This topic describes CredHub internal network communication paths with other VMware Tanzu Application Service for VMs (TAS for VMs) components.
For more information about CredHub, see CredHub.
Inbound Communications
The following table lists network communication paths that are inbound to CredHub:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| cloud_controller (API) | credhub | 8844 | TCP | HTTPS | OAuth 2.0 |
| diego_cell | credhub | 8844 | TCP | HTTPS | Mutual TLS† |
| windows_cell | credhub | 8844 | TCP | HTTPS | Mutual TLS† |
| windows2016_cell | credhub | 8844 | TCP | HTTPS | Mutual TLS† |
†Diego Cells use the certificate pairs generated for individual containers to authenticate with CredHub on behalf of apps.
Outbound Communications
The following table lists network communication paths that are outbound from CredHub:
| Source VM | Destination VM | Port | Transport Layer Protocol | App Layer Protocol | Security and Authentication |
|---|---|---|---|---|---|
| credhub | uaa | 8443 | TCP | HTTPS | N/A |
| credhub | mysql_proxy* | 3306 | TCP | MySQL | MySQL authentication** |
*Applies only to deployments where internal MySQL is selected as the database.
**MySQL authentication uses the MySQL native password method.
†Diego Cells use the certificate pairs generated for individual containers to authenticate with CredHub on behalf of apps.
BOSH DNS communications
By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.
Content feedback and comments