One of my readers recently contacted me about how SRM communicates to vCenter both during an install, and then afterwards once the service is up and running. The odd thing is this, during the install the communication to vCenter appears to be non-secured on TCP port 80, but after the install is on the secured port of TCP 443.
Here’s what the offical guide says:
Port 80 is provided as the default to use for the initial connection to the remote site. After the initial HTTP connection is made, the two sites establish an SSL connection over port 80 to use for subsequent connections.
Duncan Epping on his Yellow Bricks site has this more revealing statement:
Why is Port 80 used in the install but port 443 later? During install of SRM port 80 is specified and you cannot type in 443, but after the install is complete than SRM talks to VC on 443, so why is 80 specified in the install? Even though SRM uses SSL when it communicates to VC, it does not use port 443. SRM establishes a TCP connection to port 80, than uses an HTTP CONNECT request to establish a tunnel to the VC servers, then does an SSL handshake with the VC over that tunneled connection. The SRM installation enforces these semantics.
Why the communication is this done this way isn’t really explained. But I guess it is a reminder that port numbers are some what arbitrary, and they follow a convention of being associated with certain services – I guess you would call them the “well-known ports”. But at the end of the day, there’s nothing hard coded about these ports and how they are used.
This was first published in January 2012