Access your private cloud environment from your on-premises environment

You can set up a connection from your on-premises network to access your private cloud vCenter and associated workloads. You control what ports are opened on the connection by using a firewall in your on-premises network. This topic describes the port requirements for common applications. For any other applications, refer to the application documentation for port requirements.

Ports required for accessing vCenter

To access your private cloud vCenter and NSX-T manager, open the ports listed in the following table on the on-premises firewall.

Port Source Destination Purpose
53 (UDP) On-premises DNS servers Private cloud DNS servers Required for forwarding DNS lookup of gve.goog to private cloud DNS servers from an on-premises network.
53 (UDP) Private cloud DNS servers On-premises DNS servers Required for forwarding DNS lookup of on-premises domain names from the private cloud vCenter to on-premises DNS servers.
80 (TCP) On-premises network Private cloud management network Required for redirecting vCenter URLs from http to https.
443 (TCP) On-premises network Private cloud management network Required for accessing vCenter and NSX-T manager from an on-premises network.
8000 (TCP) On-premises network Private cloud management network Required for vMotion of virtual machines from the on-premises network to the private cloud network.
8000 (TCP) Private cloud management network On-premises network Required for vMotion of virtual machines from the private cloud network to the on-premises network.

Ports required for using on-premises active directory as an identity source

To configure your on-premises Active Directory as an identity source on the private cloud vCenter, open the ports listed in the following table. For configuration steps, see Set up vCenter identity sources.

Port Source Destination Purpose
53 (UDP) Private cloud DNS servers On-premises DNS servers Required for forwarding DNS lookup of on-premises active directory domain names from a private cloud vCenter server to an on-premises DNS server.
389 (TCP/UDP) Private cloud management network On-premises active directory domain controllers Required for LDAP communication from a private cloud vCenter server to active directory domain controllers for user authentication.
636 (TCP) Private cloud management network On-premises active directory domain controllers Required for secure LDAP (LDAPS) communication from a private cloud vCenter server to active directory domain controllers for user authentication.
3268 (TCP) Private cloud management network On-premises active directory global catalog servers Required for LDAP communication in multi-domain controller deployments.
3269 (TCP) Private cloud management network On-premises active directory global catalog servers Required for LDAPS communication in multi-domain controller deployments.
8000 (TCP) Private cloud management network On-premises network Required for vMotion of virtual machines from the private cloud network to the on-premises network.

Common ports required for accessing workload virtual machines

To access the workload virtual machines running on your private cloud, you must open ports on your on-premises firewall. The following table lists common ports. For application-specific port requirements, refer to the application documentation.

Port Source Destination Purpose
22 (TCP) On-premises network Private cloud workload network Secure shell access to Linux virtual machines running on a private cloud.
3389 (TCP) On-premises network Private cloud workload network Remote desktop to Windows virtual machines running on a private cloud.
80 (TCP) On-premises network Private cloud workload network Access any web servers deployed on virtual machines running on a private cloud.
443 (TCP) On-premises network Private cloud workload network Access any secure web servers deployed on virtual machines running on a private cloud.
389 (TCP/UDP) Private cloud workload network On-premises active directory network Join Windows workload virtual machines to an on-premises active directory domain.
53 (UDP) Private cloud workload network On-premises network DNS service access for workload virtual machines to on-premises DNS servers.

What's next