As a security best practice, configure the incoming ports required for vRealize Operations Manager to operate in production. The ports should be allowed/opened in local network for vRealize Operations Manager inter-node communication and for customer to vRealize Operations Manager communication.

Table 1. Minimum Required Incoming Ports
Port Protocol Comments
443 TCP Used to access the vRealize Operations Manager user interface and the vRealize Operations Manager administrator interface.
123 UDP Used by vRealize Operations Manager for Network Time Protocol (NTP) synchronization to the primary node.
5433 TCP Used by the primary and replica nodes to replicate the global database (vPostgreSQL ) when high availability is enabled .
7001 TCP Used by Cassandra for secure inter-node cluster communication.

Do not expose this port to the Internet. Add this port to a firewall.

9042 TCP Used by Cassandra for secure client-related communication among nodes.

Do not expose this port to the Internet. Add this port to a firewall.

6061 TCP Used by clients to connect to the GemFire Locator to get connection information to servers in the distributed system. Also monitors server load to send clients to the least-loaded servers.
10000-10010 TCP and UDP GemFire Server ephemeral port range used for unicast UDP messaging and for TCP failure detection in a peer-to-peer distributed system.
20000-20010 TCP and UDP GemFire Locator ephemeral port range used for unicast UDP messaging and for TCP failure detection in a peer-to-peer distributed system.
Table 2. Optional Incoming Ports
Port Protocol Comments
22 TCP Optional. Secure Shell (SSH). The SSH service listening on port 22, or any other port, must be disabled in a production environment, and port 22 must be closed.
80 TCP Optional. Redirects to 443.
3091-3101 TCP When Horizon View is installed, used to access data for vRealize Operations Manager from Horizon View.