Networking and TCP/IP Ports

Overview
For optimal operation of Omniverse applications, certain TCP/IP ports must be opened between components and/or servers. Review and reference the list below to ensure proper communication is allowed. If network changes are required, please consult your IT or Information Security Team for proper advisement.
Warning
Many of the listed ports can be customized, however some must remain as specified. For additional information, review the related interface or configuration files (.env) for the Omniverse service being configured.
Nucleus Workstation
These ports are used with Nucleus Workstation:
Purpose
|
TCP Port
|
---|---|
Nucleus Core and Discovery API Ports
|
3001, 3009, 3333
|
Prometheus Metrics Port
|
3010
|
Nucleus Tagging Service Port
|
3020
|
Nucleus System Monitor Ports
|
3080, 3085
|
Authentication Service Port
|
3100
|
Authentication Web Port
|
3180
|
Search Service Port
|
3400
|
Cache Services Port
|
8891
|
Cache API Port
|
8892
|
Nucleus Navigator Port (within Launcher)
|
34080
|
Omniverse Drive Progress Interface Port
|
59624
|
Warning
Locally installed firewall software (e.g., Windows Defender, ufw, etc.) may block communication to these ports and configuration changes may be required.
Enterprise Nucleus Server
These ports are required for Clients and services to connect to an Enterprise Nucleus Server:
Purpose
|
TCP Port
|
---|---|
Web Port*
|
80
|
API Ports
|
3009, 3019
|
Prometheus Metrics Port
|
3010
|
Tagging Service Port
|
3020
|
Large File Transfer Service Port
|
3030
|
Authentication Service Ports
|
3100, 3180
|
Discovery Port
|
3333
|
Search Service Port
|
3400
|
Service API Port**
|
3006
|
Meta Dump Port**
|
5555
|
Note
If your Enterprise Nucleus Server is using NGINX or a similar ingress router/gateway, TCP 443 inbound to the gateway is required and the gateway will then need to communicate with the Enterprise Nucleus Server on the above ports.
* It is recommended that the Web Port be changed from 80 to 8080 if you are using an ingress router/gateway to avoid confusion.
** These ports are required for Nucleus Tools backup only and are disabled by default.
Nucleus Bridge
If using Nucleus Bridge to connect your Enterprise Nucleus Server to Omniverse Cloud, outbound access to your custom NVIDIA endpoint is required over this port:
Purpose
|
UDP Port
|
---|---|
Nucleus Bridge Port
|
60000
|
Enterprise Cache
These ports are required for Clients and services to connect to an Enterprise Cache: (This includes both Clients and chained Enterprise Caches.)
Purpose
|
TCP Port
|
---|---|
Cache Service Port
|
8891
|
Prometheus Metrics Port
|
9500
|
NGSearch & DeepSearch
These ports are required for NGSearch/DeepSearch services:
Purpose
|
TCP Port
|
---|---|
Elastic Search/OpenSearch Port
|
9200
|
NGSearch Service Port
|
3503
|
NGSearch Storage Service Port
|
3703
|
Embedding Service Port
|
3603
|
Inference API Service Port
|
3504
|
Websocket Endpoint from OV Farm Port
|
8765
|
HTTP Endpoint of Cache Service Port
|
8778
|
Prometheus Metrics Ports
|
8010 (DeepSearch Cache)
8011 (DeepSearch Farm)
8012 (DeepSearch Non-Farm)
8013 (DeepSearch Omni Writer)
8014 (DeepSearch Monitor)
8015 (DeepSearch Model Updater)
8016 (DeepSearch Embedding)
8001 (NGSearch Indexing)
8002 (NGSearch Tagging)
8007 (NGSearch Storage)
8008 (NGSearch Overall)
|
Omniverse Farm
These ports are required for the proper operation of an Omniverse Farm:
Purpose
|
TCP Port
|
---|---|
Management Services Port
|
8222
|
Controller/Agent Services Port
|
8223
|
Connectivity Testing
Connectivity scripts are provided to test and troubleshoot connectivity between a workstation running Microsoft Windows or Linux to an Enterprise Nucleus Server. Click here for additional information.
Outbound Connectivity Requirements
For Docker Compose and Kubernetes Enterprise deployments, TCP 443 is required to access the repository endpoints for pulling containers. These repositories are:
nvcr.io
andngc.download.nvidia.com
To access NVIDIA sample assets in Client applications (e.g., USD Composer, Nucleus Navigator, etc.), TCP 80 and 443 are required to access these endpoints:
omniverse-content-production.s3.us-west-2.amazonaws.com
omniverse-content-production.s3-us-west-2.amazonaws.com
twinbru.s3.eu-west-1.amazonaws.com
For Omniverse to function correctly, a variety of endpoints need to be accessible over TCP 443. These endpoints are:
Administrators can choose to either allow these entries individually or by using a wildcard entry that includes them all. (
https://*.nvidia.com
)