# Network Connectivity

WorkSpaces Manager deploys a Security Group for the EC2 instance in which it configures the requirements for inbound connections.

By default, the EC2 instance is reached through TCP/80 (HTTP) and TCP/3389 (RDP). Both ports are exclusively accessible from the internal segments defined during the deployment of the CloudFormation Template.

Outbound connections: WSM must have access to AWS APIs (all published on TCP/443 HTTPS) and nuvens.info service (TCP/443). In addition, it also requires access to an existing Active Directory (TCP/389 for LDAP or TCP/636 for LDAPS) to handle AD information. As an option, it may need access to an SMTP Relay (25, 587 or 2587, depending on the provider) or to external RestAPIs if there are custom integrations.

For WSUS, WSM uses default ports 8530 or 8531.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nuvens.cloud/architecture/security/network-connectivity.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.