I know for vSphere health / CEIP the VSA needs Internet access but does anyone know what specific addresses it needs access to? Rather than blanket Internet access I'd like to restrict to specific sites if possible, I know the check needs access to vmware.com for it to pass but in reality does it access different places as part of the actual health checking process? My firewall shows it's trying to access various sites/IPs so I could allow those and see how I go but I wondered if there's an official list?
Many thanks for any assistance anyone can offer as I can't find anything definitive in other searches.
only this should suffice
The Internet connectivity check verifies that vCenter Server can communicate with vmware.com over the HTTPS/443 interface. If communication is successful, this check passes. If communication fails, the check indicates that the Internet connectivity is not available.
I've called VMware for confirmation but they're not really sure, I'm going to test by creating a rule on our corporate Firewall to only allow VSA access to vmware.com and test again. I'll report back once I've done this, thanks for your input.
When you have disabled internet connectivity of vCenter and enabled CEIP, check /var/log/vmware/phonehome/phonehome.log log file on vCenter appliance which hostname it's trying to connect.