Ports on the vRealize Automation appliance are usually preconfigured in the OVF or OVA that you deploy.

The following ports are used by the vRealize Automation appliance.

Table 1. Incoming Ports

Port

Protocol

Comments

22

TCP

Optional. Access for SSH sessions.

80

TCP

Optional. Redirects to 443.

88

TCP (UDP optional)

Cloud KDC Kerberos authentication from external mobile devices.

443

TCP

Access to the vRealize Automation console and API calls.

Access for machines to download the guest agent and software bootstrap agent.

Access for load balancer, browser.

4369, 5671, 5672, 25672

TCP

RabbitMQ messaging.

5480

TCP

Access to the virtual appliance management interface.

Used by the Management Agent.

5488, 5489

TCP

Internally used by the vRealize Automation appliance for updates.

8230, 8280, 8281, 8283

TCP

Internal vRealize Orchestrator instance.

8443

TCP

Access for browser. Identity Manager administrator port over HTTPS.

8444

TCP

Console proxy communication for vSphere VMware Remote Console connections.

9300–9400

TCP

Access for Identity Manager audits.

54328

UDP

Table 2. Outgoing Ports

Port

Protocol

Comments

25, 587

TCP, UDP

SMTP for sending outbound notification email.

53

TCP, UDP

DNS server.

67, 68, 546, 547

TCP, UDP

DHCP.

80

TCP

Optional. For fetching software updates. Updates can be downloaded separately and applied.

88, 464, 135

TCP, UDP

Domain controller.

110, 995

TCP, UDP

POP for receiving inbound notification email.

143, 993

TCP, UDP

IMAP for receiving inbound notification email.

123

TCP, UDP

Optional. For connecting directly to NTP instead of using host time.

389

TCP

Access to View Connection Server.

389, 636, 3268, 3269

TCP

Active Directory. Default ports shown, but are configurable.

443

TCP

Communication with IaaS Manager Service and infrastructure endpoint hosts over HTTPS.

Communication with the vRealize Automation software service over HTTPS.

Access to the Identity Manager upgrade server.

Access to View Connection Server.

445

TCP

Access to ThinApp repository for Identity Manager.

902

TCP

ESXi network file copy operations and VMware Remote Console connections.

5050

TCP

Optional. For communicating with vRealize Business for Cloud.

5432

TCP, UDP

Optional. For communicating with another appliance PostgreSQL database.

5500

TCP

RSA SecurID system. Default port shown, but is configurable.

8281

TCP

Optional. For communicating with an external vRealize Orchestrator instance.

9300–9400

TCP

Access for Identity Manager audits.

54328

UDP

Other ports might be required by specific vRealize Orchestrator plug-ins that communicate with external systems. See the documentation for the vRealize Orchestrator plug-in.