Hybrid Cloud Manager must traverse the public Internet and your private lines, and connect to data center components, such as networks, switches, and port groups.

Port Access Requirements lists ports that must be opened so that Hybrid Cloud Manager virtual appliances can install successfully.

Both your vSphere environment and your vCloud Air environment must permit Network Time Protocol (NTP) clock synchronization among vSphere on-premises devices and the vCloud Air Dedicated Cloud devices. UDP port 123 must be accessible to Hybrid Cloud Manager virtual appliances and networks. If you have installed NTP Servers, you can specify them when you Install the Hybrid Cloud Manager Appliance.

Port Access Requirements

Source

Target

Port

Protocol

Purpose

Services

HCM

Customer DNS

53

TCP /UDP

Name resolution.

DNS

HCM

vCloud Director API URL

443

TCP

Hybrid Cloud Manager to vCloud Air registration.

HCM

vCenter Server

443

TCP

Hybrid Cloud Manager REST service.

HTTPS

Web Browser

HCM

9443

TCP

Hybrid Cloud Manager Virtual Appliance Management Interface for Hybrid Cloud Manager system configuration.

HTTPS

Admin Network

HCM

22

SSH

Administrator SSH access to Hybrid Cloud Manager. Only necessary if you configured SSH in customized template services configuration.

HTTPS

HCM

ESXi Hosts

902

TCP

Send management and provisioning instructions from Hybrid Cloud Manager to ESXi Hosts in vCloud Air.

internal

HCM

vCenter SSO Server

7444

TCP

vSphere Lookup Service.

HCM

NTP Servers

123

UDP

Time synchronization.

HCM

Syslog

User Configured

Connection between Hybrid Cloud Manager (the client) and the Syslog server. Values for the Syslog port and protocol you specified in the vSphere Web Client (for example, port 514 for UDP protocol).

HCM

Cloud Gateway

8123

TCP

Send host-based replication service instructions to the Hybrid Cloud Gateway.

HTTP

HCM

Cloud Gateway

9443

TCP

Send management instructions to the local Hybrid Cloud Gateway using the REST API.

HTTPS

Cloud Gateway

L2C

443

TCP

Send management instructions from Cloud Gateway to L2C when L2C uses the same path as the Hybrid Cloud Gateway.

HTTP

Cloud Gateway

L2C

8443

TCP

Bidirectional management instructions from Cloud Gateway to L2C, when L2C uses an alternate data path.

HTTP

L2C

L2C (remote)

443

TCP

Bidirectional management instructions from Cloud Gateway to L2C, when L2C uses an alternate data path.

HTTP

Cloud Gateway

ESXi Hosts

80, 902

TCP

Management and OVF deployment.

internal

ESXi Hosts

Cloud Gateway

31031, 44046

TCP

Internal host-based replication traffic.

internal

Cloud Gateway

ESXi Hosts

8000

TCP

vMotion (zero-downtime migration)

Cloud Gateway (local)

Cloud Gateway (remote)

50

IP

IP protocol to encapsulate hybrid network traffic for the bidirectional tunnel.

IPSEC

Cloud Gateway (local)

Cloud Gateway (remote)

4500

UDP

Internet key exchange (IKEv2) to encapsulate workloads for the bidirectional tunnel. Network Address Translation-Traversal (NAT-T) is also supported.

IPSEC

Cloud Gateway (local)

Cloud Gateway (remote)

500

UDP

Internet key exchange (ISAKMP) for the bidirectional tunnel.

IPSEC