vSAN HCL Database Partnerweb Port Requirements

TL;DR - the vSAN HCL Database update from vCenter requires port 80 outbound to http://partnerweb.vmware.com/service/vsan/all.json.

A little while ago, a customer of mine, in a restricted environment, was having issues getting the vSAN HCL Database updated in vCenter.

Following https://kb.vmware.com/s/article/2109870 didn’t address the issue, but allowed them to update the DB manually.

Outbound HTTPS traffic to partnerweb.vmware.com was whitelisted on the proxy, and 443 allowed on the firewall. Testing DNS and ports using curl showed that everything should be working, but we still couldn’t update the HCL DB. However, we weren’t sure if the originating request from vCenter was HTTP or HTTPS. I guess the assumption was HTTPS.

After speaking to their amazing VMware TAM (that’s me) I was able to take a far deeper look into the vSAN HCL Database utility. It turns out the requests to http://partnerweb.vmware.com/service/vsan/all.json were initiated over HTTP, not HTTPS.

Allowing port 80 on the firewall allowed the traffic, and they were off.