As a security best practice, configure the incoming ports required for vRealize Operations Manager to operate in production. The ports should be allowed/opened in local network for vRealize Operations Manager inter-node communication and for customer to vRealize Operations Manager communication.
| Port | Protocol | Comments |
|---|---|---|
| 443 | TCP | Used to access the vRealize Operations Manager user interface and the vRealize Operations Manager administrator interface. |
| 123 | UDP | Used by vRealize Operations Manager for Network Time Protocol (NTP) synchronization to the primary node. |
| 5433 | TCP | Used by the primary and replica nodes to replicate the global database (vPostgreSQL ) when high availability is enabled . |
| 7001 | TCP | Used by Cassandra for secure inter-node cluster communication. Do not expose this port to the Internet. Add this port to a firewall. |
| 9042 | TCP | Used by Cassandra for secure client-related communication among nodes. Do not expose this port to the Internet. Add this port to a firewall. |
| 6061 | TCP | Used by clients to connect to the GemFire Locator to get connection information to servers in the distributed system. Also monitors server load to send clients to the least-loaded servers. |
| 10000-10010 | TCP and UDP | GemFire Server ephemeral port range used for unicast UDP messaging and for TCP failure detection in a peer-to-peer distributed system. |
| 20000-20010 | TCP and UDP | GemFire Locator ephemeral port range used for unicast UDP messaging and for TCP failure detection in a peer-to-peer distributed system. |
| Port | Protocol | Comments |
|---|---|---|
| 22 | TCP | Optional. Secure Shell (SSH). The SSH service listening on port 22, or any other port, must be disabled in a production environment, and port 22 must be closed. |
| 80 | TCP | Optional. Redirects to 443. |
| 3091-3101 | TCP | When Horizon View is installed, used to access data for vRealize Operations Manager from Horizon View. |
