VMware Cloud Community
Zarathustra82
Contributor
Contributor
‎06-01-2012 05:45 AM

Firewall ports for remote vCenters collection

Hello,

I've installed vCenter Operations 5.0.1 and the 2 VMs inside the appliance are in the same subnet as the management IP of the vCenter and ESX hosts that I am trying to collect information from.

I have an additional platform in an entirely different subnet, which is separated from the VCOPS appliance by a firewall.

I have enabled 80 and 443 (both ways) between the UI VM and the remote vCenter server. I managed to register the vCenter in the VCOPS admin page, but I can only see greyed out health, risk and efficiency without any ESX hosts or VMs underneath it.

Do I need to allow 80 and 443 between the Analytics VM and the remote vCenter as well? I couldn't find any documentation stating the required ports between the vApp and remote vCenter servers.

What ports do I need to open to make the collection of data work properly for this other platform?

Reply
0 Kudos
5 Replies
mark_j
Virtuoso
Virtuoso
‎06-01-2012 06:54 AM

I would open TCP 443 between both vApp VMs and the vCenter.

If you see the table below, we can see there actually isn't ANY firewall port listed between the vApp and vCenter. vCOps doesn't magically talk to vCenter just because it's a vApp, so I'd lean towards VMware just forgot to add that specific port requirement to the list for the vApp.

vCenter Operations Manager (vApp) 5.x80TCPBrowservCenter Operations Manager UI VMHTTP server port that unconditionally redirects to HTTPS port
vCenter Operations Manager (vApp) 5.x443TCPBrowser or vSphere Client pluginvCenter Operations Manager UI VMHTTPS server port for the vCenter Operations Manager UIs: Administration, vSphere, and Custom
vCenter Operations Manager (vApp) 5.x22TCPSSH ClientvCenter Operations Manager UI VM, vCenter Operations Manager Analytics VMEnables SSH access to the vCenter Operations Manager virtual appliance
vCenter Operations Manager (vApp) 5.x1194TCPvCenter Operations Manager Analytics VMvCenter Operations Manager UI VMOpen VPN tunnel for communication between the two VMs
vCenter Operations Manager (Standalone) 5.x443TCPvCenter Operations Manager UI VM, vCenter Operations Manager Analytics VMvCenter ServerUI VM: Registration of vCenter Operations Manager as an extension to vCenter, Analytics VM: Collecting metric data from vCenter
vCenter Operations Manager (Standalone) 5.x80TCPBrowservCenter Operations Manager (Standalone)(If chosen during configuration) HTTP port to access vCenter Operations Manager UI
vCenter Operations Manager (Standalone) 5.x443TCPBrowservCenter Operations Manager (Standalone)(If chosen during configuration) HTTPS port to access vCenter Operations Manager UI
vCenter Operations Manager (Standalone) 5.x1199TCPvCenter Operations Manager remote collectorvCenter Operations Manager (Standalone)Heartbeat connection between remote collector and main vCenter Operations Manager server
vCenter Operations Manager (Standalone) 5.x61616TCPvCenter Operations Manager remote collectorvCenter Operations Manager (Standalone)Connection between remote collector and ActiveMQ component on the main vCenter Operations Manager server
vCenter Operations Manager (Standalone) 5.x443TCPvCenter Operations Manager local/remote collectorvCenter ServerConnection between remote collector and ActiveMQ component on the main vCenter Operations Manager server

VMware firewall port list:

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=ex&bbid=TSEBB_1295982945...

If you find this or any other answer useful please mark the answer as correct or helpful.
Reply
0 Kudos
gradinka
VMware Employee
VMware Employee
‎06-04-2012 09:52 AM

the actual data-collection module runs on the "Analytics VM", so you need to allow some traffic to/from it Smiley Happy

Reply
0 Kudos
comahony
VMware Employee
VMware Employee
‎10-05-2015 03:13 AM

Hi Zarathustra82,

I would like to recommend you to switch off your Firewall first just to check if is working your network connection between all the VM that you are using. After you can check again with your Firewall.

Once that you have make sure that is working your network, check the ports that you will need to fix your problem.

Sometimes you will need to open just one port and others your will need to open a range ports.

hope to help you with your case,

Kind Regards

Reply
0 Kudos
rszymczak
Hot Shot
Hot Shot
‎11-10-2015 03:24 AM

Just to note: this list is outdated as of vCenter 5.5 / 6.0 and vRealize Operations 6.0 and the updated List found in the KB is not up-to-date as well (reported this already).

for vROPS 6.x and vCenter 5.5 you will need to open atleast those ports from vROPS to vCenter:

- 443

- 10443 (inventory)

- 8443 (vCenter Health data)

Reply
0 Kudos