appliance

The following ports are used by the vRealize Automation appliance.

Table 1. Incoming Ports for the vRealize Automation appliance

Port

Protocol

Comments

22

TCP

Optional. Access for SSH sessions

80

TCP

Optional. Redirects to 443

111

TCP, UDP

RPC

443

TCP

Access to the vRealize Automation console and API calls

443

TCP

Access for machines to download the guest agent and software bootstrap agent

5480

TCP

Access to the virtual appliance Web management interface

5480

TCP

Used by the Management Agent

5488, 5489

TCP

Internally used by the vRealize Automation appliance for updates

4369, 25672,5671,5672

TCP

RabbitMQ messaging

8230, 8280, 8281

TCP

Internal vRealize Orchestrator instance.

8444

TCP

Console proxy communication for vSphere VMware Remote Console connections.

Table 2. Outgoing Ports for the vRealize Automation appliance

Port

Protocol

Comments

25, 587

TCP, UDP

SMTP for sending outbound notification emails

53

TCP, UDP

DNS

67, 68, 546, 547

TCP, UDP

DHCP

80

TCP

Optional. For fetching software updates. Updates can be downloaded separately and applied

110, 995

TCP, UDP

POP for receiving inbound notification emails

143, 993

TCP, UDP

IMAP for receiving inbound notification emails

123

TCP, UDP

Optional. For connecting directly to NTP instead of using host time

443

TCP

Communication with IaaS Manager Service and infrastructure endpoint hosts over HTTPS

443

TCP

Communication with the software bootstrap agent over HTTPS

902

TCP

ESXi network file copy operations and VMware Remote Console connections.

5050

TCP

Optional. For communicating with vRealize Business.

5432

TCP, UDP

Optional. For communicating with an Appliance Database

8281

TCP

Optional. For communicating with an external vRealize Orchestrator instance

Other ports might be required by specific vRealize Orchestrator plug-ins that communicate with external systems. See the documentation for the vRealize Orchestrator plug-in.

Infrastructure as a Service

The ports in the tables Incoming Ports for Infrastructure as a Service Components and Outgoing Ports for Infrastructure as a Service must be available for use by the IaaS Windows Server.

Table 3. Incoming Ports for Infrastructure as a Service Components

Component

Port

Protocol

Comments

Manager Service

443

TCP

Communication with IaaS components and vRealize Automation appliance over HTTPS

vRealize Automation appliance

443

TCP

Communication with IaaS components and vRealize Automation appliance over HTTPS

Infrastructure Endpoint Hosts

443

TCP

Communication with IaaS components and vRealize Automation appliance over HTTPS. Typically, 443 is the default communication port for virtual and cloud infrastructure endpoint hosts, but refer to the documentation provided by your infrastructure hosts for a full list of default and required ports

SQL Server instance

1433

TCP

MSSQL

Table 4. Outgoing Ports for Infrastructure as a Service Components

Component

Port

Protocol

Comments

All

53

TCP, UDP

DNS

All

67, 68, 546, 547

TCP, UDP

DHCP

All

123

TCP, UDP

Optional. NTP

Manager Service

443

TCP

Communication with vRealize Automation appliance over HTTPS

Distributed Execution Managers

443

TCP

Communication with Manager Service over HTTPS

Proxy agents

443

TCP

Communication with Manager Service and infrastructure endpoint hosts over HTTPS

Management Agent

443

TCP

Communication with the vRealize Automation appliance

Guest agent

Software bootstrap agent

443

TCP

Communication with Manager Service over HTTPS

Manager Service

Website

1433

TCP

MSSQL

All

5480

TCP

Communication with the vRealize Automation appliance.

Microsoft Distributed Transaction Coordinator Service

In addition to verifying that the ports listed in the previous tables are free for use, you must enable Microsoft Distributed Transaction Coordinator Service (MS DTC) communication between all servers in the deployment. MS DTC requires the use of port 135 over TCP and a random port between 1024 and 65535.

The Prerequisite Checker validates whether MS DTC is running and that the required ports are open.