As a security best practice, configure incoming and outgoing ports for the Infrastructure as a Service (IaaS) components according to VMware guidelines.

Incoming Ports

Configure the minimum required incoming ports for the IaaS components.

Table 1. Minimum Required Incoming Ports

COMPONENT

PORT

PROTOCOL

COMMENTS

Manager Service

443

TCP

Communication with IaaS components and vRealize Automation Appliance over HTTPS. Any virtualization hosts that proxy agents manage must also have TCP port 443 open for incoming traffic

Outgoing Ports

Configure the minimum required outgoing ports for the IaaS components.

Table 2. Minimum Required Outgoing Ports

COMPONENT

PORT

PROTOCOL

COMMENTS

All

53

TCP, UDP

DNS.

All

TCP, UDP

DHCP.

Manager Service

443

TCP

Communication with vRealize Automation Appliance over HTTPS.

Web site

443

TCP

Communication with Manager Service over HTTPS.

Distributed Execution Managers

443

TCP

Communication with Manager Service over HTTPS.

Proxy Agents

443

TCP

Communication with Manager Service and virtualization hosts over HTTPS.

Guest Agent

443

TCP

Communication with Manager Service over HTTPS.

Manager Service, Web site

1433

TCP

MSSQL.

If needed, configure optional outgoing ports.

Table 3. Optional Outgoing Ports

COMPONENT

PORT

PROTOCOL

COMMENTS

All

123

TCP, UDP

NTP is optional.