Skip to content

vRealize Suite Lifecycle Manager 1.2 Ports and Protocols, Feature URLs, and Service Account Privileges

Behind the scenes in VMware R&D I have been working closely with the product management and engineering team for vRealize Suite Lifecycle Manager to improve the experience and workflows.

Three questions that I'm often asked are:

  1. What ports and protocols does vRealize Suite Lifecycle Manager use for communications?
  2. What URLs must be accessible by my organization to use some vRealize Suite Lifecycle Manager Features (e.g., My VMware, Marketplace, Product Updates, and the in-product Compatibility Guide)?
  3. What permissions are required for a custom role that can be used as a service account for vRealize Suite Lifecycle Manager to vSphere communications?

Well, you're in luck. I can answer this where the documentation currently falls short.

Ports and Protocols

Below are the ports and protocols used for system-to-system or system-to-service communications:

vRealize Suite Upstream Communications

Destination Protocol Port
My VMware TCP 443
VMware Solutions Exchange TCP 443
Product Updates TCP 443
VMware Compatibility Guide TCP 443

User to vRealize Suite Lifecycle Manager

Destination Protocol Port
UI and API Gateway TCP 443
Secure Shell (Disabled by Default) TCP 22

vRealize Suite Lifecycle Manager to vRealize Suite Product Communications

Destination Protocol Port
vRealize Automation Appliance TCP 443
vRealize Automation Appliance TCP 5480
vRealize Automation Appliance TCP 22
vRealize Automation IaaS Servers TCP 443
vRealize Automation IaaS Proxy TCP 443
vRealize Orchestrator TCP 8281
vRealize Business for Cloud TCP 443
vRealize Business for Cloud TCP 5480
vRealize Business for Cloud TCP 22
vRealize Operations Analytics Node TCP 443
vRealize Operations Analytics Node TCP 22
vRealize Operations Remote Collector TCP 443
vRealize Operations Remote Collector TCP 22
vRealize Log Insight Appliance Node TCP 443
vRealize Log Insight Appliance Node TCP 9543
vRealize Log Insight Appliance Node TCP 16520
vRealize Log Insight Appliance Node TCP 22
Identity Manager Appliance TCP 8443
Identity Manager Appliance TCP 443

vRealize Suite Lifecycle Manager to vSphere Communications

Destination Protocol Port
vCenter Server TCP 443

vRealize Suite Lifecycle Manager to Content Management Endpoint

Destination Protocol Port
Content Management Endpoint (e.g., GitLab) TCP 443

URLs for Feature Support

The following are defined in /opt/vmware/vrlcm/config/lcm.properties config:

Note, however, that Akamai is accessed as the CDN when downloading products and AWS Cloudfront accessed for the marketplace downloads.

The Akamai URL is provided in runtime by My VMware and depends on your region. Hence you can use the patterns, as follows:

  • apigw.vmware.com
  • download2.vmware.com
  • *.akamaiedge.net

The Marketplace patterns are as follows:

  • marketplace.vmware.com
  • drd6c1w7be.execute-api.us-west-1.amazonaws.com

The Marketplace intermediate URLs are region specific and may be different at runtime.

Service Account Role and Privledges Permissions

Simply define a role on labeled "vRealize Suite Lifecycle Manager User" with the following privileges and assight a user to the role on your management vCenter Server instance. For example, [email protected].

  • Datastore.Allocate Space
  • Datastore.Browse Datastore
  • Datastore.Update Virtual Machine Files
  • Host.Local.Operations.Add Host to vCenter
  • Host.Local.Operations.Create Virtual Machine
  • Host.Local.Operations.Delete Virtual Machine
  • Host.Local.Operations.Reconfigure Virtual Machine
  • Network.Assign Network
  • Resource.Assign vApp to Resource Pool
  • Resource.Assign Virtual Machine to Resource Pool
  • vApp.* (All privileges.)
  • Virtual Machine.* (All privileges.)

In vRealize Suite Lifecycle Manager, simply use this service account for the communications to the management vCenter Server endpoints across your environments. Viola!

Disclaimer

This is not an official VMware by Broadcom document. This is a personal blog post. The information is provided as-is with no warranties and confers no rights. It is not intended to replace official documentation. Please, refer to official documentation for the most up-to-date information.