Tanzu Platform for Cloud Foundry 6.0

UAA Network Communications

Last Updated March 13, 2025

The following tables show the User Account and Authentication (UAA) internal network communication paths with other VMware Tanzu Application Service for VMs (TAS for VMs) components.

For more information about UAA, see User Account and Authentication (UAA) Server.

Inbound communications

The following table lists network communication paths that are inbound to UAA:

Source VMDestination VMPortTransport Layer ProtocolApp Layer ProtocolSecurity and Authentication
cloud_controlleruaa8443TCPHTTPSOAuth 2.0 or none*
diego_brain (SSH Proxy)uaa443TCPHTTPSOAuth 2.0
loggregator_trafficcontrolleruaa8443TCPHTTPSTLS
mysql_monitoruaa8443TCPHTTPSOAuth
routeruaa8443TCPHTTPSOAuth 2.0

*The authentication method depends on the type of request.

Outbound communications: Internal to TAS for VMs

The following table lists network communication paths that are outbound from UAA:

Source VMDestination VMPortTransport Layer ProtocolApp Layer ProtocolSecurity and Authentication
uaamysql_proxy*3306TCPMySQLMySQL authentication**
uaa (Route Registrar)nats4222TCPNATSBasic authentication

*Applies only to deployments where internal MySQL is selected as the database.

** MySQL authentication uses the MySQL native password method.

Outbound communications: External to TAS for VMs

The following table lists network communication paths from UAA that are outbound to external systems:

Source VMDestination VMPortTransport Layer ProtocolApp Layer ProtocolSecurity and Authentication
uaaLDAPLDAP server communication portTCPLDAP/LDAPSBasic authentication (LDAP bind)
uaaSAML/OIDC80 or 443 (HTTP port)TCPHTTP/HTTPSKey

BOSH DNS communications

By default, TAS for VMs components and app containers look up services using the BOSH DNS service discovery mechanism. To support this lookup, BOSH Director co-locates a BOSH DNS server on every deployed VM. For more information, see BOSH DNS network communications.