As a security best practice, configure the incoming ports required for vRealize Operations Manager to operate in production.

Table 1. Minimum Required Incoming Ports

Port

Protocol

Comments

443

TCP

Used to access the vRealize Operations Manager user interface and the vRealize Operations Manager administrator interface.

123

UDP

Used by vRealize Operations Manager for Network Time Protocol (NTP) synchronization to the master node.

5433

TCP

Used by the master and replica nodes to replicate the global database (vPostgreSQL ) when high availability is enabled .

7001

TCP

Used by Cassandra for secure inter-node cluster communication.

Do not expose this port to the internet. Add this port to a firewall.

9042

TCP

Used by Cassandra for secure client-related communication among nodes.

Do not expose this port to the internet. Add this port to a firewall.

6061

TCP

Used by clients to connect to the GemFire Locator to get connection information to servers in the distributed system. Also monitors server load to send clients to the least-loaded servers.

10000-10010

TCP and UDP

GemFire Server ephemeral port range used for unicast UDP messaging and for TCP failure detection in a peer-to-peer distributed system.

20000-20010

TCP and UDP

GemFire Locator ephemeral port range used for unicast UDP messaging and for TCP failure detection in a peer-to-peer distributed system.

Table 2. Optional Incoming Ports

Port

Protocol

Comments

22

TCP

Optional. Secure Shell (SSH). The SSH service listening on port 22, or any other port, must be disabled in a production environment, and port 22 must be closed.

80

TCP

Optional. Redirects to 443.

3091-3101

TCP

When Horizon View is installed, used to access data for vRealize Operations Manager from Horizon View.