Page tree
Skip to end of metadata
Go to start of metadata

Disclaimer

My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions.

Link: Packet sniffer of ports for Access/vIDM

Identity Manager Appliance

 vIDM Appliance...
Source ComponentSource ServerSource IPDestination ComponentDestination ServerDestination IPProtocolPortNotes
Internal and External devices

Identity Manager Portal<customername>.vmwareidentity.comIDM IP RangeHTTPS443
Internal and External devices

IDM Cert Auth Adapter<customername>.vmwareidentity.comIDM IP RangeHTTPS7443The SSL traffic cannot be decrypted or re-encrytped in transit to the destination. 
Internal and External devices (Android only)

IDM Cert Auth adapter - Android SSO<customername>.vmwareidentity.comIDM IP RangeHTTPS5262 The SSL traffic cannot be decrypted or re-encrypted in transit to the destination
Internal and External devices (iOS only

IDM Kerberos Adapter - iOS SSO

kdc.vmwareidentity.com

/ Built-in KDC for on-prem vIDM Appliance

IDM IP RangeUDP and TCP88The SSL traffic cannot be decrypted or re-encrytped in transit to the destination.
This component cannot be hosted on-premises when using the Windows vIDM installer.  
Identity Manager ServerAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)Identity Manager Portal<customername>.vmwareidentity.comIDM IP RangeHTTPS443The server will need to be able to resolve it's public DNS record.  In HA configurations, it will need to be able to go through the loadbalancer and back.  
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)External DatabaseAirWatch Hosted (SaaS)0.0.0.0TCP1433Only if using external database.  Default for Microsoft SQL is 1433.
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)AirWatch REST APIAirWatch Hosted (SaaS)AirWatch IP RangeHTTPS443(Optional) For device compliance checking, unified app catalog and for the ESC Password authentication method, if that is used.
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)SMTP Serversmtp.fqdn.com#.#.#.#TCP25
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)DNS Serverdns.company.com#.#.#.#TCP/UDP53
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)AirWatch Auto Discoverydiscovery.awmdm.com
HTTPS443
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)Identity Manager Updatesvapp-updates.vmware.com
HTTPS443Optional for Appliance IDM upgrades
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)Identity Manager Public Catalogcatalog.vmwareidentity.comAWS IP rangeHTTPS443The Identity Manager Public Catalog is hosted by Amazon Web Services CloudFront CDN.
More information on the IPRange of AWS can be found https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html
Internal Administrative Browser

Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)HTTPS8443
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)Domain Controllerad.fqdn.com#.#.#.#TCP/UDP88 464 135(Optional) 88 - Kerberos Authentication, 464 - For updating users passwords (Service account also requires write permissions)
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)Active Directoryad.fqdn.com#.#.#.#LDAP 389, 636, 3268, or 3269
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)RSA SecurID systemrsa.company.com#.#.#.#TCP/UDP5500(Optional) For RSA Integration. Default value is shown. This port is configurable.
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)VMware ThinApp repositoryPATH#.#.#.#TCP/UDP445(Optional) Identity Manager appliance must join the Active Directory domain and connect to the ThinApp Repository share.
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)View serverview.company.com#.#.#.#HTTPS389, 443(Optional) Access to View server for Horizon View integration
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)Integration Brokercitrix.fqdn.com#.#.#.#HTTP/HTTPS80/443(Optional) For Citrix Integration, Need to install Integration Broker (Refer here: http://pubs.vmware.com/identity-manager-27/index.jsp#com.vmware.wsp-resource_27/GUID-13324012-A09E-4009-ACE0-74E54334948C.html)
Identity Manager PortalAirWatch Hosted (SaaS)AirWatch Hosted (SaaS)Citrix Farmcitrixfarm.fqdn.com#.#.#.#HTTP/HTTPS80/443(Optional) For Citrix Integration

Identity Manager Connector

 Click here to expand...
Source ComponentSource ServerSource IPDestination ComponentDestination ServerDestination IPProtocolPortDescription
ESC Serveresc.fqdn.com#.#.#.#VMware Identity Manager service<customername>.vmwareidentity.com#.#.#.#HTTPS443Default port. This port is configurable.
Browser

VESC Serveresc.fqdn.com#.#.#.#HTTPS8443Administrative port (8443)
Browser

VESC Serveresc.fqdn.com#.#.#.#HTTPS443For Windows Clients accessing the connector for Kerberos authentication (443)
Browser

VESC Serveresc.fqdn.com#.#.#.#HTTP80
Connector Serveresc.fqdn.com#.#.#.#Internal LDAPad.fqdn.com#.#.#.#LDAP(S)389, 636, 3268, or 3269
Connector Server esc.fqdn.com#.#.#.#DNS server<DNS Server Hostname>#.#.#.#TCP or UDP53, 22 
Every instance must have access to the DNS server on port 53 and allow incoming SSH traffic on port 22.
Connector Serveresc.fqdn.com#.#.#.#Domain controller<Domain Control Hostname>#.#.#.#TCP or UDP88, 464, 135
Connector Server [OPTIONAL]esc.fqdn.com#.#.#.#RSA SecurID system<RSA Server Hostname> #.#.#.#
5500for RSA SecurID Integration. Default port (configurable)
Connector Server [OPTIONAL]esc.fqdn.com#.#.#.#View Connection Server<Horizon View Hostname>#.#.#.#
389, 443Access to View Connection Server instances for Horizon View integrations
Connector Server [OPTIONAL]esc.fqdn.com#.#.#.#Integration Brokercitrix.fqdn.com#.#.#.#
80, 443Access to the Integration Broker for integration with Citrix-published resources.
NOTE: The VMware Identity Manager Connector always uses port 80. It also uses 443, unless a different port is configured during installation.

Checking open ports on Access/vIDM Appliance without Telnet

# If host is a valid hostname or Internet address, and port is an integer port number or service name, bash attempts to open a TCP/UDP connection to the corresponding socket:
# /dev/tcp/host/port
# /dev/udp/host/port

# Example:
cat < /dev/tcp/127.0.0.1/88