Product |
Port |
Protocol |
Source |
Target |
Purpose |
AppSpeed |
80 |
TCP |
AppSpeed Server |
vCenter Server 4 |
vCenter proxy interface. Used only during setup to verify the proxy is setup correctly. Port 80 is the default Web Service Port, but a different TCP port can be configured in vCenter Server 4. |
AppSpeed |
443 |
TCP |
AppSpeed Server |
vCenter Server 4 |
Default port for communications. A different TCP port can be configured in vCenter Server 4. |
AppSpeed |
22 |
TCP |
AppSpeed Server |
AppSpeed Probe |
Connections to the probes to access the probes outside of the VPN. |
AppSpeed |
123 |
UDP |
AppSpeed Server |
AppSpeed Probe |
NTP services |
AppSpeed |
1194 |
TCP/UDP |
AppSpeed Server |
AppSpeed Probe |
Communications over OpenVPN |
Auto Deploy Server |
6501 |
TCP |
ESXi |
vCenter Server |
Auto Deploy service |
Auto Deploy Server |
6502 |
TCP |
ESXi |
vCenter Server |
Auto Deploy management |
Consolidated Backup |
443 |
TCP |
VCB Proxy Server |
vCenter Server |
Required for VCB and vcbMounter communication and backup processes |
Consolidated Backup |
443 |
TCP |
VCB Proxy Server |
ESXi/ESX Host |
Required for VCB and vcbMounter communication and backup processes |
Converter 3.x |
137 |
UDP |
vCenter Converter Server |
Source Computer to be converted |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 3.x |
138 |
UDP |
vCenter Converter Server |
Source Computer to be converted |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 3.x |
139 |
TCP |
vCenter Converter Server |
Source Computer to be converted |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 3.x |
443 |
TCP |
Source Computer to be converted |
ESXi/ESX Host |
Required for destination VM access when target is ESXi/ESX/vCenter |
Converter 3.x |
443 |
TCP |
Source Computer to be converted |
vCenter Server |
Required if vCenter Server is the conversion target |
Converter 3.x |
443 |
TCP |
vCenter Converter Server |
vCenter Server |
Required if vCenter Server is the conversion target |
Converter 3.x |
443 |
TCP |
vCenter Converter Server |
ESXi/ESX Host |
Required for system conversion |
Converter 3.x |
445 |
TCP |
vCenter Converter Server |
Source Computer to be converted |
Required for system conversion. Not required if the source computer uses NetBIOS |
Converter 3.x |
902 |
TCP |
Source Computer to be converted |
ESXi/ESX Host |
Required for data transport during cloning of system to be converted to target ESXi/ESX Host |
Converter 4.x |
22 |
TCP |
Helper Virtual Machine |
Source Computer to be converted |
Required for conversion of Linux-based source computers (data flows from source to VM) |
Converter 4.x |
22 |
TCP |
vCenter Converter Server |
Source Computer to be converted |
Required for conversion of Linux-based source computers |
Converter 4.x |
137 |
UDP |
vCenter Converter Server |
Source Computer to be converted |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 4.x |
138 |
UDP |
vCenter Converter Server |
Source Computer to be converted |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 4.x |
139 |
TCP |
vCenter Converter Server |
Source Computer to be converted |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 4.x |
443 |
TCP |
vCenter Converter Client |
vCenter Converter Server |
Only required if the Converter Client and Converter Server were installed on different systems |
Converter 4.x |
443 |
TCP |
Source Computer to be converted |
ESXi/ESX Host |
Required for destination VM access when target is ESXi/ESX/vCenter |
Converter 4.x |
443 |
TCP |
Source Computer to be converted |
vCenter Server |
Required if vCenter Server is the conversion target |
Converter 4.x |
443 |
TCP |
vCenter Converter Server |
vCenter Server |
Required if vCenter Server is the conversion target |
Converter 4.x |
443 |
TCP |
vCenter Converter Server |
ESXi/ESX Host |
Required for system conversion |
Converter 4.x |
443 |
TCP |
vCenter Converter Server |
Helper Virtual Machine |
Required for conversion of Linux-based source computers |
Converter 4.x |
445 |
TCP |
vCenter Converter Server |
Source Computer to be converted |
Required for system conversion. Not required if the source computer uses NetBIOS |
Converter 4.x |
902 |
TCP |
Source Computer to be converted |
ESXi/ESX Host |
Required for data transport during cloning of system to be converted to target ESXi/ESX Host |
Converter 4.x |
9089, 9090 |
TCP |
vCenter Converter Server |
Source Computer to be converted |
Required for system conversion. Remote agent deployment |
Converter 5.x |
22 |
TCP |
Converter Standalone server |
powered-on source machine |
Used to establish an SSH connection between the Converter Standalone server and the source Linux machine |
Converter 5.x |
137 |
UDP |
Converter Standalone server |
powered-on source machine |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 5.x |
138 |
UDP |
Converter Standalone server |
powered-on source machine |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 5.x |
139 |
TCP |
Converter Standalone server |
powered-on source machine |
For hot migration. Not required if the source computer does not use NetBIOS |
Converter 5.x |
443 |
TCP |
Converter Standalone server |
vCenter Server |
Required only if theconversion destination is a vCenter Server |
Converter 5.x |
443 |
TCP |
Converter Standalone client |
Converter Standalone server |
Required only if the Converter Standalone server and Linux client components are on different machines |
Converter 5.x |
443 |
TCP |
Converter Standalone client |
vCenter server |
Required only if the Converter Standalone server and client components are on different machines |
Converter 5.x |
22 |
TCP |
Powered-on Source Linux machine |
ESXi/ESX Host |
Uses secure connection port 22 to Host |
Converter 5.x |
443, 902 |
TCP |
Powered-on Source Windows machine |
ESXi/ESX Host |
Required for data transfer to destination ESXi/ESX host |
Converter 5.x |
445 |
TCP |
Converter Standalone server |
powered-on source machine |
Required for system conversion. Not required if the source computer uses NetBIOS |
Converter 5.x |
9089 |
TCP |
Converter Standalone server |
powered-on source machine |
Required for system conversion. Remote agent deployment |
Data Recovery |
443 |
TCP |
Data Recovery Appliance |
vCenter Server |
VDR to vCenter Server communications |
Data Recovery |
902 |
TCP |
Data Recovery Appliance |
ESX Host |
VDR to ESX communications |
Data Recovery |
22024 |
TCP |
Data Recovery vSphere Client Plug-in |
Data Recovery Appliance |
Data Recovery management |
ESX 3.x |
21 |
TCP |
FTP Client |
ESX Host |
FTP |
ESX 3.x |
21 |
TCP |
ESX Host |
FTP Server |
FTP |
ESX 3.x |
22 |
TCP |
SSH Client |
ESX Host |
SSH |
ESX 3.x |
22 |
TCP |
ESX Host |
SSH Server |
SSH |
ESX 3.x |
53 |
UDP |
ESXi/ESX Host |
DNS Server |
DNS |
ESX 3.x |
80 |
TCP |
Client PC |
ESXi/ESX Host |
Redirect Web Browser to HTTPS Service (443) |
ESX 3.x |
88 |
TCP |
ESX Host |
Active Directory Server |
PAM Active Directory Authentication - Kerberos |
ESX 3.x |
111 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESX 3.x |
111 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESX 3.x |
123 |
UDP |
ESXi/ESX Host |
NTP Time Server |
NTP Client |
ESX 3.x |
137 to 139 |
TCP |
ESX Host |
SMB Server |
SMB |
ESX 3.x |
161 |
UDP |
SNMP Server |
ESX Host |
SNMP Polling |
ESX 3.x |
162 |
UDP |
ESX Host |
SNMP Collector |
SNMP Trap Send |
ESX 3.x |
389 |
TCP/UDP |
ESX Host |
LDAP Server |
PAM Active Directory Authentication – LDAP |
ESX 3.x |
427 |
UDP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESX 3.x |
427 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESX 3.x |
443 |
TCP |
Client PC |
ESX Host |
Host VI Management via web browser |
ESX 3.x |
443 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VI / vSphere Client to ESXi/ESX Host management connection |
ESX 3.x |
443 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
Host to host VM migration and provisioning |
ESX 3.x |
445 |
TCP |
ESX Host |
SMB Server |
SMB |
ESX 3.x |
445 |
TCP |
ESX Host |
MS Directory Services Server |
PAM Active Directory Authentication |
ESX 3.x |
445 |
UDP |
ESX Host |
MS Directory Services Server |
PAM Active Directory Authentication |
ESX 3.x |
464 |
TCP |
ESX Host |
Active Directory Server |
PAM Active Directory Authentication – Kerberos Password Services |
ESX 3.x |
514 |
UDP |
ESXi/ESX Host |
Syslog Server |
Remote syslog logging |
ESX 3.x |
902 |
TCP |
VI /vSphere Client |
ESXi/ESX Host |
VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS) |
ESX 3.x |
902 |
TCP/UDP |
ESXi/ESX Host |
ESXi/ESX Host |
Authentication, Provisioning, VM Migration |
ESX 3.x |
902 |
TCP/UDP |
ESXi/ESX Host |
Virtual Center 3.x/ vCenter Server 4.x |
Heartbeat |
ESX 3.x |
903 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VM Remote Console |
ESX 3.x |
2049 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client |
ESX 3.x |
2049 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client |
ESX 3.x |
2050 to 2250 |
UDP |
ESXi/ESX Host |
ESXi/ESX Host |
VMware HA |
ESX 3.x |
3260 |
TCP |
ESXi/ESX Host |
iSCSI SAN |
Software iSCSI Client and Hardware iSCSI HBA |
ESX 3.x |
5988 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
CIM Client to CIM Secure Server |
ESX 3.x |
5989 |
TCP |
ESXi/ESX Host |
VirtualCenter/vCenter Server |
CIM Secure Server to CIM Client |
ESX 3.x |
5989 |
TCP |
VirtualCenter/vCenter Server |
ESXi/ESX Host |
CIM Client to CIM Secure Server |
ESX 3.x |
8000 |
TCP |
ESXi/ESX Host (VM Target) |
ESXi/ESX Host (VM Source) |
VMotion Communication on VMKernel Interface |
ESX 3.x |
8000 |
TCP |
ESXi/ESX Host (VM Source) |
ESXi/ESX Host (VM Target) |
VMotion Communication on VMKernel Interface |
ESX 3.x |
8042 to 8045 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
VMware HA |
ESX 3.x |
27000 |
TCP |
ESXi/ESX Host |
VMware License Server |
ESXi/ESX 3.x Host to License Server communication |
ESX 3.x |
27010 |
TCP |
ESXi/ESX Host |
VMware License Server |
ESXi/ESX 3.x Host to License Server communication |
ESX 4.x |
21 |
TCP |
FTP Client |
ESX Host |
FTP |
ESX 4.x |
21 |
TCP |
ESX Host |
FTP Server |
FTP |
ESX 4.x |
22 |
TCP |
ESX Host |
SSH Server |
SSH |
ESX 4.x |
22 |
TCP |
SSH Client |
ESX Host |
SSH |
ESX 4.x |
53 |
UDP |
ESXi/ESX Host |
DNS Server |
DNS |
ESX 4.x |
80 |
TCP |
Client PC |
ESXi/ESX Host |
Redirect Web Browser to HTTPS Service (443) |
ESX 4.x |
88 |
TCP |
ESX Host |
Active Directory Server |
PAM Active Directory Authentication - Kerberos |
ESX 4.x |
111 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESX 4.x |
111 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESX 4.x |
123 |
UDP |
ESXi/ESX Host |
NTP Time Server |
NTP Client |
ESX 4.x |
137 to 139 |
TCP |
ESX Host |
SMB Server |
SMB |
ESX 4.x |
161 |
UDP |
SNMP Server |
ESX Host |
SNMP Polling |
ESX 4.x |
162 |
UDP |
ESX Host |
SNMP Collector |
SNMP Trap Send |
ESX 4.x |
389 |
TCP/UDP |
ESX Host |
LDAP Server |
PAM Active Directory Authentication – LDAP |
ESX 4.x |
427 |
UDP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESX 4.x |
427 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESX 4.x |
443 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
Host to Host VM migration and provisioning |
ESX 4.x |
443 |
TCP |
Client PC |
ESX Host |
Host VI Management via web browser |
ESX 4.x |
443 |
TCP |
vSphere Client |
ESXi/ESX Host |
vSphere Client to ESXi/ESX Host management connection |
ESX 4.x |
445 |
UDP |
ESX Host |
MS Directory Services Server |
PAM Active Directory Authentication |
ESX 4.x |
445 |
TCP |
ESX Host |
MS Directory Services Server |
PAM Active Directory Authentication |
ESX 4.x |
445 |
TCP |
ESX Host |
SMB Server |
SMB |
ESX 4.x |
464 |
TCP |
ESX Host |
Active Directory Server |
PAM Active Directory Authentication – Kerberos Password Services |
ESX 4.x |
514 |
UDP |
ESXi/ESX Host |
Syslog Server |
Remote syslog logging |
ESX 4.x |
902 |
TCP |
vSphere Client |
ESXi/ESX Host |
vSphere Client to ESXi/ESX hosted VM connectivity (MKS) |
ESX 4.x |
902 |
TCP/UDP |
ESXi/ESX Host |
ESXi/ESX Host |
Authentication, Provisioning, VM Migration |
ESX 4.x |
902 |
TCP/UDP |
ESXi/ESX Host |
vCenter Server 4.x |
Heartbeat |
ESX 4.x |
903 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VM Remote Console (MKS) |
ESX 4.x |
1024 (dynamic) |
TCP/UDP |
ESX Host |
Active Directory Server |
Bi-directional communication on TCP/UDP ports is required between the ESX host and the Active Directory Domain Controller (via the netlogond process on the ESX host). See
Active Directory and Active Directory Domain Services Port Requirements and the Microsoft Knowledge Base article
179442. |
ESX 4.x |
2049 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client |
ESX 4.x |
2049 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client |
ESX 4.x |
2050 to 2250 |
UDP |
ESXi/ESX Host |
ESXi/ESX Host |
VMware HA |
ESX 4.x |
3260 |
TCP |
ESXi/ESX Host |
iSCSI SAN |
Software iSCSI Client and Hardware iSCSI HBA |
ESX 4.x |
5900 to 5964 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
RFB Protocol used by management toolssuch as VNC |
ESX 4.x |
5988 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
CIM Client to CIM Secure Server |
ESX 4.x |
5989 |
TCP |
VirtualCenter/vCenter |
ESXi/ESX Host |
CIM Client to CIM Secure Server |
ESX 4.x |
5989 |
TCP |
ESXi/ESX Host |
VirtualCenter/vCenter |
CIM Secure Server to CIM Client |
ESX 4.x |
8000 |
TCP |
ESXi/ESX Host (VM Target) |
ESXi/ESX Host (VM Source) |
VMotion Communication on VMKernel Interface |
ESX 4.x |
8000 |
TCP |
ESXi/ESX Host (VM Source) |
ESXi/ESX Host (VM Target) |
VMotion Communication on VMKernel Interface |
ESX 4.x |
8042 to 8045 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
VMware HA |
ESX 4.x |
47 |
UDP |
ESXi/ESX Host |
Physical Switches |
vDS (Virtual Distributed Switch) Broadcast |
ESX 4.x |
8100 |
TCP/UDP |
ESXi/ESX 4 Host |
ESXi/ESX 4.x Host |
VMware Fault Tolerance. ESXi/ESX 4 only. |
ESX 4.x |
8200 |
TCP/UDP |
ESXi/ESX 4 Host |
ESXi/ESX 4.x Host |
VMware Fault Tolerance. ESXi/ESX 4 only. |
ESX 4.x |
8301 |
UDP |
ESXi/ESX 4.x Host |
ESXi/ESX 4.x |
DVS Port Information |
ESX 4.x |
8302 |
UDP |
ESXi/ESX 4.x Host |
ESXi/ESX 4.x Host |
DVS Port Information |
ESXi 3.x |
53 |
UDP |
ESXi/ESX Host |
DNS Server |
DNS |
ESXi 3.x |
80 |
TCP |
Client PC |
ESXi/ESX Host |
Redirect Web Browser to HTTPS Service (443) |
ESXi 3.x |
111 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESXi 3.x |
111 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESXi 3.x |
123 |
UDP |
ESXi/ESX Host |
NTP Time Server |
NTP Client |
ESXi 3.x |
162 |
UDP |
ESX Host |
SNMP Collector |
SNMP Trap Send |
ESXi 3.x |
427 |
UDP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESXi 3.x |
427 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESXi 3.x |
443 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VI / vSphere Client to ESXi/ESX Host management connection |
ESXi 3.x |
443 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
Host to host VM migration and provisioning |
ESXi 3.x |
514 |
UDP |
ESXi/ESX Host |
Syslog Server |
Remote syslog logging |
ESXi 3.x |
902 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS/Remote Console) |
ESXi 3.x |
902 |
TCP/UDP |
ESXi/ESX Host |
ESXi/ESX Host |
Authentication, Provisioning, VM Migration |
ESXi 3.x |
902 |
TCP/UDP |
ESXi/ESX Host |
Virtual Center 3.x/ vCenter Server 4.x |
Heartbeat |
ESXi 3.x |
903 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VM Remote VM Console (MKS) |
ESXi 3.x |
2049 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client |
ESXi 3.x |
2049 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client |
ESXi 3.x |
2050 to 2250 |
UDP |
ESXi/ESX Host |
ESXi/ESX Host |
VMware HA |
ESXi 3.x |
3260 |
TCP |
ESXi/ESX Host |
iSCSI SAN |
Software iSCSI Client and Hardware iSCSI HBA |
ESXi 3.x |
5988 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
CIM Client to CIM Secure Server |
ESXi 3.x |
5989 |
TCP |
VirtualCenter/vCenter |
ESXi/ESX Host |
CIM Client to CIM Secure Server |
ESXi 3.x |
5989 |
TCP |
ESXi/ESX Host |
VirtualCenter/vCenter |
CIM Secure Server to CIM Client |
ESXi 3.x |
8000 |
TCP |
ESXi/ESX Host (VM Target) |
ESXi/ESX Host (VM Source) |
VMotion Communication on VMKernel Interface |
ESXi 3.x |
8000 |
TCP |
ESXi/ESX Host (VM Source) |
ESXi/ESX Host (VM Target) |
VMotion Communication on VMKernel Interface |
ESXi 3.x |
8042 to 8045 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
VMware HA |
ESXi 3.x |
27000 |
TCP |
ESXi/ESX Host |
VMware License Server |
ESXi/ESX 3.x Host to License Server communication |
ESXi 3.x |
27010 |
TCP |
ESXi/ESX Host |
VMware License Server |
ESXi/ESX 3.x Host to License Server communication |
ESXi 4.x |
53 |
UDP |
ESXi/ESX Host |
DNS Server |
DNS |
ESXi 4.x |
80 |
TCP |
Client PC |
ESXi/ESX Host |
Redirect Web Browser to HTTPS Service (443) |
ESXi 4.x |
88 |
TCP |
ESXi host |
Active Directory Server |
PAM Active Directory Authentication - Kerberos |
ESXi 4.x |
111 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESXi 4.x |
111 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESXi 4.x |
123 |
UDP |
ESXi/ESX Host |
NTP Time Server |
NTP Client |
ESXi 4.x |
161 |
UDP |
SNMP Server |
ESXi 4.x Host |
SNMP Polling. Not used in ESXi 3.x |
ESXi 4.x |
162 |
UDP |
ESXi Host |
SNMP Collector |
SNMP Trap Send |
ESXi 4.x |
389 |
TCP/UDP |
ESXi host |
LDAP Server |
PAM Active Directory Authentication - Kerberos |
ESXi 4.x |
427 |
UDP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESXi 4.x |
427 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESXi 4.x |
443 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VI / vSphere Client to ESXi/ESX Host management connection |
ESXi 4.x |
443 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
Host to host VM migration and provisioning |
ESXi 4.x |
445 |
UDP |
ESXi host |
MS Directory Services Server |
PAM Active Directory Authentication |
ESXi 4.x |
445 |
TCP |
ESXi host |
MS Directory Services Server |
PAM Active Directory Authentication |
ESXi 4.x |
445 |
TCP |
ESXi host |
SMB Server |
SMB Server |
ESXi 4.x |
464 |
TCP |
ESXi host |
Active Directory Server |
PAM Active Directory Authentication - Kerberos |
ESXi 4.x |
514 |
UDP |
ESXi/ESX Host |
Syslog Server |
Remote syslog logging |
ESXi 4.x |
902 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS/Remote Console) |
ESXi 4.x |
902 |
TCP/UDP |
ESXi/ESX Host |
ESXi/ESX Host |
Authentication, Provisioning, VM Migration |
ESXi 4.x |
902 |
TCP/UDP |
ESXi/ESX Host |
vCenter 4 Server |
Heartbeat |
ESXi 4.x |
902 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VM Remote VM Console (MKS) |
ESXi 4.x |
1024 (dynamic) |
TCP/UDP |
ESXi Host |
Active Directory Server |
Bi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). See
Active Directory and Active Directory Domain Services Port Requirements and the Microsoft Knowledge Base article
179442. |
ESXi 4.x |
2049 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client |
ESXi 4.x |
2049 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client |
ESXi 4.x |
2050 to 2250 |
UDP |
ESXi/ESX Host |
ESXi/ESX Host |
VMware HA |
ESXi 4.x |
3260 |
TCP |
ESXi/ESX Host |
iSCSI SAN |
Software iSCSI Client and Hardware iSCSI HBA |
ESXi 4.x |
5900to 5964 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
RFB Protocol used by management toolssuch as VNC |
ESXi 4.x |
5988 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
CIM Client to CIM Secure Server |
ESXi 4.x |
5989 |
TCP |
VirtualCenter/vCenter |
ESXi/ESX Host |
CIM Client to CIM Secure Server |
ESXi 4.x |
5989 |
TCP |
ESXi/ESX Host |
VirtualCenter/vCenter |
CIM Secure Server to CIM Client |
ESXi 4.x |
8000 |
TCP |
ESXi/ESX Host (VM Target) |
ESXi/ESX Host (VM Source) |
VMotion Communication on VMkernel Interface |
ESXi 4.x |
8000 |
TCP |
ESXi/ESX Host (VM Source) |
ESXi/ESX Host (VM Target) |
VMotion Communication on VMkernel Interface |
ESXi 4.x |
47 |
UDP |
ESXi/ESX Host |
Physical Switches |
vDS (Virtual Distributed Switch) Broadcast |
ESXi 4.x |
8042 to 8045 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
VMware HA |
ESXi 4.x |
8100 |
TCP/UDP |
ESXi/ESX 4 Host |
ESXi/ESX 4.x Host |
VMware Fault Tolerance. ESXi/ESX 4 only. |
ESXi 4.x |
8200 |
TCP/UDP |
ESXi/ESX 4 Host |
ESXi/ESX 4.x Host |
VMware Fault Tolerance. ESXi/ESX 4 only. |
ESXi 4.x |
8301 |
UDP |
ESXi/ESX 4.x Host |
ESXi/ESX 4.x Host |
DVS Port Information |
ESXi 4.x |
8302 |
UDP |
ESXi/ESX 4.x Host |
ESXi/ESX 4.x Host |
DVS Port Information |
ESXi 5.x |
22 |
TCP |
Client PC |
ESXi Host |
SSH Server |
ESXi 5.x |
53 |
UDP |
ESXi 5.x |
DNS Server |
DNS Client |
ESXi 5.x |
68 |
UDP |
ESXi 5.x |
DHCP Server |
DHCP Client |
ESXi 5.x |
80 |
TCP |
Client PC |
ESXi Host |
Redirect Web Browser to HTTPS Service (443) |
ESXi 5.x |
88 |
TCP |
ESXi host |
Active Directory Server |
PAM Active Directory Authentication - Kerberos |
ESXi 5.x |
111 |
TCP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESXi 5.x |
111 |
UDP |
ESXi/ESX Host |
NFS Server |
NFS Client – RPC Portmapper |
ESXi 5.x |
123 |
UDP |
ESXi/ESX Host |
NTP Time Server |
NTP Client |
ESXi 5.x |
161 |
UDP |
SNMP Server |
ESXi Host |
SNMP Polling. Not used in ESXi 3.x |
ESXi 5.x |
162 |
UDP |
ESXi Host |
SNMP Collector |
SNMP Trap Send |
ESXi 5.x |
389 |
TCP/UDP |
ESXi host |
LDAP Server |
PAM Active Directory Authentication - Kerberos |
ESXi 5.x |
427 |
UDP |
VI / vSphere Client |
ESXi/ESX Host |
CIM Service Location Protocol (SLP) |
ESXi 5.x |
443 |
TCP |
VI / vSphere Client |
ESXi/ESX Host |
VI / vSphere Client to ESXi/ESX Host management connection |
ESXi 5.x |
443 |
TCP |
ESXi/ESX Host |
ESXi/ESX Host |
Host to host VM migration and provisioning |
ESXi 5.x |
445 |
UDP |
ESXi host |
MS Directory Services Server |
PAM Active Directory Authentication |
ESXi 5.x |
445 |
TCP |
ESXi host |
MS Directory Services Server |
PAM Active Directory Authentication |
ESXi 5.x |
445 |
TCP |
ESXi host |
SMB Server |
SMB Server |
ESXi 5.x |
464 |
TCP |
ESXi host |
Active Directory Server |
PAM Active Directory Authentication - Kerberos |
ESXi 5.x |
514 |
UDP/TCP |
ESXi 5.x |
Syslog Server |
Remote syslog logging |
ESXi 5.x |
902 |
TCP/UDP |
ESXi 5.x |
ESXi Host |
Host access to other hosts for migration and provisioning |
ESXi 5.x |
902 |
TCP |
vSphere Client |
ESXi Host |
vSphere Client access to virtual machine consoles (MKS) |
ESXi 5.x |
902 |
UDP |
ESXi 5.x |
vCenter Server |
(UDP) Status update. Managed hosts send a regular heartbeat to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts. |
ESXi 5.x |
1024 (dynamic) |
TCP/UDP |
ESXi Host |
Active Directory Server |
Bi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). See
Active Directory and Active Directory Domain Services Port Requirements and
the Microsoft Knowledge Base article179442. |
ESXi 5.x |
2049 |
TCP |
ESXi 5.x |
NFS Server |
Transactions from NFS storage devices |
ESXi 5.x |
2049 |
UDP |
ESXi 5.x |
NFS Server |
Transactions from NFS storage devices |
ESXi 5.x |
3260 |
TCP |
ESXi 5.x |
iSCSI storage server |
Transactions to iSCSI storage devices |
ESXi 5.x |
5900 to 5964 |
TCP |
ESXi 5.x |
ESXi Host |
RFB protocol, which is used by management tools such as VNC |
ESXi 5.x |
5988 |
TCP |
CIM Server |
ESXi Host |
CIM transactions over HTTP |
ESXi 5.x |
5989 |
TCP |
vCenter Server |
ESXi Host |
CIM XML transactions over HTTPS |
ESXi 5.x |
5989 |
TCP |
ESXi 5.x |
vCenter Server |
CIM XML transactions over HTTPS |
ESXi 5.x |
8000 |
TCP |
ESXi 5.x (VM Target) |
ESXi (VM Source) |
Requests from vMotion |
ESXi 5.x |
8000 |
TCP |
ESXi 5.x (VM Source) |
ESXi (VM Target) |
Requests from vMotion |
ESXi 5.x |
8100 |
TCP/UDP |
ESXi 5.x |
ESXi Host |
Traffic between hosts for vSphere Fault Tolerance (FT) |
ESXi 5.x |
8182 |
TCP/UDP |
ESXi 5.x |
ESXi Host |
Traffic between hosts for vSphere High Availability (vSphere HA) |
ESXi 5.x |
8200 |
TCP/UDP |
ESXi 5.x |
ESXi Host |
Traffic between hosts for vSphere Fault Tolerance (FT) |
ESXi 5.x |
8301 |
UDP |
ESXi 5.x |
ESXi Host |
DVS Port Information |
ESXi 5.x |
8302 |
UDP |
ESXi 5.x |
ESXi Host |
DVS Port Information |
ESXi 5.x |
31000 |
TCP |
SPS Server |
vCenter Server |
Internal Communication Port |
ESXi 6.x |
9 |
UDP |
vCenter Server |
Virtual Volumes |
Used by the Virtual Volumes feature |
ESXi 6.x |
22 |
TCP |
SSH Client |
ESXi Host |
Required for SSH access |
ESXi 6.x |
53 |
UDP |
ESXi Host |
DNS Server |
DNS client |
ESXi 6.x |
68 |
UDP |
DHCP Server |
ESXi Host |
DHCP client for IPv4 |
ESXi 6.x |
80 |
TCP |
Web Browser |
ESXi Host |
Welcome page, with download links for different interfaces |
ESXi 6.x |
161 |
UDP |
SNMP Server |
ESXi Host |
Allows the host to connect to an SNMP server |
ESXi 6.x |
427 |
TCP/UDP |
CIM Server |
ESXi Host |
The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM servers |
ESXi 6.x |
443 |
TCP |
vSphere Web Client |
ESXi Host |
Client connections |
ESXi 6.x |
546 |
TCP/UDP |
DHCP Server |
ESXi Host |
DHCP client for IPv6 |
ESXi 6.x |
547 |
TCP/UDP |
ESXi Host |
DHCP Server |
DHCP client for IPv6 |
ESXi 6.x |
902 |
TCP/UDP |
VMware vCenter Agent |
ESXi Host |
vCenter Server agent |
ESXi 6.x |
2233 |
TCP |
ESXi Host |
Virtual SAN Transport |
Used for RDT traffic (Unicast peer to peer communication) between Virtual SAN nodes. |
ESXi 6.x |
3260 |
TCP |
ESXi Host |
Software iSCSI Client |
Supports software iSCSI |
ESXi 6.x |
5671 |
TCP |
ESXi Host |
rabbitmqproxy |
A proxy running on the ESXi host that allows applications running inside virtual machines to communicate to the AMQP brokers running in the vCenter network domain. The virtual machine does not have to be on the network, that is, no NIC is required. The proxy
connects to the brokers in the vCenter network domain. Therefore, the outgoing connection IP addresses should at least include the current brokers in use or future brokers. Brokers can be added if customer would like to scale up. |
ESXi 6.x |
5988,8889 |
TCP |
CIM Server |
ESXi Host |
Server for CIM (Common Information Model) |
ESXi 6.x |
5989 |
TCP |
CIM Secure Server |
ESXi Host |
Secure server for CIM |
ESXi 6.x |
6999 |
UDP |
NSX Distributed Logical Router Service |
ESXi Host |
NSX Virtual Distributed Router service. The firewall port associated with this service is opened when NSX VIBs are installed and the VDR module is created. If no VDR instances are associated with the host, the port does not have to be open.
This service was called NSX Distributed Logical Router in earlier versions of the product. |
ESXi 6.x |
8000 |
TCP |
ESXi Host |
ESXi Host |
vMotion |
ESXi 6.x |
8080 |
TCP |
vsanvp |
ESXi Host |
VSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about Virtual SAN storage profiles, capabilities, and compliance. If disabled, Virtual SAN Storage Profile Based Management (SPBM) does not
work. |
ESXi 6.x |
8100,8200,8300 |
TCP\UDP |
Fault Tolerance |
ESXi Host |
Traffic between hosts for vSphere Fault Tolerance (FT). |
ESXi 6.x |
8301,8302 |
UDP |
DVSSync |
ESXi Host |
DVSSync ports are used for synchronizing states of distributed virtual ports between hosts that have VMware FT record/replay enabled. Only hosts that run primary or backup virtual machines must have these ports open. On hosts that are not using VMware FT these
ports do not have to be open. |
ESXi 6.x |
12345, 23451 |
UDP |
ESXi Host |
Virtual SAN Clustering Service |
Cluster Monitoring, Membership, and Directory Service used by Virtual SAN. |
ESXi 6.x |
44046, 31031 |
TCP |
ESXi Host |
HBR |
Used for ongoing replication traffic by vSphere Replication and VMware Site Recovery Manager. |
ESXi Dump Collector |
6500 |
UDP |
ESXi |
vCenter Server |
Network coredump server |
ESXi Dump Collector |
8000 |
TCP |
ESXi |
vCenter Server |
Network coredump web port |
ESXi Syslog Collector |
8001 |
TCP |
ESXi |
vCenter Server |
Network syslog server |
Guided Consolidation |
135 |
TCP/UDP |
Consolidation Target (Physical Server) |
vCenter Converter Server |
Microsoft DCE Locator Service, also known at End-Point Mapper |
Guided Consolidation |
137 |
TCP/UDP |
Consolidation Target (Physical Server) |
vCenter Converter Server |
NetBIOS names service. Firewall administrators frequently see larger numbers of incoming packets to port 137. This is because of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the gethostbyaddr() function. As users
behind the firewalls visit Windows-based Web sites, those servers frequently respond with NetBIOS lookups. |
Guided Consolidation |
138 |
TCP/UDP |
Consolidation Target (Physical Server) |
vCenter Converter Server |
NetBIOS datagram Used by Windows, as well as UNIX services (such as SAMBA). Port 138 is used primarily by the SMB browser service that obtains Network Neighborhood information. |
Guided Consolidation |
139 |
TCP/UDP |
Consolidation Target (Physical Server) |
vCenter Converter Server |
NetBIOS Session Windows File and Printer sharing. |
Guided Consolidation |
445 |
TCP/UDP |
Consolidation Target (Physical Server) |
vCenter Converter Server |
DNS Direct Hosting port. In Windows 2000 and Windows XP, redirector and server components now support direct hosting for communicating with other computers running Windows 2000 or Windows XP. Direct hosting does not use NetBIOS for name resolution. DNS is used
for name resolution, and the Microsoft networking communication is sent directly over TCP without a NetBIOS header. Direct hosting over TCP/IP uses TCP and UDP port 445 instead of the NetBIOS session TCP port 139. |
Heartbeat |
52267 |
TCP |
vCenter Server Heartbeat Console |
vCenter Server Heartbeat Server |
Client Connection Port |
Heartbeat |
57348 |
TCP |
vCenter Server Primary Server |
vCenter Server Secondary Server |
Default Channel Port to communicate between Primary and Secondary server |
Lab Manager |
137 |
UDP |
ESXi/ESX Host |
SMB File Server |
SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
Lab Manager |
138 |
UDP |
ESXi/ESX Host |
SMB File Server |
SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
Lab Manager |
139 |
TCP |
ESXi/ESX Host |
SMB File Server |
SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
Lab Manager |
389 |
TCP/UDP |
Lab Manager Server |
LDAP Server |
LDAP Authentication (optional) |
Lab Manager |
443 |
TCP |
Client PC |
Lab Manager Server |
Lab Manager Console (Web Browser) |
Lab Manager |
443 |
TCP |
Lab Manager Server |
vCenter Server |
Lab Manager to vCenter Server Communication |
Lab Manager |
445 |
TCP |
ESXi/ESX Host |
SMB File Server |
SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
Lab Manager |
514 |
TCP |
Lab Manager Server |
Virtual Router |
Update IP tables and routing on the vRouter |
Lab Manager |
636 |
TCP |
Lab Manager Server |
LDAP Server |
LDAPS Authentication (optional) |
Lab Manager |
1433 |
TCP |
Lab Manager Server |
Microsoft SQL Server |
Lab Manager Connectivity to Microsoft SQL Server (for LM database) |
Lab Manager |
5212 |
TCP |
Lab Manager Server |
ESXi/ESX Host |
Lab Manager Agent. ESXi requires Lab Manager 4.x |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
25 |
TCP |
vRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator) |
SMTP Server |
Email notifications |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
80 |
TCP |
vRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator) |
vCenter Server |
Used to obtain virtual infrastructure and virtual machine information from orchestrated vCenter Server(s) through the vCenter API (Shared sessions) |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
389 |
TCP/UDP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
LDAP Server |
LDAP Authentication |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
443 |
TCP |
vRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator) |
vCenter Server |
Used to obtain virtual infrastructure and virtual machine information from orchestrated vCenter Server(s) through the vCenter API |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
636 |
TCP |
vRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator) |
LDAP Server |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) uses LDAP authentication and group membership to determine role authorization in LCM and access to VMs/requests. This is the SSL secured LDAP protocol LDAPS (the SSL pendent of 389). This
is used for secured LDAP authentication |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
1433 |
TCP |
vRealize Orchestartor Server |
Microsoft SQL Server |
vRealize Orchestrator Server to Microsoft SQL Server for vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Database |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
1521 |
TCP |
vRealize Orchestrator Server |
Oracle Database Server |
vRealize Orchestrator Server to Oracle for vRealize Orchestrator Database |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
3306 |
TCP |
vRealize Orchestrator Server |
MySQL Server |
vRealize Orchestrator Server to MySQL Server for vRealize Orchestrator Database |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
5432 |
TCP |
vRealize Orchestrator Server |
PostgresSQL Server |
vRealize Orchestrator Server to PostgresSQL Server for vRealize Orchestrator Database |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8230 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client |
vRealize Orchestrator Server |
Lookup port – The main port to communicate with vRealize Orchestrator Configurator server (JNDI port). All other ports communicate with the vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Configurator smart client through this one. It
is part of the JBoss Application server infrastructure |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8240 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
Command port – The application communication port (RMI container port), it is used for remote invocations. It is part of the JBoss Application server infrastructure. |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8244 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
Data port used to access all vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) data models, such as workflows and policies. It is part of the JBoss application server infrastructure. |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8250 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
Messaging port – The Java messaging port used to dispatch events. It is part of the JBoss Application server infrastructure |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8280 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
Port used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to the Web front-end via HTTP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8281 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
Port used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to the Web front-end via HTTPS |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8281 |
TCP |
vCenter Server |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
Port used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to vCenter Server to communicate with the vCenter API |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8282 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PC |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server |
HTTP server port – Port used by the HTTP connector to connect to the Web frontend. |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8283 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PC |
vRealize Orchestrator Server |
HTTPS server port – Port used by HTTP connector to connect to the Web frontend. Requires Jetty to be configured for SSL. |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8286 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PC |
vRealize Orchestrator Server |
Java messaging port used for dispatching events. |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) |
8287 |
TCP |
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PC |
vRealize Orchestrator Server |
SSL secured Java messaging port used for dispatching events. |
Realize Business Advanced/Enterprise |
80/8080 |
TCP |
Web Browser |
vRealize Business Advanced/Enterprise |
Port used to login (HTTP) to the vRealize Business UI. |
vRealize Business Advanced/Enterprise |
443 |
TCP |
Web Browser |
vRealize Business Advanced/Enterprise |
Port used to login (HTTPS) to the vRealize Business UI. |
vRealize Business Advanced/Enterprise |
1521 |
TCP |
vRealize Business Advanced/Enterprise |
Oracle RDBMS |
Port used by vRealize Business to connect to Oracle DB |
vRealize Business Advanced/Enterprise |
389/3268 |
TCP |
vRealize Business Advanced/Enterprise |
LDAP Server |
Listen port in the LDAP/AD server that vRealize Business connects to for synchronizing users. |
vRealize Business Advanced/Enterprise |
32xx range |
TCP |
vRealize Business Advanced/Enterprise |
Oracle DB |
When a firewall is present between vRealize Business and Oracle DB servers, the 3200 range ports need to be opened on the firewall. Calls from vRealize Business to Oracle DB server originate on port 1521, but DB server uses a variety of random ephemeral ports
in the 3200 range for return calls. If these are not opened, calls between vRealize Business and Oracle DB will hang. Use network monitoring applications such as Wireshark to verify these ephemeral ports. |
Stage Manager |
137 |
UDP |
ESX Host |
SMB File Server |
SMB File Sharing for Importing/Exporting VMs |
Stage Manager |
138 |
UDP |
ESX Host |
SMB File Server |
SMB File Sharing for Importing/Exporting VMs |
Stage Manager |
139 |
TCP |
ESX Host |
SMB File Server |
SMB File Sharing for Importing/Exporting VMs |
Stage Manager |
389 |
TCP/UDP |
Stage Manager Server |
LDAP Server |
LDAP Authentication (optional) |
Stage Manager |
443 |
TCP |
Client PC |
Stage Manager Server |
Stage Manager Console (Web Browser) |
Stage Manager |
443 |
TCP |
Stage Manager Server |
ESX Host |
Stage Manager Server communication with ESX Host Agent |
Stage Manager |
443 |
TCP |
Stage Manager Server |
vCenter Server |
Stage Manager Server communication with vCenter Server |
Stage Manager |
445 |
TCP |
ESX Host |
SMB File Server |
SMB File Sharing for Importing/Exporting VMs |
Stage Manager |
514 |
TCP |
Stage Manager Server |
ESX Host |
ESX Host Virtual Router |
Stage Manager |
636 |
TCP |
Stage Manager Server |
LDAP Server |
LDAPS Authentication (optional) |
Stage Manager |
5212 |
TCP |
Stage Manager Server |
ESX Host |
Stage Manager Agent |
Update Manager |
80 |
TCP |
Update Manager Server |
www.vmware.com and xml.shavlik.com |
To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com |
Update Manager |
80 |
TCP |
ESXi/ESX Host |
Update Manager Host |
ESXi/ESX Host to Update Manager Server. The reverse proxy forwards the request to port 9084 |
Update Manager |
80 |
TCP |
Update Manager Server |
vCenter Server |
Update Manager to vCenter Server communication |
Update Manager |
443 |
TCP |
Update Manager Server |
www.vmware.com and xml.shavlik.com |
To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com |
Update Manager |
443 |
TCP |
ESXi/ESX Host |
Update Manager Server |
ESXi/ESX Host to Update Manager Server . The reverse proxy forwards the request to port 9084 |
Update Manager |
443 |
TCP |
vCenter Server |
Update Manager Server |
vCenter Server to Update Manager Server. The reverse proxy forwards the request to port 8084 |
Update Manager |
735 |
TCP |
Update Manager Server |
Virtual Machines |
Update Managerlistenerport (rdevServer.exe) part of theRemote Device Server used for virtual machine patching. |
Update Manager |
902 |
TCP |
Update Manager Server |
ESXi/ESX Host |
To push patches and updates from Update Manager to the ESXi/ESX Hosts to be updated |
Update Manager |
1433 |
TCP |
Update Manager Server |
Microsoft SQL Server |
Update Manager to Microsoft SQL Server connectivity (for UM Database) |
Update Manager |
1521 |
TCP |
Update Manager Server |
Oracle Database Server |
Update Manager to Oracle connectivity (for UM Database) |
Update Manager |
8084 |
TCP |
Update Manager Server |
Update Manager Client Plugin |
SOAP between components of Update Manager Server and the vCenter Update Manager client plug-in. Configurable at install. |
Update Manager |
9084 |
TCP |
ESXi/ESX host |
Update Manager Server |
ESXi/ESX hosts connect to the VUM (VMware Update Manager) webserver listening for updates. Configurable at install. |
Update Manager |
9087 |
TCP |
Update Manager Server |
Update Manager Client Plugin |
Port used for uploading host update files. Configurable at install. |
Update Manager |
9000 to 9100 |
TCP |
ESXi/ESX Host |
Update Manager Server |
This is the recommend port range from which to choose ports for Update Manager if ports 80 and 443 are already in use. Update Manager automatically opens these ports for ESX Host scanning and remediation. |
vCenter Server 2.5.x |
25 |
TCP |
vCenter Server |
SMTP Server |
Email notifications |
vCenter Server 2.5.x |
53 |
UDP |
vCenter Server |
DNS Server |
DNS lookups |
vCenter Server 2.5.x |
80 |
TCP |
Client PC |
vCenter Server |
Redirect Web Browser to HTTPS Service (443) |
vCenter Server 2.5.x |
88 |
TCP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 2.5.x |
88 |
UDP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 2.5.x |
161 |
UDP |
SNMP Server |
vCenter Server |
SNMP Polling |
vCenter Server 2.5.x |
162 |
UDP |
vCenter Server |
SNMP Server |
SNMP Trap Send |
vCenter Server 2.5.x |
389 |
TCP/UDP |
vCenter Server |
LDAP Server |
LDAP Authentication |
vCenter Server 2.5.x |
443 |
TCP |
vCenter Server |
ESXi/ESX Host |
vCenter Agent |
vCenter Server 2.5.x |
443 |
TCP |
Client PC |
vCenter Server |
VI Web Access (Web Browser) |
vCenter Server 2.5.x |
443 |
TCP |
VI / vSphere Client |
vCenter Server |
VI / vSphere Client access to vCenter Server |
vCenter Server 2.5.x |
445 |
TCP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 2.5.x |
445 |
UDP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 2.5.x |
902 |
TCP/UDP |
vCenter Server |
ESXi/ESX Host |
Heartbeat |
vCenter Server 2.5.x |
902 |
TCP/UDP |
ESXi/ESX Host |
vCenter Server |
Heartbeat |
vCenter Server 2.5.x |
903 |
TCP |
Client PC |
vCenter Server |
VI / vSphere Client to VM Console |
vCenter Server 2.5.x |
903 |
TCP |
vCenter Server |
ESXi/ESX Host |
VI / vSphere Client to VM Console (after connection established between VI / vSphere Client and vCenter) |
vCenter Server 2.5.x |
1433 |
TCP |
vCenter Server |
Microsoft SQL Server |
For vCenter Microsoft SQL Server Database |
vCenter Server 2.5.x |
1521 |
TCP |
vCenter Server |
Oracle Database Server |
For vCenter Oracle Database |
vCenter Server 2.5.x |
5989 |
TCP |
VirtualCenter/vCenter |
ESXi/ESX Host |
vCenter to ESX |
vCenter Server 2.5.x |
5989 |
TCP |
ESXi/ESX Host |
VirtualCenter/vCenter |
ESX to vCenter |
vCenter Server 2.5.x |
8005 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 2.5.x |
8006 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 2.5.x |
8083 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics |
vCenter Server 2.5.x |
8085 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics/SDK |
vCenter Server 2.5.x |
8086 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 2.5.x |
8087 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics |
vCenter Server 2.5.x |
27000 |
TCP |
vCenter Server |
VMware License Server |
Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
vCenter Server 2.5.x |
27000 |
TCP |
VMware License Server |
vCenter Server |
Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
vCenter Server 2.5.x |
27010 |
TCP |
vCenter Server |
VMware License Server |
Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
vCenter Server 2.5.x |
27010 |
TCP |
VMware License Server |
vCenter Server |
Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
vCenter Server 4.x |
25 |
TCP |
vCenter Server |
SMTP Server |
Email notifications |
vCenter Server 4.x |
53 |
UDP |
vCenter Server |
DNS Server |
DNS lookups |
vCenter Server 4.x |
80 |
TCP |
Client PC |
vCenter Server |
Redirect Web Browser to HTTPS Service (443) |
vCenter Server 4.x |
80 |
TCP |
vCenter Server |
ESXi/ESX 4.x |
DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
vCenter Server 4.x |
88 |
UDP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 4.x |
88 |
TCP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 4.x |
135 |
TCP |
vCenter Server |
vCenter Server |
Linked Mode |
vCenter Server 4.x |
161 |
UDP |
SNMP Server |
vCenter Server |
SNMP Polling |
vCenter Server 4.x |
162 |
UDP |
vCenter Server |
SNMP Server |
SNMP Trap Send |
vCenter Server 4.x |
389 |
TCP/UDP |
vCenter Server |
Linked vCenter Servers |
Bi-directional LDAP authentication with Kerberos encryption on TCP port 389 is required between all vCenters that need to replicate. |
vCenter Server 4.x |
443 |
TCP |
vCenter Server |
ESXi/ESX Host |
vCenter Agent |
vCenter Server 4.x |
443 |
TCP |
vCenter Server |
ESXi/ESX 4.x |
Host DPM with HP iLO Remote Management and Control Protocol |
vCenter Server 4.x |
443 |
TCP |
Client PC |
vCenter Server |
VI Web Access (Web Browser) |
vCenter Server 4.x |
443 |
TCP |
vSphere Client |
vCenter Server |
vSphere Client access to vCenter Server |
vCenter Server 4.x |
445 |
TCP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 4.x |
445 |
UDP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 4.x |
623 |
UDP |
vCenter Server |
ESXi/ESX 4.x Host |
DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
vCenter Server 4.x |
636 |
TCP |
vCenter Server |
Linked vCenter Servers |
Linked mode connectivity between vCenter Servers |
vCenter Server 4.x |
902 |
TCP/UDP |
vCenter Server |
ESXi/ESX Host |
Heartbeat |
vCenter Server 4.x |
902 |
TCP/UDP |
ESXi/ESX Host |
vCenter Server |
Heartbeat |
vCenter Server 4.x |
903 |
TCP |
Client PC |
vCenter Server |
VI / vSphere Client to VM Console |
vCenter Server 4.x |
902 |
TCP |
vCenter Server |
ESXi/ESX Host |
VI / vSphere Client to VM Console (after connection established between VI / vSphere Client and vCenter) |
vCenter Server 4.x |
1024 (dynamic) |
RPC |
Linked vCenter Servers |
Linked vCenter Servers |
Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all vCenters that own an object it needs to manage. |
vCenter Server 4.x |
1433 |
TCP |
vCenter Server |
Microsoft SQL Server |
For vCenter Microsoft SQL Server Database |
vCenter Server 4.x |
1521 |
TCP |
vCenter Server |
Oracle Database Server |
For vCenter Oracle Database |
vCenter Server 4.x |
5989 |
TCP |
vCenter Server |
ESXi/ESX Host |
vCenter to ESX |
vCenter Server 4.x |
5989 |
TCP |
ESXi/ESX Host |
vCenter Server |
ESX to vCenter |
vCenter Server 4.x |
8005 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 4.x |
8006 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 4.x |
8080 |
TCP |
Client PC |
vCenter Server 4.x |
VMware vCenter 4 Management Web Services - HTTP |
vCenter Server 4.x |
8083 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics |
vCenter Server 4.x |
8085 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics/SDK |
vCenter Server 4.x |
8086 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 4.x |
8087 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics |
vCenter Server 4.x |
8089 |
TCP |
vCenter Server |
vCenter Server |
SDK Tunneling Port |
vCenter Server 4.x |
8443 |
TCP |
Client PC |
vCenter Server 4.x |
VMware vCenter 4 Management Web Services - HTTPS |
vCenter Server 4.x |
8443 |
TCP |
vCenter Server |
vCenter Server |
Linked Mode |
vCenter Server 4.x |
27000 |
TCP |
vCenter Server |
VMware License Server |
Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
vCenter Server 4.x |
27000 |
TCP |
VMware License Server |
vCenter Server |
Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
vCenter Server 4.x |
27010 |
TCP |
vCenter Server |
VMware License Server |
Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
vCenter Server 4.x |
27010 |
TCP |
VMware License Server |
vCenter Server |
Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
vCenter Server 4.1 |
60099 |
TCP |
vCenter Server |
vCenter Server Services |
This port is for internal communication between vCenter Server and its solutions. Specifically, it is used to exchange messages about inventory. If you do not have it open, a solution that integrates with vCenter Server using this service may be affected. |
vCenter Server 5.x |
25 |
TCP |
vCenter Server |
SMTP Server |
Email notifications |
vCenter Server 5.x |
53 |
UDP |
vCenter Server |
DNS Server |
DNS lookups |
vCenter Server 5.x |
80 |
TCP |
Client PC |
vCenter Server |
vCenter Server requires port 80 for direct HTTP connections. |
vCenter Server 5.x |
80 |
TCP |
vCenter Server |
ESXi 5.x |
DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
vCenter Server 5.x |
88 |
UDP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 5.x |
88 |
TCP |
vCenter Server |
Active Directory Server |
AD Authentication |
vCenter Server 5.x |
135 |
TCP |
vCenter Server |
vCenter Server |
Used by ADAM for RPC communications between vCenter Servers in Linked Mode. |
vCenter Server 5.x |
161 |
UDP |
SNMP Server |
vCenter Server |
SNMP Polling |
vCenter Server 5.x |
162 |
UDP |
vCenter Server |
SNMP Server |
SNMP Trap Send |
vCenter Server 5.x |
389 |
TCP/UDP |
vCenter Server |
Linked vCenter Servers |
This port must be open in the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter
Server instance to a Linked Mode group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535. |
vCenter Server 5.x |
443 |
TCP |
vSphere Client |
vCenter Server |
vCenter Server system uses to listen for connections from the vSphere Client. |
vCenter Server 5.x |
443 |
TCP |
vCenter Server |
ESXi 5.x |
vCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol |
vCenter Server 5.x |
623 |
UDP |
vCenter Server |
ESXi 5.x |
DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
vCenter Server 5.x |
636 |
TCP |
vCenter Servers |
Linked vCenter Servers |
This is the SSL port of the local instance for vCenter Server Linked Mode. If another service is running on this port, it might be preferable to remove it or change its port. You can run the SSL service on any port from 1025 through 65535. |
vCenter Server 5.x |
902 |
TCP |
vCenter Server |
ESXi 5.x |
vCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts. |
vCenter Server 5.x |
902 |
TCP/UDP |
vSphere Client |
ESXi 5.x |
vSphere Client uses this ports to display virtual machine consoles. |
vCenter Server 5.x |
902 |
TCP/UDP |
ESXi 5.x |
ESXi 5.x |
Host access to other hosts for migration and provisioning |
vCenter Server 5.x |
1024 (dynamic) |
RPC |
Linked vCenter Servers |
Linked vCenter Servers |
Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). |
vCenter Server 5.x |
1433 |
TCP |
vCenter Server |
Microsoft SQL Server |
For vCenter Microsoft SQL Server Database |
vCenter Server 5.x |
1521 |
TCP |
vCenter Server |
Oracle Database Server |
For vCenter Oracle Database |
vCenter Server 5.x |
5988 |
TCP |
ESXi 5.x |
vCenter Server |
CIM transactions over HTTP |
vCenter Server 5.x |
5989 |
TCP |
vCenter Server |
ESXi 5.x |
CIM XML transactions over HTTPS |
vCenter Server 5.x |
5989 |
TCP |
ESXi 5.x |
vCenter Server |
CIM XML transactions over HTTPS |
vCenter Server 5.x |
7500 |
UDP |
vCenter Server |
Linked vCenter Servers |
vCenter Inventory Service Groups diagnostics port for Inventory Service instances. |
vCenter Server 5.x |
8005 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 5.x |
8006 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 5.x |
8009 |
TCP |
vCenter Server |
vCenter Server |
AJP Port |
vCenter Server 5.x |
8080 |
TCP |
Client PC |
vCenter Server |
Web Services HTTP. Used for the VMware VirtualCenter Management Web Services |
vCenter Server 5.x |
8083 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics |
vCenter Server 5.x |
8085 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics/SDK |
vCenter Server 5.x |
8086 |
TCP |
vCenter Server |
vCenter Server |
Internal Communication Port |
vCenter Server 5.x |
8087 |
TCP |
vCenter Server |
vCenter Server |
Internal Service Diagnostics |
vCenter Server 5.x |
8089 |
TCP |
vCenter Server |
vCenter Server |
SDK Tunneling Port |
vCenter Server 5.x |
8443 |
TCP |
Client PC |
Linked vCenter Servers |
Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services. |
vCenter Server 5.x |
8443 |
TCP |
vCenter Server |
vCenter Server |
VMware Web Management Services Linked Mode Communication port |
vCenter Server 5.x |
9443 |
TCP |
Client PC |
vCenter Server |
vSphere Web Client Access |
vCenter Server 5.x |
10111 |
TCP |
vCenter Server |
Linked vCenter Servers |
vCenter Inventory Service Linked Mode Communication |
vCenter Server 5.x |
10443 |
TCP |
Client PC |
Linked vCenter Servers |
vCenter Inventory Service Linked Mode Communication between Inventory Service instances.
This can be changed during the vCenter Server installation and should be adjusted in the firewall settings as needed. |
vCenter Server 5.x |
51915 |
TCP |
ESXi |
vSphere Authentication Proxy |
This is a web service, which is used to add host to Active Directory domain. |
vCenter Server 5.x |
60099 |
TCP |
vCenter Server |
vCenter Server |
Web Service change service notification port |
vCenter Server 5.1 |
7005 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
Base shutdown port.
For more information, see
Configuring VMware Tomcat Server Settings in vCenter Server 5.1. |
vCenter Server 5.1 |
7080 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
HTTP Port |
vCenter Server 5.1 |
7009 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
AJP Port |
vCenter Server 5.1 |
49152 to 65535 |
TCP |
Active Directory |
vCenter Server |
Allow Active Directory authentication/communication between domain controllers and vCenter Server. |
vCenter Server 5.1/5.5 |
7444 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
Lookup Service, HTTPS Port |
vCenter Server 5.1/5.5 |
8003 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Server Management Web Services |
vCenter Server Management Web Service shutdown |
vCenter Server 5.5 |
31000 to 32999 |
TCP |
vCenter Single Sign-On |
vCenter Single Sign-On |
Internal Communication Ports for VMware Secure Token Service, which uses two available ports. One port from the 31000 to 31999 range and one port from the 32000 to 32999 range. |
vCenter Server 5.5 |
88 |
TCP |
vCenter Server |
vCenter Single Sign-On |
Kdc Service |
vCenter Server 5.5 |
2012 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
Directory Service |
vCenter Server 5.5 |
2013 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
Kdc Service |
vCenter Server 5.5 |
2014 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
VMware Certificate Service inter-communications with vCenter Single Sign-On |
vCenter Server 5.5 |
6501 |
TCP |
Auto Deploy service |
ESXi Host |
Auto Deploy Service |
vCenter Server 5.5 |
6502 |
TCP |
Auto Deploy Manager |
vSphere Client |
Auto Deploy Manager Service |
vCenter Server 5.5 |
7331 |
TCP |
vSphere Web Client |
vCenter Server (Tomcat Server settings) |
HTML5 remote console for virtual machines |
vCenter Server 5.5 Update 2 and later |
7343 |
TCP |
vSphere Web Client |
vCenter Server (Tomcat Server settings) |
HTML5 remote console for virtual machines, HTTPS |
vCenter Server 5.5 |
7444 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
Lookup Service, HTTPS port |
vCenter Server 5.5 |
8190 |
TCP |
vCenter Server |
vCenter Server |
Storage Policy Server HTTP |
vCenter Server 5.5 |
8191 |
TCP |
vCenter Server |
vCenter Server |
Storage Policy Server HTTPS |
vCenter 5.5 |
9875-9877 |
TCP |
vSphere Web Client |
vSphere Web Client |
vSphere Web Client Java Management Extension (JMX). Dynamically acquired upon the vSphere Web Client service starting. |
vCenter Server 5.5 |
9090 |
TCP |
vSphere Web Client HTTP |
vSphere Web Client |
HTTP redirect to HTTPS |
vCenter Server 5.5 |
11711 |
TCP |
vCenter Single Sign-On |
vCenter Single Sign-On |
Directory service LDAP use for replication between vCenter Single Sign-On nodes |
vCenter Server 5.5 |
11712 |
TCP |
vCenter Single Sign-On |
vCenter Single Sign-On |
Directory service LDAPS use for replication between vCenter Single Sign-On nodes |
vCenter Server 5.5 |
12721 |
TCP |
vCenter Single Sign-On |
vCenter Single Sign-On |
Identity Management Service (IDM) internal client/server communication port.
Used by VMware Identity Management Service. |
vCenter Server 5.5 |
12443 |
TCP |
Log Browser |
vCenter Server |
Log Browser |
vCenter Server 5.5 |
22000 |
TCP |
vCenter Server |
vCenter Server |
vCenter Server Storage Monitoring Service HTTP |
vCenter Server 5.5 |
22100 |
TCP |
vCenter Server |
vCenter Server |
vCenter Server Storage Monitoring Service HTTPS |
vCenter Server 5.5 |
31000 |
TCP |
vCenter Server |
vCenter Server |
VMware vSphere Profile-Driven Storage Service HTTP |
vCenter Server 5.5 |
31100 |
TCP |
vCenter Server |
vCenter Server |
VMware vSphere Profile-Driven Storage Service HTTPS |
vCenter Server 5.5 |
49000 to 65000 |
TCP |
Active Directory |
vCenter Server |
Allow Active Directory authentication/communication between domain controllers and vCenter Server.
Used by the VMware Identity Management Service |
vCenter Server 6.0 |
22 |
TCP/UDP |
vCenter Server |
SSH Client |
System port for SSHD. This port is only used by the vCenter Server Appliance |
vCenter Server 6.0 |
80 |
TCP |
Client PC |
vCenter Server |
vCenter Server requires port80for direct HTTP connections. Port80redirects requests to HTTPS port 443. This redirection is useful if you accidentally usehttp://serverinstead ofhttps://server.
WS-Management (also requires port443to be open).
If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as vCenter Server, port80is used by the SQL Reporting Service.
When you install or upgrade vCenter Server, the installer prompts you to change the HTTP port for vCenter Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation or upgrade. |
vCenter Server 6.0 |
88 |
TCP |
vCenter Server |
Active Directory Server |
VMware key distribution center port |
vCenter Server 6.0 |
389 |
TCP/UDP |
vCenter Server |
Linked vCenter Servers |
This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group.
If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535. |
vCenter Server 6.0 |
443 |
TCP |
vSphere Web Client |
vCenter Server |
The default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the firewall.
The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.
Port 443 is also used for these services:
- WS-Management (also requires port 80 to be open)
- Third-party network management client connection to vCenter Server
- Third-party network management clients access to host
|
vCenter Server 6.0 |
514 |
UDP |
Syslog Collector |
Syslog Collector |
vSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance |
vCenter Server 6.0 |
636 |
TCP |
Platform Service Controller |
Management Nodes |
For vCenter Server Enhanced Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it might be preferable to
remove it or change its port to a different port.
You can run the SSL service on any port from 1025through
65535. This port is also used during install to verify SSL certificates. |
vCenter Server 6.0 |
902 |
TCP/UDP |
vCenter Server |
ESXi 6.0/5.x |
The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port
902to the vCenter Server system.
This port must not be blocked by firewalls between the server and the hosts or between hosts.
Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this port to display virtual machine consoles. |
vCenter Server 6.0 |
10080 |
TCP |
vCenter Server |
Inventory Service |
vCenter Server vCenter Inventory Service HTTP |
vCenter Server 6.0 |
1514 |
TCP/UDP |
Syslog Collector |
Syslog Collector |
vSphere Syslog Collector TLS port for vCenter Server on Windows and vSphere Syslog Service TLS port for vCenter Server Appliance |
vCenter Server 6.0 |
2012 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
Control interface RPC for vCenter Single Sign-On(SSO). |
vCenter Server 6.0 |
2014 |
TCP |
vCenter Server (Tomcat Server settings) |
vCenter Single Sign-On |
RPC port for all VMCA (VMware Certificate Authority) APIs. |
vCenter Server 6.0 |
2020 |
TCP/UDP |
vCenter Server |
vCenter Server |
Authentication framework management |
vCenter Server 6.0 |
6500 |
TCP/UDP |
vCenter Server |
ESXi host |
ESXi Dump Collector port |
vCenter Server 6.0 |
6501 |
TCP |
Auto Deploy service |
ESXi Host |
Auto Deploy service |
vCenter Server 6.0 |
6502 |
TCP |
Auto Deploy Manager |
vSphere Client |
Auto Deploy management |
vCenter Server 6.0 |
7444 |
TCP |
|
|
Secure Token Service |
vCenter Server 6.0 |
8009 |
TCP |
vCenter Server |
vCenter Server |
AJP Port |
vCenter Server 6.0 |
8089 |
TCP |
vCenter Server |
vCenter Server |
SDK Tunneling Port |
vCenter Server 6.0 |
9443 |
TCP |
vSphere Web Client Server |
vSphere Web Client |
vSphere Web Client HTTPS |
vCenter Server 6.0 |
11711 |
TCP |
vCenter Single Sign-On |
vCenter Single Sign-On |
VMware Directory service (vmdir) LDAP |
vCenter Server 6.0 |
11712 |
TCP |
vCenter Single Sign-On |
vCenter Single Sign-On |
VMware Directory service (vmdir) LDAPS |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x |
22 |
TCP |
Client PC |
vRealize Infrastructure Navigator Appliance |
Enables SSH access tovRealize Infrastructure Appliance |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x |
80 |
TCP |
vRealize Infrastructure (formerly known as vCenter Infrastructure Navigator) Navigator |
vSphere Web service API |
HTTP web service |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x |
443 |
TCP |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) |
vSphere Web service API |
HTTPS web service |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x |
443 |
TCP |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) |
ESXi/ESX hosts and virtual machines |
VIX protocol on target hosts to perform discovery |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x |
902 |
TCP |
vRealize Infrastructure Navigator |
ESXi/ESX hosts and virtual machines |
VIX protocol on target hosts to perform discovery |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x |
2868 |
TCP |
vCenter Server |
vRealize Infrastructure (formerly known as vCenter Infrastructure Navigator) Navigator |
Plug-in downloads. This download happens as part of the registration process. |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x |
6969 |
TCP |
vCenter Server |
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) |
Connectivity from vSphere Web Client to vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) |
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x |
22 |
TCP |
SSH Client |
vRealize Log Insight (formerly known as vCenter Log Insight) |
Secure Shell (SSH) access to the vRealize Log Insight (formerly known as vCenter Log Insight) virtual appliance |
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x |
25 |
TCP |
vRealize Log Insight (formerly known as vCenter Log Insight) |
SMTP Server |
Email notifications from vRealize Log Insight (formerly known as vCenter Log Insight) to a configured mail server |
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x |
514 |
UDP |
Syslog Client |
vRealize Log Insight (formerly known as vCenter Log Insight) |
Remote Syslog logging |
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x |
514 |
TCP |
Syslog Client |
vRealize Log Insight (formerly known as vCenter Log Insight) |
Remote Syslog logging |
Realize Log Insight (formerly known as vCenter Log Insight) 1.x |
1514 |
TCP |
Syslog Client |
vRealize Log Insight (formerly known as vCenter Log Insight) |
SSL Encrypted Remote Syslog logging |
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x |
445 |
UDP |
vRealize Log Insight (formerly known as vCenter Log Insight) |
MS Directory Services Server |
Connection to a Domain Controller for Active Directory Authentication |
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x |
80 |
TCP |
HTTP Client |
vRealize Log Insight (formerly known as vCenter Log Insight) |
vRealize Log Insight (formerly known as vCenter Log Insight) Web Interface. Redirects to encrypted web interface |
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x |
443 |
TCP |
HTTP Client |
vRealize Log Insight (formerly known as vCenter Log Insight) |
vRealize Log Insight (formerly known as vCenter Log Insight) Web Interface Encrypted |
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x |
123 |
UDP |
vRealize Log Insight (formerly known as vCenter Log Insight) |
NTP Server |
Time synchronization with NTP server |
vCloud Usage Meter |
80 |
TCP |
vCloud Usage Meter |
vCenter Server |
This is for vSphere API |
vCloud Usage Meter |
443 |
TCP |
vCloud Usage Meter |
vCenter Server |
This is for vSphere API |
vCloud Usage Meter |
5480 |
TCP |
vCenter Update Manager |
vCloud Usage Meter |
This is used for virtual appliance updates |
vCloud Usage Meter |
8443 |
TCP |
Client Browser |
vCloud Usage Meter |
This is for WebApp |
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) |
22 |
TCP |
SSH Client |
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual appliance |
Enables SSH access to the vRealize Operations Manager Standard (formerly known as vCenter Operations Manager Standard) virtual appliance |
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) |
443 |
TCP |
Browser or vSphere Client plugin |
vRealize Operations Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual appliance |
HTTPS server port for the vRealize Operations Manager Standard (formerly known as vCenter Operations Manager Standard) Administration page |
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) |
5480 |
TCP |
Browser |
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual appliance |
HTTPS server port for the VMware Studio Web console to administer the virtual appliance |
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x ) |
80 |
TCP |
Browser |
vRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM |
HTTP server port that unconditionally redirects to HTTPS port |
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x ) |
443 |
TCP |
- Browser or vSphere Client plugin
- vRealize Operations Manager UI VM, vRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VM
|
- vRealize Operations Manager UI VM
- vCenter Server
|
- HTTPS server port for the vRealize Operations Manager (formerly known as vCenter Operations Manager) UIs: Administration, vSphere, and Custom
- UI VM: Registration of vRealize Operations Manager (formerly known as vCenter Operations Manager) as an extension to vCenter, Analytics VM: Collecting metric data from vCenter Server.
|
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x ) |
22 |
TCP |
SSH Client |
vRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM, vRealize Operations Manager Analytics VM |
Enables SSH access to the vRealize Operations Manager (formerly known as vCenter Operations Manager) virtual appliance |
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x ) |
1194 |
TCP |
vRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VM |
vRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM |
Open VPN tunnel for communication between the two VMs |
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) |
443 |
TCP |
vRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM, vRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VM |
vCenter Server |
UI VM: Registration of vRealize Operations Manager as an extension to vCenter, Analytics VM: Collecting metric data from vCenter |
vRealize Operations Manager (Standalone) 5.x |
80 |
TCP |
Browser |
vRealize Operations Manager (formerly known as vCenter Operations Manager) (Standalone) |
(If chosen during configuration) HTTP port to access vRealize Operations Manager (formerly known as vCenter Operations Manager) UI |
vRealize Operations Manager (Standalone) 5.x |
443 |
TCP |
Browser |
vRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone) ) |
(If chosen during configuration) HTTPS port to access vRealize Operations Manager (formerly known as vCenter Operations Manager) UI |
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) |
1199 |
TCP |
vRealize Operations Manager (formerly known as vCenter Operations Manager) remote collector |
vRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone)) |
Heartbeat connection between remote collector and main vRealize Operations Manager (formerly known as vCenter Operations Manager) server |
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) |
61616 |
TCP |
vRealize Operations Manager (formerly known as vCenter Operations Manager) remote collector |
vRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone)) |
Connection between remote collector and ActiveMQ component on the main vRealize Operations Manager (formerly known as vCenter Operations Manager) server |
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) |
443 |
TCP |
vRealize Operations Manager (formerly known as vCenter Operations Manager) local/remote collector |
vCenter Server |
Connection between remote collector and ActiveMQ component on the main vRealize Operations Manager (formerly known as vCenter Operations Manager) server |
vRealize Operations Manager(Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) |
10443 |
TCP |
vRealize Operaions Manager (formerly known as vCenter Operations Manager) Analytics VM |
vCenter Server |
vCenter Inventory Service HTTPS |
vRealize Operations Manager 6.x |
22 |
TCP |
SSH Client |
vRealize Operations Manager |
Used for SSH access to the vRealize Operations Manager cluster. |
vRealize Operations Manager 6.x |
80 |
TCP |
Browser |
vRealize Operations Manager |
Redirects to port 443. |
vRealize Operations Manager 6.x |
123 |
UDP |
vRealize Log Insight |
NTP Server |
Used by vRealize Operations Manager for Network Time Protocol (NTP) synchronization to the master node. |
vRealize Operations Manager 6.x |
443 |
TCP |
Browser |
vRealize Operations Manager |
Used to access the vRealize Operations Manager product user interface and the vRealize Operations Manager administrator interface. |
vRealize Operations Manager 6.x |
1235 |
TCP |
vRealize Operation Manager 6.0 nodes |
vRealize Operation Manager 6.0 nodes |
Used by all nodes in the cluster to transmit resource data and key-value data for the Global xDB database instance. |
vRealize Operations Manager 6.x |
3091-3094 |
TCP |
When Horizon View (V4V) |
vRealize Operations Manager |
When Horizon View (V4V) is installed, used to access data for vRealize Operations Manager from V4V. |
vRealize Operations Manager 6.x |
6061 |
TCP |
vRealize Operations Manager 6.x clients |
vRealize Operation Manager 6.x nodes |
Used by clients to connect to the GemFire Locator to get connection information to servers in the distributed system. Also monitors server load to send clients to the least-loaded servers. |
vRealize Operations Manager 6.x |
10000-10010 |
TCP/UDP |
vRealize Operation Manager 6.x nodes |
vRealize Operation Manager 6.x nodes |
GemFire Server ephemeral port range used for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system. |
vRealize Operations Manager 6.x |
20000-20010 |
TCP/UDP |
vRealize Operation Manager 6.x nodes |
vRealize Operation Manager 6.x nodes |
GemFire Locator ephemeral port range used for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system. |
View 3.x |
3389 |
TCP |
Thin Client |
ESX host |
RDP Protocol |
View 3.x |
18443 |
TCP |
View Connection Server/View Manager |
vCenter Server |
View Composer |
View 3.x |
32111 |
TCP |
View Agent (Virtual Desktop) |
View Client |
USB Device Communication |
View 3.x |
32111 |
TCP |
View Client |
View Agent (Virtual Desktop) |
USB Device Communication |
View 4.0.x |
902 |
TCP |
View Client/View Client with Offline Desktop |
ESX Host |
(Optional) View Client with Offline Desktop data is downloaded and uploaded through this port. |
View 4.0.x |
3268 |
TCP |
View/VDM Connection Server/View Manager |
Active Directory Server |
Global Catalog Server |
View 4.0.x |
3269 |
TCP |
View/VDM Connection Server/View Manager |
Active Directory Server |
Global Catalog Server |
View 4.0.x |
3389 |
TCP |
Thin Client |
ESX host |
RDP Protocol |
View 4.0.x |
9427 |
TCP |
View Client/View Client with Offline Desktop |
View Agent (Virtual Desktop) |
(Optional) Multimedia Redirection (MMR). MMR is supported by View Client and View Client with Offline Desktop on certain operating systems. |
View 4.0.x |
18443 |
TCP |
View Connection Server/View Manager |
vCenter Server |
View Composer |
View 4.0.x |
50002 |
TCP/UDP |
View Agent (Virtual Desktop) |
View Client |
PCoIP (AES 128-bit encryption) |
View 4.0.x |
50002 |
TCP/UDP |
View Client |
View Agent (Virtual Desktop) |
PCoIP (AES 128-bit encryption) |
View 4.5.x |
- |
- |
- |
- |
For more information, see
Network connectivity requirements for VMware View Manager 4.5 and later (1027217). |
View 4.5.x |
80/443 |
TCP |
View Client with Local Mode |
View Transfer Server |
HTTP(S) access via direct connection for downloading and uploading Local Mode data |
View 4.5.x |
80/443 |
TCP |
Security Server |
View Transfer Server |
HTTP(S) access via tunnel connection for downloading and uploading Local Mode data |
View 4.5.x |
902 |
TCP |
View Connection Server |
ESX Host |
Used when checking out local desktops. Must be accessible on your ESX host when using View Client with Local Mode. |
View 4.5.x |
902 |
TCP |
View Transfer Server |
ESX Host |
Publishing View Composer packages for Local Mode |
View 4.5.x |
4001 |
TCP |
View Connection Server |
View Transfer Server |
Required by JMS for Local Mode |
View 4.5.x |
4172 |
TCP/UDP |
View Client |
View Agent (Virtual Desktop) |
PCoIP (AES 128-bit encryption) |
View 4.5.x |
50002 |
UDP |
View Client |
View Agent (Virtual Desktop) |
PCoIP (AES 128-bit encryption) |
View 4.6.x |
- |
- |
- |
- |
For more information, see
Network connectivity requirements for VMware View Manager 4.5 and later (1027217). |
View 4.6.x |
80/443 |
TCP |
View Client with Local Mode |
View Transfer Server |
HTTP(S) access via direct connection for downloading and uploading Local Mode data |
View 4.6.x |
80/443 |
TCP |
Security Server |
View Transfer Server |
HTTP(S) access via direct connection for downloading and uploading Local Mode data |
View 4.6.x |
902 |
TCP |
View Connection Server |
ESX Host |
Used when checking out local desktops. Must be accessible on your ESX host when using View Client with Local Mode. |
View 4.6.x |
902 |
TCP |
View Transfer Server |
ESX Host |
Publishing View Composer packages for Local Mode |
View 4.6.x |
4001 |
TCP |
View Connection Server |
View Transfer Server |
Required by JMS for Local Mode |
View 4.6.x |
4172 |
TCP/UDP |
View Client |
View Agent (Virtual Desktop) |
PCoIP (AES 128-bit encryption) |
View 4.6.x |
50002 |
UDP |
View Client |
View Agent (Virtual Desktop) |
PCoIP (AES 128-bit encryption) |
View 5.x |
- |
- |
- |
- |
For more information, see
Network connectivity requirements for VMware View Manager 4.5 and later (1027217). |
View 5.x |
80/443 |
TCP |
View Client with Local Mode |
View Transfer Server |
HTTP(S) access via direct connection for downloading and uploading Local Mode data |
View 5.x |
80/443 |
TCP |
Security Server |
View Transfer Server |
HTTP(S) access via direct connection for downloading and uploading Local Mode data |
View 5.x |
902 |
TCP |
View Connection Server |
ESXi Host |
Used when checking out local desktops. Must be accessible on your ESXi host when using View Client with Local Mode. |
View 5.x |
902 |
TCP |
View Transfer Server |
ESXi Host |
Publishing View Composer packages for Local Mode |
View 5.x |
902 |
TCP |
View Composer Server |
ESXi Host |
Used when View Composer customizes linked-clone disks, including View Composer internal disks and, if they are specified, persistent disks and system disposable disks. |
View 5.x |
4001 |
TCP |
View Connection Server |
View Transfer Server |
Required by JMS for Local Mode |
View 5.x |
4172 |
TCP/UDP |
View Client |
View Agent (Virtual Desktop) |
PCoIP (AES 128-bit encryption) |
View 5.x |
50002 |
UDP |
View Client |
View Agent (Virtual Desktop) |
PCoIP (AES 128-bit encryption) |
View/VDM 2.x |
80 |
TCP |
View/VDM Client |
View/VDM Security Server |
VDM Access (not required if only HTTPS is to be supported) |
View/VDM 2.x |
80 |
TCP |
Client PC |
View/VDM Security Server |
VDM Web Access (not required if only HTTPS is to be supported). The Security Server used as a proxy in a DMZ to allow for external connections in. The View Manager/Connection Broker has an ADAM instance on it. |
View/VDM 2.x |
80 |
TCP |
View/VDM Client |
View/VDM Connection Server |
VDM Access (not required if only HTTPS is to be supported) |
View/VDM 2.x |
80 |
TCP |
Client PC |
View/VDM Connection Server |
VDM Web Access (not required if only HTTPS is to be supported). |
View/VDM 2.x |
88 |
UDP |
View/VDM Connection Server/View Manager |
Active Directory Server |
AD Authentication |
View/VDM 2.x |
88 |
TCP |
View/VDM Connection Server/View Manager |
Active Directory Server |
AD Authentication |
View/VDM 2.x |
389 |
TCP/UDP |
View/VDM Connection Server/View Manager |
LDAP Server |
LDAP Authentication |
View/VDM 2.x |
443 |
TCP |
View/VDM Client |
View/VDM Security Server |
VDM Access |
View/VDM 2.x |
443 |
TCP |
Client PC |
View/VDM Connection Server/View Manager |
VDM Web Access and VDM Administration |
View/VDM 2.x |
443 |
TCP |
Thin Client |
View/VDM Connection Server/View Manager |
VDM API |
View/VDM 2.x |
443 |
TCP |
View/VDM Client |
View/VDM Connection Server/View Manager |
VDM Access |
View/VDM 2.x |
443 |
TCP |
Client PC |
View/VDM Security Server |
VDM Web Access (Web Browser) |
View/VDM 2.x |
443 |
TCP |
View/VDM Connection Server/View Manager |
vCenter Server |
VDM to vCenter communication |
View/VDM 2.x |
445 |
UDP |
View/VDM Connection Server/View Manager |
Active Directory Server |
AD Authentication |
View/VDM 2.x |
445 |
TCP |
View/VDM Connection Server/View Manager |
Active Directory Server |
AD Authentication |
View/VDM 2.x |
1024 to 65535 |
TCP |
View/VDM Connection Server/View Manager |
Virtual Desktop VM (View/VDM Agent) |
Ephemeral Ports. A short-lived connection between View Manager and the virtual desktop |
View/VDM 2.x |
1024 to 65535 |
TCP |
View/VDM Connection Server/View Manager |
View/VDM Connection Server/View Manager |
This is required for ADAM replication between VDM Connection Servers. With a Registry entry, this can be fixed to a defined set of ports, but by default it is a random TCP high port |
View/VDM 2.x |
3389 |
TCP |
View/VDM Security Server |
Virtual Desktop VM (View/VDM Agent) |
Tunneled RDP Connection (RSA RC4 encryption, can be set High/Medium/Low)
High: Encrypts both the data sent from client to server and the data sent from server to client using a 128-bit key.
Medium: Encrypts both the data sent from client to server and the data sent from server to client using a 56-bit key if the client is a Windows 2000 or above client, or a 40-bit key if the client is an earlier version.
Low: Encrypts only the data sent from client to server, using either a 56- or 40-bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server. |
View/VDM 2.x |
3389 |
TCP |
Client PC/Thin Client/View/VDM Client |
Virtual Desktop VM (View/VDM Agent) |
Direct RDP Connection (RSA RC4 encryption, can be set High/Medium/Low).
High: Encrypts both the data sent from client to server and the data sent from server to client using a 128-bit key.
Medium: Encrypts both the data sent from client to server and the data sent from server to client using a 56-bit key if the client is a Windows 2000 or above client, or a 40-bit key if the client is an earlier version.
Low: Encrypts only the data sent from client to server, using either a 56- or 40-bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server. |
View/VDM 2.x |
4001 |
TCP |
View/VDM Security Server |
View/VDM Connection Server/View Manager |
Java Messenger Service (JMS) |
View/VDM 2.x |
4001 |
TCP |
View/VDM Connection Server/View Manager |
View/VDM Security Server |
Java Messenger Service (JMS) |
View/VDM 2.x |
4001 |
TCP |
Virtual Desktop VM (View/VDM Agent) |
View/VDM Connection Server/View Manager |
Java Messenger Service (JMS) |
View/VDM 2.x |
4100 |
TCP |
View/VDM Connection Server/View Manager |
View/VDM Connection Server/View Manager |
Java Messenger Service (JMS) inter-router traffic |
View/VDM 2.x |
8009 |
TCP |
View/VDM Security Server |
View/VDM Connection Server/View Manager |
Apache Jserv Protocol (AJP) |
View/VDM 2.x |
8009 |
TCP |
View/VDM Connection Server/View Manager |
View/VDM Security Server |
Apache Jserv Protocol (AJP) |
View/VDM 2.x |
42966 |
TCP |
View Client/View Client with Offline Desktop |
ESX Host |
(Optional) Hewlett-Packard RGS Sender Application is the server-side component of the HP RGS remote display protocol |
VMware vCenter Chargeback 1.5 |
8080 |
TCP |
Client |
VMWare vCenter Chargeback Server |
HTTP |
VMware vCenter Chargeback 1.5 |
8009 |
TCP |
Client |
VMWare vCenter Chargeback Server |
Load Balancer |
VMware vCenter Chargeback 1.5 |
443 |
TCP |
Client |
VMWare vCenter Chargeback Server |
HTTPS |
VMware vCenter Chargeback 1.5 |
25 |
TCP |
Client |
VMWare vCenter Chargeback Server |
SMTP |
VMware vCenter Chargeback 1.5 |
389 |
TCP/UDP |
Client |
VMWare vCenter Chargeback Server |
LDAP |
Virtual SAN |
2233 |
TCP |
ESXi host |
ESXi host |
Inter Node Communication port |
Virtual SAN |
12345 |
UDP |
ESXi host |
ESXi host |
Cluster Management – Multicast |
Virtual SAN |
23451 |
UDP |
ESXi host |
ESXi host |
Cluster Management – Multicast |
Virtual SAN |
8080 |
TCP |
VMware vSphere Profile-Driven Storage Service |
ESXi host |
Virtual SAN VASA Provider |
vShield 1.x |
22 |
TCP |
vShield Manager |
vShield agent |
SSH traffic passing from vShield Manager to vShield agents |
vShield 1.x |
123 |
UDP |
vShield Time Synchronization |
vShield Manager (NTP Server) |
NTP time synchronization with vShield Manager server |
vShield 1.x |
443 |
TCP |
Web browser/Client access |
vShield Manager |
Web browser using HTTPS to access vShield Manager user interface |
vShield 1.x |
1162 |
UDP |
vShield Zones |
vShield Manager |
Sends SNMP trap messages from vShield agents to vShield Manager |
vShield 4.x |
22 |
TCP |
vShield Manager |
vShield agent |
SSH traffic passing from vShield Manager to vShield agents |
vShield 4.x |
123 |
UDP |
vShield Time Synchronization |
vShield Manager (NTP Server) |
NTP time synchronization with vShield Manager server |
vShield 4.x |
443 |
TCP |
Web browser/Client access |
vShield Manager |
Web browser using HTTPS to access vShield Manager user interface |
vShield 4.x |
1162 |
UDP |
vShield Zones |
vShield Manager |
Sends SNMP trap messages from vShield agents to vShield Manager |
vSphere Management Assistant |
443 |
TCP |
vSphere Management Assistant |
ESX Host |
For SDK traffic |
EVO:RAIL 1.x |
7443 |
TCP |
Client PC |
vCenter Server (EVO:RAIL) |
EVO:RAIL Configuration & Management UI |
EVO:RAIL 1.x |
9443 |
TCP |
Client PC |
vCenter Server |
vSphere Web Client Access |
EVO:RAIL 1.x |
5353 |
UDP |
ESXi host/vCenter Server |
ESXi host/vCenter Server |
Loudmouth auto-discovery |
EVO:RAIL 2.0 |
443 |
TCP |
Client PC |
EVO:RAIL |
EVO:RAIL Configuration & Management UI |
EVO:RAIL 2.0 |
443 |
TCP |
Client PC |
vCenter Server |
vSphere Web Client Access |
EVO:RAIL 2.0 |
5353 |
UDP |
ESXi host/vCenter Server |
ESXi host/vCenter Server |
Loudmouth auto-discovery |