vCloud Automation Center uses designated ports for communication and data access.

The following ports are used by the Identity Appliance.

Incoming Ports for the Identity Appliance

Port

Protocol

Comments

22

TCP

Optional. SSH.

5480

TCP

Access to virtual appliance Web management interface

7444

TCP

SSO service over HTTPS

Outgoing Ports for the Identity Appliance

Port

Protocol

Comments

53

TCP, UDP

DNS

67, 68, 546, 547

TCP, UDP

DHCP

80

TCP

Optional. For fetching software updates. Updates can be downloaded separately and applied.

123

TCP, UDP

Optional. For connecting directly to NTP instead of using host time.

389, 636

TCP, UDP

LDAP and Active Directory

The following ports are used by the vCloud Automation Center Appliance.

In addition to the ports listed below, additional ports may be required by specific vCenter Orchestrator plugins that communicate with external systems. For more information, see the documentation for the plugin.

Incoming Ports for the vCloud Automation Center Appliance

Port

Protocol

Comments

22

TCP

Optional. SSH.

80

TCP

Optional. Redirects to 443.

111

TCP, UDP

RPC

443

TCP

Access to the vCloud Automation Center console and API calls.

5480

TCP

Access to virtual appliance Web management interface

5488, 5489

TCP

Internal. Used by vCloud Automation Center Appliance for updates.

8230, 8280, 8281

TCP

Internal vCenter Orchestrator instance

Outgoing Ports for the vCloud Automation Center Appliance

Port

Protocol

Comments

25, 587

TCP, UDP

SMTP for sending outbound notification emails

53

TCP, UDP

DNS

67, 68, 546, 547

TCP, UDP

DHCP

80

TCP

Optional. For fetching software updates. Updates can be downloaded separately and applied.

110, 995

TCP, UDP

POP for receiving inbound notification emails

143, 993

TCP, UDP

IMAP for receiving inbound notification emails

123

TCP, UDP

Optional. For connecting directly to NTP instead of using host time.

443

TCP

IaaS Manager Service over HTTPS

5433

TCP, UDP

Optional. For communicating with an external PostgreSQL database.

7444

TCP

Communication with SSO service over HTTPS

8281

TCP

Optional. For communicating with an external vCenter Orchestrator instance .

In addition to verifying that the ports listed in the following table are free for use, you must enable Microsoft Distributed Transaction Coordinator Service (MS DTC) communication between all servers in the deployment. The Prerequisite Checker validates whether MS DTC is running and that the required ports are open.

Any virtualization hosts managed by proxy agents must also have TCP port 443 open for incoming traffic.

Incoming Ports for Infrastructure as a Service Components

Component

Port

Protocol

Comments

SQL Server instance

1433

TCP

MSSQL

Manager Service

443

TCP

Communication with IaaS components and vCloud Automation Center Appliance over HTTPS

Outgoing Ports for Infrastructure as a Service Components

Component

Port

Protocol

Comments

All

53

TCP, UDP

DNS

All

67, 68, 546, 547

TCP, UDP

DHCP

All

123

TCP, UDP

Optional. NTP.

Manager Service

443

TCP

Communication with vCloud Automation Center Appliance over HTTPS

Website

443

TCP

Communication with Manager Service over HTTPS

Distributed Execution Managers

443

TCP

Communication with Manager Service over HTTPS

Proxy agents

443

TCP

Communication with Manager Service and virtualization hosts over HTTPS

Guest agent

443

TCP

Communication with Manager Service over HTTPS

Manager Service, Website

1433

TCP

MSSQL