Networking and TCP/IP Ports#

_images/ports_connectivity_header.jpg

Overview#

For optimal operation of Omniverse applications, specific TCP/IP ports must be opened between components and/or servers. Review the list below to ensure proper communication is permitted. If network changes are required, please consult your IT or Information Security Team for proper advisement.

Warning

Many of the listed ports can be customized, however some must remain as specified. For additional information, review the related interface or configuration files (.env) for the Omniverse service being configured.

Nucleus Workstation#

These ports are used with Nucleus Workstation:

Purpose
TCP Port
Nucleus Core and Discovery API Ports
3001, 3009, 3333
Prometheus Metrics Port
3010
Nucleus Tagging Service Port
3020
Nucleus System Monitor Ports
3080, 3085
Authentication Service Port
3100
Authentication Web Port
3180
Search Service Port
3400
Cache Services Port
8891
Cache API Port
8892
Nucleus Navigator Port (within Launcher)
34080
Omniverse Drive Progress Interface Port
59624

Warning

Locally installed firewall software (e.g., Windows Defender, ufw, firewalld) may impact/block communication to these ports and configuration changes may be required.

Enterprise Nucleus Server#

These ports are required for Clients and services to connect to an Enterprise Nucleus Server:

Purpose
TCP Port
Web Port*
8080
API Ports
3009, 3019
Prometheus Metrics Port
3010
Tagging Service Port
3020
Large File Transfer Service Port
3030
Authentication Service Ports
3100, 3180
Discovery Port
3333
Search Service Port
3400
Service API Port**
3006
Meta Dump Port**
5555

Note

If your Enterprise Nucleus Server is using NGINX or a similar ingress router/gateway, TCP 443 inbound to the gateway is required and the gateway will then need to communicate with the Enterprise Nucleus Server on the above ports.

* By default, the Web Port is set to 8080 for easier SSL/TLS configuration. If SSL/TLS is not needed, change this port to 80.

** These ports are required for Nucleus Tools backup only and are disabled by default.

Omniverse Cloud PaaS#

These ports are required for proper operation of Omniverse Cloud PaaS:

Purpose
TCP Port
API & Web Portal Ports
80, 443, 3000, 48322
Purpose
UDP Port
Nucleus Bridge Port *
60000
WebRTC Ports
10500-20000

Note

* The Nucleus Bridge port is only required if using the Nucleus Bridge to connect an Enterprise Nucleus Server to Omniverse Cloud PaaS.

Enterprise Cache#

These ports are required for Clients and services to connect to an Enterprise Cache: (This includes both Clients and chained Enterprise Caches.)

Purpose
TCP Port
Cache Service Port
8891
Prometheus Metrics Port
9500

Omniverse Farm#

These ports are required for the proper operation of an Omniverse Farm:

Purpose
TCP Port
Management Services Port
8222
Controller/Agent Services Port
8223

Connectivity Testing#

Connectivity scripts are provided to test and troubleshoot connectivity between a workstation running Microsoft Windows or Linux to an Enterprise Nucleus Server. Click here for additional information.

Outbound Connectivity Requirements#

  • For Docker Compose and Kubernetes Enterprise deployments, TCP 443 is required to access the repository endpoints for pulling containers. These repositories are: nvcr.io and ngc.download.nvidia.com

  • To access NVIDIA sample assets, connectors, extensions, and other files across Client applications (e.g., USD Composer, Nucleus Navigator, etc.), TCP 80 and 443 access is required to these endpoints:

    • omniverse-content-production.s3.us-west-2.amazonaws.com

    • omniverse-content-production.s3-us-west-2.amazonaws.com

    • twinbru.s3.eu-west-1.amazonaws.com

    • d1aiacozzchaiq.cloudfront.net

    • dw290v42wisod.cloudfront.net

    • dcb18d6mfegct.cloudfront.net

    • kit-extensions.ov.nvidia.com

    • ovextensionsprod.blob.core.windows.net

    • content-production.omniverse.nvidia.com

  • For Omniverse to function correctly, the following endpoints need to be accessible over TCP 80 and 443:

    • login.nvidia.com

    • api.launcher.omniverse.nvidia.com

    • data.launcher.omniverse.nvidia.com

    • gdpr.launcher.omniverse.nvidia.com

    • install.launcher.omniverse.nvidia.com

    • messages.launcher.omniverse.nvidia.com

    • index.launcher.omniverse.nvidia.com

    Administrators can choose to either allow these entries individually, or if possible, by using a wildcard entry that includes them all. (*.nvidia.com)