Note: Ports used with the Virtual Infrastructure / vSphere Client are listed in a separate table at the end of this article.
VI / vSphere Client ports:
| Product | Port | Protocol | Source | Target | Purpose |
| AppSpeed | 80 | TCP | AppSpeed Server | vCenter Server 4 | vCenter proxy interface. Used only during setup to verify the proxy is setup correctly. Port 80 is the default Web Service Port, but a different TCP port can be configured in vCenter Server 4. |
| AppSpeed | 443 | TCP | AppSpeed Server | vCenter Server 4 | Default port for communications. A different TCP port can be configured in vCenter Server 4. |
| AppSpeed | 22 | TCP | AppSpeed Server | AppSpeed Probe | Connections to the probes to access the probes outside of the VPN. |
| AppSpeed | 123 | TCP | AppSpeed Server | AppSpeed Probe | NTP services |
| AppSpeed | 1194 | TCP/UDP | AppSpeed Server | AppSpeed Probe | Communications over OpenVPN |
| Auto Deploy Server# | 6501 | TCP | ESXi | vCenter Server | Auto Deploy service |
| Auto Deploy Server | 6502 | TCP | ESXi | vCenter Server | Auto Deploy management |
| Consolidated Backup# | 443 | TCP | VCB Proxy Server | vCenter Server | Required for VCB and vcbMounter communication and backup processes |
| Consolidated Backup | 443 | TCP | VCB Proxy Server | ESXi/ESX Host | Required for VCB and vcbMounter communication and backup processes |
| Converter 3.x# | 137 | UDP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 3.x | 138 | UDP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 3.x | 139 | TCP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 3.x | 443 | TCP | Source Computer to be converted | ESXi/ESX Host | Required for destination VM access when target is ESXi/ESX/vCenter |
| Converter 3.x | 443 | TCP | Source Computer to be converted | vCenter Server | Required if vCenter Server is the conversion target |
| Converter 3.x | 443 | TCP | vCenter Converter Server | vCenter Server | Required if vCenter Server is the conversion target |
| Converter 3.x | 443 | TCP | vCenter Converter Server | ESXi/ESX Host | Required for system conversion |
| Converter 3.x | 445 | TCP | vCenter Converter Server | Source Computer to be converted | Required for system conversion. Not required if the source computer uses NetBIOS |
| Converter 3.x | 902 | TCP | Source Computer to be converted | ESXi/ESX Host | Required for data transport during cloning of system to be converted to target ESXi/ESX Host |
| Converter 4.x# | 22 | TCP | Helper Virtual Machine | Source Computer to be converted | Required for conversion of Linux-based source computers (data flows from source to VM) |
| Converter 4.x | 22 | TCP | vCenter Converter Server | Source Computer to be converted | Required for conversion of Linux-based source computers |
| Converter 4.x | 137 | UDP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 4.x | 138 | UDP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 4.x | 139 | TCP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 4.x | 443 | TCP | vCenter Converter Client | vCenter Converter Server | Only required if the Converter Client and Converter Server were installed on different systems |
| Converter 4.x | 443 | TCP | Source Computer to be converted | ESXi/ESX Host | Required for destination VM access when target is ESXi/ESX/vCenter |
| Converter 4.x | 443 | TCP | Source Computer to be converted | vCenter Server | Required if vCenter Server is the conversion target |
| Converter 4.x | 443 | TCP | vCenter Converter Server | vCenter Server | Required if vCenter Server is the conversion target |
| Converter 4.x | 443 | TCP | vCenter Converter Server | ESXi/ESX Host | Required for system conversion |
| Converter 4.x | 443 | TCP | vCenter Converter Server | Helper Virtual Machine | Required for conversion of Linux-based source computers |
| Converter 4.x | 445 | TCP | vCenter Converter Server | Source Computer to be converted | Required for system conversion. Not required if the source computer uses NetBIOS |
| Converter 4.x | 902 | TCP | Source Computer to be converted | ESXi/ESX Host | Required for data transport during cloning of system to be converted to target ESXi/ESX Host |
| Converter 4.x | 9089, 9090 | TCP | vCenter Converter Server | Source Computer to be converted | Required for system conversion. Remote agent deployment |
| Converter 5.x# | 22 | TCP | Converter Standalone server | powered-on source machine | Used to establish an SSH connection between the Converter Standalone server and the source Linux machine |
| Converter 5.x | 137 | UDP | Converter Standalone server | powered-on source machine | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 5.x | 138 | UDP | Converter Standalone server | powered-on source machine | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 5.x | 139 | TCP | Converter Standalone server | powered-on source machine | For hot migration. Not required if the source computer does not use NetBIOS |
| Converter 5.x | 443 | TCP | Converter Standalone server | vCenter Server | Required only if theconversion destination is a vCenter Server |
| Converter 5.x | 443 | TCP | Converter Standalone client | Converter Standalone server | Required only if the Converter Standalone server and Linux client components are on different machines |
| Converter 5.x | 443 | TCP | Converter Standalone client | vCenter server | Required only if the Converter Standalone server and client components are on different machines |
| Converter 5.x | 22 | TCP | Powered-on Source Linux machine | ESXi/ESX Host | Uses secure connection port 22 to Host |
| Converter 5.x | 443, 902 | TCP | Powered-on Source Windows machine | ESXi/ESX Host | Required for data transfer to destination ESXi/ESX host |
| Converter 5.x | 445 | TCP | Converter Standalone server | powered-on source machine | Required for system conversion. Not required if the source computer uses NetBIOS |
| Converter 5.x | 9089 | TCP | Converter Standalone server | powered-on source machine | Required for system conversion. Remote agent deployment |
| Data Recovery# | 443 | TCP | Data Recovery Appliance | vCenter Server | VDR to vCenter Server communications |
| Data Recovery | 902 | TCP | Data Recovery Appliance | ESX Host | VDR to ESX communications |
| Data Recovery | 22024 | TCP | Data Recovery vSphere Client Plug-in | Data Recovery Appliance | Data Recovery management |
| ESX 3.x | 21 | TCP | FTP Client | ESX Host | FTP |
| ESX 3.x | 21 | TCP | ESX Host | FTP Server | FTP |
| ESX 3.x | 22 | TCP | SSH Client | ESX Host | SSH |
| ESX 3.x | 22 | TCP | ESX Host | SSH Server | SSH |
| ESX 3.x | 53 | UDP | ESXi/ESX Host | DNS Server | DNS |
| ESX 3.x | 80 | TCP | Client PC | ESXi/ESX Host | Redirect Web Browser to HTTPS Service (443) |
| ESX 3.x | 88 | TCP | ESX Host | Active Directory Server | PAM Active Directory Authentication - Kerberos |
| ESX 3.x | 111 | UDP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESX 3.x | 111 | TCP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESX 3.x | 123 | UDP | ESXi/ESX Host | NTP Time Server | NTP Client |
| ESX 3.x | 137 to 139 | TCP | ESX Host | SMB Server | SMB |
| ESX 3.x | 161 | UDP | SNMP Server | ESX Host | SNMP Polling |
| ESX 3.x | 162 | UDP | ESX Host | SNMP Collector | SNMP Trap Send |
| ESX 3.x | 389 | TCP/UDP | ESX Host | LDAP Server | PAM Active Directory Authentication – LDAP |
| ESX 3.x | 427 | UDP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESX 3.x | 427 | TCP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESX 3.x | 443 | TCP | Client PC | ESX Host | Host VI Management via web browser |
| ESX 3.x | 443 | TCP | VI / vSphere Client | ESXi/ESX Host | VI / vSphere Client to ESXi/ESX Host management connection |
| ESX 3.x | 443 | TCP | ESXi/ESX Host | ESXi/ESX Host | Host to host VM migration and provisioning |
| ESX 3.x | 445 | TCP | ESX Host | SMB Server | SMB |
| ESX 3.x | 445 | TCP | ESX Host | MS Directory Services Server | PAM Active Directory Authentication |
| ESX 3.x | 445 | UDP | ESX Host | MS Directory Services Server | PAM Active Directory Authentication |
| ESX 3.x | 464 | TCP | ESX Host | Active Directory Server | PAM Active Directory Authentication – Kerberos Password Services |
| ESX 3.x | 514 | UDP | ESXi/ESX Host | Syslog Server | Remote syslog logging |
| ESX 3.x | 902 | TCP | VI /vSphere Client | ESXi/ESX Host | VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS) |
| ESX 3.x | 902 | TCP/UDP | ESXi/ESX Host | ESXi/ESX Host | Authentication, Provisioning, VM Migration |
| ESX 3.x | 902 | TCP/UDP | ESXi/ESX Host | Virtual Center 3.x/ vCenter Server 4.x | Heartbeat |
| ESX 3.x | 903 | TCP | VI / vSphere Client | ESXi/ESX Host | VM Remote Console |
| ESX 3.x | 2049 | UDP | ESXi/ESX Host | NFS Server | NFS Client |
| ESX 3.x | 2049 | TCP | ESXi/ESX Host | NFS Server | NFS Client |
| ESX 3.x | 2050 to 2250 | UDP | ESXi/ESX Host | ESXi/ESX Host | VMware HA |
| ESX 3.x | 3260 | TCP | ESXi/ESX Host | iSCSI SAN | Software iSCSI Client and Hardware iSCSI HBA |
| ESX 3.x | 5988 | TCP | ESXi/ESX Host | ESXi/ESX Host | CIM Client to CIM Secure Server |
| ESX 3.x | 5989 | TCP | ESXi/ESX Host | VirtualCenter/vCenter Server | CIM Secure Server to CIM Client |
| ESX 3.x | 5989 | TCP | VirtualCenter/vCenter Server | ESXi/ESX Host | CIM Client to CIM Secure Server |
| ESX 3.x | 8000 | TCP | ESXi/ESX Host (VM Target) | ESXi/ESX Host (VM Source) | VMotion Communication on VMKernel Interface |
| ESX 3.x | 8000 | TCP | ESXi/ESX Host (VM Source) | ESXi/ESX Host (VM Target) | VMotion Communication on VMKernel Interface |
| ESX 3.x | 8042 to 8045 | TCP | ESXi/ESX Host | ESXi/ESX Host | VMware HA |
| ESX 3.x | 27000 | TCP | ESXi/ESX Host | VMware License Server | ESXi/ESX 3.x Host to License Server communication |
| ESX 3.x | 27010 | TCP | ESXi/ESX Host | VMware License Server | ESXi/ESX 3.x Host to License Server communication |
| ESX 4.x# | 21 | TCP | FTP Client | ESX Host | FTP |
| ESX 4.x | 21 | TCP | ESX Host | FTP Server | FTP |
| ESX 4.x | 22 | TCP | ESX Host | SSH Server | SSH |
| ESX 4.x | 22 | TCP | SSH Client | ESX Host | SSH |
| ESX 4.x | 53 | UDP | ESXi/ESX Host | DNS Server | DNS |
| ESX 4.x | 80 | TCP | Client PC | ESXi/ESX Host | Redirect Web Browser to HTTPS Service (443) |
| ESX 4.x | 88 | TCP | ESX Host | Active Directory Server | PAM Active Directory Authentication - Kerberos |
| ESX 4.x | 111 | UDP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESX 4.x | 111 | TCP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESX 4.x | 123 | UDP | ESXi/ESX Host | NTP Time Server | NTP Client |
| ESX 4.x | 137 to 139 | TCP | ESX Host | SMB Server | SMB |
| ESX 4.x | 161 | UDP | SNMP Server | ESX Host | SNMP Polling |
| ESX 4.x | 162 | UDP | ESX Host | SNMP Collector | SNMP Trap Send |
| ESX 4.x | 389 | TCP/UDP | ESX Host | LDAP Server | PAM Active Directory Authentication – LDAP |
| ESX 4.x | 427 | UDP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESX 4.x | 427 | TCP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESX 4.x | 443 | TCP | ESXi/ESX Host | ESXi/ESX Host | Host to Host VM migration and provisioning |
| ESX 4.x | 443 | TCP | Client PC | ESX Host | Host VI Management via web browser |
| ESX 4.x | 443 | TCP | vSphere Client | ESXi/ESX Host | vSphere Client to ESXi/ESX Host management connection |
| ESX 4.x | 445 | UDP | ESX Host | MS Directory Services Server | PAM Active Directory Authentication |
| ESX 4.x | 445 | TCP | ESX Host | MS Directory Services Server | PAM Active Directory Authentication |
| ESX 4.x | 445 | TCP | ESX Host | SMB Server | SMB |
| ESX 4.x | 464 | TCP | ESX Host | Active Directory Server | PAM Active Directory Authentication – Kerberos Password Services |
| ESX 4.x | 514 | UDP | ESXi/ESX Host | Syslog Server | Remote syslog logging |
| ESX 4.x | 902 | TCP | vSphere Client | ESXi/ESX Host | vSphere Client to ESXi/ESX hosted VM connectivity (MKS) |
| ESX 4.x | 902 | TCP/UDP | ESXi/ESX Host | ESXi/ESX Host | Authentication, Provisioning, VM Migration |
| ESX 4.x | 902 | TCP/UDP | ESXi/ESX Host | vCenter Server 4.x | Heartbeat |
| ESX 4.x | 903 | TCP | VI / vSphere Client | ESXi/ESX Host | VM Remote Console (MKS) |
| ESX 4.x | 1024 (dynamic) | TCP/UDP | ESX Host | Active Directory Server | Bi-directional communication on TCP/UDP ports is required between the ESX host and the Active Directory Domain Controller (via the netlogond process on the ESX host). SeeActive Directory and Active Directory Domain Services Port Requirements and MS article179442. |
| ESX 4.x | 2049 | UDP | ESXi/ESX Host | NFS Server | NFS Client |
| ESX 4.x | 2049 | TCP | ESXi/ESX Host | NFS Server | NFS Client |
| ESX 4.x | 2050 to 2250 | UDP | ESXi/ESX Host | ESXi/ESX Host | VMware HA |
| ESX 4.x | 3260 | TCP | ESXi/ESX Host | iSCSI SAN | Software iSCSI Client and Hardware iSCSI HBA |
| ESX 4.x | 5900 to 5964 | TCP | ESXi/ESX Host | ESXi/ESX Host | RFB Protocol used by management toolssuch as VNC |
| ESX 4.x | 5988 | TCP | ESXi/ESX Host | ESXi/ESX Host | CIM Client to CIM Secure Server |
| ESX 4.x | 5989 | TCP | VirtualCenter/vCenter | ESXi/ESX Host | CIM Client to CIM Secure Server |
| ESX 4.x | 5989 | TCP | ESXi/ESX Host | VirtualCenter/vCenter | CIM Secure Server to CIM Client |
| ESX 4.x | 8000 | TCP | ESXi/ESX Host (VM Target) | ESXi/ESX Host (VM Source) | VMotion Communication on VMKernel Interface |
| ESX 4.x | 8000 | TCP | ESXi/ESX Host (VM Source) | ESXi/ESX Host (VM Target) | VMotion Communication on VMKernel Interface |
| ESX 4.x | 8042 to 8045 | TCP | ESXi/ESX Host | ESXi/ESX Host | VMware HA |
| ESX 4.x | 47 | UDP | ESXi/ESX Host | Physical Switches | vDS (Virtual Distributed Switch) Broadcast |
| ESX 4.x | 8100 | TCP/UDP | ESXi/ESX 4 Host | ESXi/ESX 4.x Host | VMware Fault Tolerance. ESXi/ESX 4 only. |
| ESX 4.x | 8200 | TCP/UDP | ESXi/ESX 4 Host | ESXi/ESX 4.x Host | VMware Fault Tolerance. ESXi/ESX 4 only. |
| ESX 4.x | 8301 | UDP | ESXi/ESX 4.x Host | ESXi/ESX 4.x | DVS Port Information |
| ESX 4.x | 8302 | UDP | ESXi/ESX 4.x Host | ESXi/ESX 4.x Host | DVS Port Information |
| ESXi 3.x# | 53 | UDP | ESXi/ESX Host | DNS Server | DNS |
| ESXi 3.x | 80 | TCP | Client PC | ESXi/ESX Host | Redirect Web Browser to HTTPS Service (443) |
| ESXi 3.x | 111 | TCP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESXi 3.x | 111 | UDP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESXi 3.x | 123 | UDP | ESXi/ESX Host | NTP Time Server | NTP Client |
| ESXi 3.x | 162 | UDP | ESX Host | SNMP Collector | SNMP Trap Send |
| ESXi 3.x | 427 | UDP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESXi 3.x | 427 | TCP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESXi 3.x | 443 | TCP | VI / vSphere Client | ESXi/ESX Host | VI / vSphere Client to ESXi/ESX Host management connection |
| ESXi 3.x | 443 | TCP | ESXi/ESX Host | ESXi/ESX Host | Host to host VM migration and provisioning |
| ESXi 3.x | 514 | UDP | ESXi/ESX Host | Syslog Server | Remote syslog logging |
| ESXi 3.x | 902 | TCP | VI / vSphere Client | ESXi/ESX Host | VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS/Remote Console) |
| ESXi 3.x | 902 | TCP/UDP | ESXi/ESX Host | ESXi/ESX Host | Authentication, Provisioning, VM Migration |
| ESXi 3.x | 902 | TCP/UDP | ESXi/ESX Host | Virtual Center 3.x/ vCenter Server 4.x | Heartbeat |
| ESXi 3.x | 903 | TCP | VI / vSphere Client | ESXi/ESX Host | VM Remote VM Console (MKS) |
| ESXi 3.x | 2049 | TCP | ESXi/ESX Host | NFS Server | NFS Client |
| ESXi 3.x | 2049 | UDP | ESXi/ESX Host | NFS Server | NFS Client |
| ESXi 3.x | 2050 to 2250 | UDP | ESXi/ESX Host | ESXi/ESX Host | VMware HA |
| ESXi 3.x | 3260 | TCP | ESXi/ESX Host | iSCSI SAN | Software iSCSI Client and Hardware iSCSI HBA |
| ESXi 3.x | 5988 | TCP | ESXi/ESX Host | ESXi/ESX Host | CIM Client to CIM Secure Server |
| ESXi 3.x | 5989 | TCP | VirtualCenter/vCenter | ESXi/ESX Host | CIM Client to CIM Secure Server |
| ESXi 3.x | 5989 | TCP | ESXi/ESX Host | VirtualCenter/vCenter | CIM Secure Server to CIM Client |
| ESXi 3.x | 8000 | TCP | ESXi/ESX Host (VM Target) | ESXi/ESX Host (VM Source) | VMotion Communication on VMKernel Interface |
| ESXi 3.x | 8000 | TCP | ESXi/ESX Host (VM Source) | ESXi/ESX Host (VM Target) | VMotion Communication on VMKernel Interface |
| ESXi 3.x | 8042 to 8045 | TCP | ESXi/ESX Host | ESXi/ESX Host | VMware HA |
| ESXi 3.x | 27000 | TCP | ESXi/ESX Host | VMware License Server | ESXi/ESX 3.x Host to License Server communication |
| ESXi 3.x | 27010 | TCP | ESXi/ESX Host | VMware License Server | ESXi/ESX 3.x Host to License Server communication |
| ESXi 4.x# | 53 | UDP | ESXi/ESX Host | DNS Server | DNS |
| ESXi 4.x | 80 | TCP | Client PC | ESXi/ESX Host | Redirect Web Browser to HTTPS Service (443) |
| ESXi 4.x | 88 | TCP | ESXi host | Active Directory Server | PAM Active Directory Authentication - Kerberos |
| ESXi 4.x | 111 | TCP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESXi 4.x | 111 | UDP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESXi 4.x | 123 | UDP | ESXi/ESX Host | NTP Time Server | NTP Client |
| ESXi 4.x | 161 | UDP | SNMP Server | ESXi 4.x Host | SNMP Polling. Not used in ESXi 3.x |
| ESXi 4.x | 162 | UDP | ESXi Host | SNMP Collector | SNMP Trap Send |
| ESXi 4.x | 389 | TCP/UDP | ESXi host | LDAP Server | PAM Active Directory Authentication - Kerberos |
| ESXi 4.x | 427 | UDP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESXi 4.x | 427 | TCP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESXi 4.x | 443 | TCP | VI / vSphere Client | ESXi/ESX Host | VI / vSphere Client to ESXi/ESX Host management connection |
| ESXi 4.x | 443 | TCP | ESXi/ESX Host | ESXi/ESX Host | Host to host VM migration and provisioning |
| ESXi 4.x | 445 | UDP | ESXi host | MS Directory Services Server | PAM Active Directory Authentication |
| ESXi 4.x | 445 | TCP | ESXi host | MS Directory Services Server | PAM Active Directory Authentication |
| ESXi 4.x | 445 | TCP | ESXi host | SMB Server | SMB Server |
| ESXi 4.x | 464 | TCP | ESXi host | Active Directory Server | PAM Active Directory Authentication - Kerberos |
| ESXi 4.x | 514 | UDP | ESXi/ESX Host | Syslog Server | Remote syslog logging |
| ESXi 4.x | 902 | TCP | VI / vSphere Client | ESXi/ESX Host | VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS/Remote Console) |
| ESXi 4.x | 902 | TCP/UDP | ESXi/ESX Host | ESXi/ESX Host | Authentication, Provisioning, VM Migration |
| ESXi 4.x | 902 | TCP/UDP | ESXi/ESX Host | vCenter 4 Server | Heartbeat |
| ESXi 4.x | 902 | TCP | VI / vSphere Client | ESXi/ESX Host | VM Remote VM Console (MKS) |
| ESXi 4.x | 1024 (dynamic) | TCP/UDP | ESXi Host | Active Directory Server | Bi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). SeeActive Directory and Active Directory Domain Services Port Requirements and MS article179442. |
| ESXi 4.x | 2049 | TCP | ESXi/ESX Host | NFS Server | NFS Client |
| ESXi 4.x | 2049 | UDP | ESXi/ESX Host | NFS Server | NFS Client |
| ESXi 4.x | 2050 to 2250 | UDP | ESXi/ESX Host | ESXi/ESX Host | VMware HA |
| ESXi 4.x | 3260 | TCP | ESXi/ESX Host | iSCSI SAN | Software iSCSI Client and Hardware iSCSI HBA |
| ESXi 4.x | 5900to 5964 | TCP | ESXi/ESX Host | ESXi/ESX Host | RFB Protocol used by management toolssuch as VNC |
| ESXi 4.x | 5988 | TCP | ESXi/ESX Host | ESXi/ESX Host | CIM Client to CIM Secure Server |
| ESXi 4.x | 5989 | TCP | VirtualCenter/vCenter | ESXi/ESX Host | CIM Client to CIM Secure Server |
| ESXi 4.x | 5989 | TCP | ESXi/ESX Host | VirtualCenter/vCenter | CIM Secure Server to CIM Client |
| ESXi 4.x | 8000 | TCP | ESXi/ESX Host (VM Target) | ESXi/ESX Host (VM Source) | VMotion Communication on VMkernel Interface |
| ESXi 4.x | 8000 | TCP | ESXi/ESX Host (VM Source) | ESXi/ESX Host (VM Target) | VMotion Communication on VMkernel Interface |
| ESXi 4.x | 47 | UDP | ESXi/ESX Host | Physical Switches | vDS (Virtual Distributed Switch) Broadcast |
| ESXi 4.x | 8042 to 8045 | TCP | ESXi/ESX Host | ESXi/ESX Host | VMware HA |
| ESXi 4.x | 8100 | TCP/UDP | ESXi/ESX 4 Host | ESXi/ESX 4.x Host | VMware Fault Tolerance. ESXi/ESX 4 only. |
| ESXi 4.x | 8200 | TCP/UDP | ESXi/ESX 4 Host | ESXi/ESX 4.x Host | VMware Fault Tolerance. ESXi/ESX 4 only. |
| ESXi 4.x | 8301 | UDP | ESXi/ESX 4.x Host | ESXi/ESX 4.x Host | DVS Port Information |
| ESXi 4.x | 8302 | UDP | ESXi/ESX 4.x Host | ESXi/ESX 4.x Host | DVS Port Information |
| ESXi 5.x# | 22 | TCP | Client PC | ESXi 5.x | SSH Server |
| ESXi 5.x | 53 | UDP | ESXi 5.x | DNS Server | DNS Client |
| ESXi 5.x | 68 | UDP | ESXi 5.x | DHCP Server | DHCP Client |
| ESXi 5.x | 80 | TCP | Client PC | ESXi 5.x | Redirect Web Browser to HTTPS Service (443) |
| ESXi 5.x | 88 | TCP | ESXi host | Active Directory Server | PAM Active Directory Authentication - Kerberos |
| ESXi 5.x | 111 | TCP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESXi 5.x | 111 | UDP | ESXi/ESX Host | NFS Server | NFS Client – RPC Portmapper |
| ESXi 5.x | 123 | UDP | ESXi/ESX Host | NTP Time Server | NTP Client |
| ESXi 5.x | 161 | UDP | SNMP Server | ESXi 4.x Host | SNMP Polling. Not used in ESXi 3.x |
| ESXi 5.x | 162 | UDP | ESXi Host | SNMP Collector | SNMP Trap Send |
| ESXi 5.x | 389 | TCP/UDP | ESXi host | LDAP Server | PAM Active Directory Authentication - Kerberos |
| ESXi 5.x | 427 | UDP | VI / vSphere Client | ESXi/ESX Host | CIM Service Location Protocol (SLP) |
| ESXi 5.x | 443 | TCP | VI / vSphere Client | ESXi/ESX Host | VI / vSphere Client to ESXi/ESX Host management connection |
| ESXi 5.x | 443 | TCP | ESXi/ESX Host | ESXi/ESX Host | Host to host VM migration and provisioning |
| ESXi 5.x | 445 | UDP | ESXi host | MS Directory Services Server | PAM Active Directory Authentication |
| ESXi 5.x | 445 | TCP | ESXi host | MS Directory Services Server | PAM Active Directory Authentication |
| ESXi 5.x | 445 | TCP | ESXi host | SMB Server | SMB Server |
| ESXi 5.x | 464 | TCP | ESXi hostSee . | Active Directory Server | PAM Active Directory Authentication - Kerberos |
| ESXi 5.x | 514 | UDP/TCP | ESXi 5.x | Syslog Server | Remote syslog logging |
| ESXi 5.x | 902 | TCP/UDP | ESXi 5.x | ESXi 5.x | Host access to other hosts for migration and provisioning |
| ESXi 5.x | 902 | TCP | vSphere Client | ESXi 5.x | vSphere Client access to virtual machine consoles (MKS) |
| ESXi 5.x | 902 | TCP/UDP | ESXi 5.x | vCenter Server | (UDP) Status update (heartbeat) connection from E SXi to vCenter Server |
| ESXi 5.x | 1024 (dynamic) | TCP/UDP | ESXi Host | Active Directory Server | Bi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). SeeActive Directory and Active Directory Domain Services Port Requirements and MS article179442. |
| ESXi 5.x | 2049 | TCP | ESXi 5.x | NFS Server | Transactions from NFS storage devices |
| ESXi 5.x | 2049 | UDP | ESXi 5.x | NFS Server | Transactions from NFS storage devices |
| ESXi 5.x | 3260 | TCP | ESXi 5.x | iSCSI storage server | Transactions to iSCSI storage devices |
| ESXi 5.x | 5900 to 5964 | TCP | ESXi 5.x | ESXi 5.x | RFB protocol, which is used by management tools such as VNC |
| ESXi 5.x | 5988 | TCP | CIM Server | ESXi 5.x | CIM transactions over HTTP |
| ESXi 5.x | 5989 | TCP | vCenter Server | ESXi 5.x | CIM XML transactions over HTTPS |
| ESXi 5.x | 5989 | TCP | ESXi 5.x | vCenter Server | CIM XML transactions over HTTPS |
| ESXi 5.x | 8000 | TCP | ESXi 5.x (VM Target) | ESXi 5.x (VM Source) | Requests from vMotion |
| ESXi 5.x | 8000 | TCP | ESXi 5.x (VM Source) | ESXi 5.x (VM Target) | Requests from vMotion |
| ESXi 5.x | 8100 | TCP/UDP | ESXi 5.x | ESXi 5.x | Traffic between hosts for vSphere Fault Tolerance (FT) |
| ESXi 5.x | 8182 | TCP/UDP | ESXi 5.x | ESXi 5.x | Traffic between hosts for vSphere High Availability (vSphere HA) |
| ESXi 5.x | 8200 | TCP/UDP | ESXi 5.x | ESXi 5.x | Traffic between hosts for vSphere Fault Tolerance (FT) |
| ESXi 5.x | 8301 | UDP | ESXi 5.x | ESXi 5.x | DVS Port Information |
| ESXi 5.x | 8302 | UDP | ESXi 5.x | ESXi 5.x | DVS Port Information |
| ESXi 5.x | 31100 | TCP | vCenter | SPS Server | Internal Communication Port |
| ESXi 5.x | 31000 | TCP | SPS Server | vCenter | Internal Communication Port |
| ESXi Dump Collector# | 6500 | UDP | ESXi | vCenter Server | Network coredump server |
| ESXi Dump Collector | 8000 | TCP | ESXi | vCenter Server | Network coredump web port |
| ESXi Syslog Collector# | 8001 | TCP | ESXi | vCenter Server | Network syslog server |
| GuidedConsolidation | 135 | TCP/UDP | Consolidation Target (Physical Server) | vCenter Converter Server | Microsoft DCE Locator Service, also known at End-Point Mapper |
| Guided Consolidation | 137 | TCP/UDP | Consolidation Target (Physical Server) | vCenter Converter Server | NetBIOS names service. Firewall administrators frequently see larger numbers of incoming packets to port 137. This is because of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the gethostbyaddr() function. As users behind the firewalls visit Windows-based Web sites, those servers frequently respond with NetBIOS lookups. |
| Guided Consolidation | 138 | TCP/UDP | Consolidation Target (Physical Server) | vCenter Converter Server | NetBIOS datagram Used by Windows, as well as UNIX services (such as SAMBA). Port 138 is used primarily by the SMB browser service that obtains Network Neighborhood information. |
| Guided Consolidation | 139 | TCP/UDP | Consolidation Target (Physical Server) | vCenter Converter Server | NetBIOS Session Windows File and Printer sharing. |
| Guided Consolidation | 445 | TCP/UDP | Consolidation Target (Physical Server) | vCenter Converter Server | DNS Direct Hosting port. In Windows 2000 and Windows XP, redirector and server components now support direct hosting for communicating with other computers running Windows 2000 or Windows XP. Direct hosting does not use NetBIOS for name resolution. DNS is used for name resolution, and the Microsoft networking communication is sent directly over TCP without a NetBIOS header. Direct hosting over TCP/IP uses TCP and UDP port 445 instead of the NetBIOS session TCP port 139. |
| Heartbeat# | 52267 | TCP | vCenter Server Heartbeat Console | vCenter Server Heartbeat Server | Client Connection Port |
| Heartbeat | 57348 | TCP | vCenter Server Primary Server | vCenter Server Secondary Server | Default Channel Port to communicate between Primary and Secondary server |
| Lab Manager# | 137 | UDP | ESXi/ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
| Lab Manager | 138 | UDP | ESXi/ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
| Lab Manager | 139 | TCP | ESXi/ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
| Lab Manager | 389 | TCP/UDP | Lab Manager Server | LDAP Server | LDAP Authentication (optional) |
| Lab Manager | 443 | TCP | Client PC | Lab Manager Server | Lab Manager Console (Web Browser) |
| Lab Manager | 443 | TCP | Lab Manager Server | vCenter Server | Lab Manager to vCenter Server Communication |
| Lab Manager | 445 | TCP | ESXi/ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
| Lab Manager | 514 | TCP | Lab Manager Server | Virtual Router | Update IP tables and routing on the vRouter |
| Lab Manager | 636 | TCP | Lab Manager Server | LDAP Server | LDAPS Authentication (optional) |
| Lab Manager | 1433 | TCP | Lab Manager Server | Microsoft SQL Server | Lab Manager Connectivity to Microsoft SQL Server (for LM database) |
| Lab Manager | 5212 | TCP | Lab Manager Server | ESXi/ESX Host | Lab Manager Agent. ESXi requires Lab Manager 4.x |
| Orchestrator# | 25 | TCP | VCO Server | SMTP Server | Email notifications |
| Orchestrator | 389 | TCP/UDP | VCO Server | LDAP Server | LDAP Authentication |
| Orchestrator | 443 | TCP | VCO Server | vCenter Server | Used to obtain virtual infrastructure and virtual machine information from orchestrated vCenter Server(s) through the vCenter API |
| Orchestrator | 636 | TCP | VCO Server | LDAP Server | VCO uses LDAP authentication and group membership to determine role authorization in LCM and access to VMs/requests. This is the SSL secured LDAP protocol LDAPS (the SSL pendent of 389). This is used for secured LDAP authentication |
| Orchestrator | 1433 | TCP | VCO Server | Microsoft SQL Server | vCenter Orchestrator Server to Microsoft SQL Server for VCO Database |
| Orchestrator | 1521 | TCP | VCO Server | Oracle Database Server | vCenter Orchestrator Server to Oracle for VCO Database |
| Orchestrator | 3306 | TCP | VCO Server | MySQL Server | vCenter Orchestrator Server to MySQL Server for VCO Database |
| Orchestrator | 5432 | TCP | VCO Server | PostgresSQL Server | vCenter Orchestrator Server to PostgresSQL Server for VCO Database |
| Orchestrator | 8230 | TCP | VCO Client | VCO Server | Lookup port – The main port to communicate with Orchestrator Configurator server (JNDI port). All other ports communicate with the Orchestrator Configurator smart client through this one. It is part of the JBoss Application server infrastructure |
| Orchestrator | 8240 | TCP | VCO Client | VCO Server | Command port – The application communication port (RMI container port), it is used for remote invocations. It is part of the JBoss Application server infrastructure. |
| Orchestrator | 8244 | TCP | VCO Client | VCO Server | Data port used to access all Orchestrator data models, such as workflows and policies. It is part of the JBoss application server infrastructure. |
| Orchestrator | 8250 | TCP | VCO Client | VCO Server | Messaging port – The Java messaging port used to dispatch events. It is part of the JBoss Application server infrastructure |
| Orchestrator | 8280 | TCP | VCO Server | VCO Server | Port used by VCO Server to connect to the Web front-end via HTTP |
| Orchestrator | 8281 | TCP | VCO Server | VCO Server | Port used by VCO Server to connect to the Web front-end via HTTPS |
| Orchestrator | 8281 | TCP | vCenter Server | VCO Server | Port used by VCO Server to connect to vCenter Server to communicate with the vCenter API |
| Orchestrator | 8282 | TCP | VCO Client PC | VCO Server | HTTP server port – Port used by the HTTP connector to connect to the Web frontend. |
| Orchestrator | 8283 | TCP | VCO Client PC | VCO Server | HTTPS server port – Port used by HTTP connector to connect to the Web frontend. Requires Jetty to be configured for SSL. |
| Stage Manager# | 137 | UDP | ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs |
| Stage Manager | 138 | UDP | ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs |
| Stage Manager | 139 | TCP | ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs |
| Stage Manager | 389 | TCP/UDP | Stage Manager Server | LDAP Server | LDAP Authentication (optional) |
| Stage Manager | 443 | TCP | Client PC | Stage Manager Server | Stage Manager Console (Web Browser) |
| Stage Manager | 443 | TCP | Stage Manager Server | ESX Host | Stage Manager Server communication with ESX Host Agent |
| Stage Manager | 443 | TCP | Stage Manager Server | vCenter Server | Stage Manager Server communication with vCenter Server |
| Stage Manager | 445 | TCP | ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs |
| Stage Manager | 514 | TCP | Stage Manager Server | ESX Host | ESX Host Virtual Router |
| Stage Manager | 636 | TCP | Stage Manager Server | LDAP Server | LDAPS Authentication (optional) |
| Stage Manager | 5212 | TCP | Stage Manager Server | ESX Host | Stage Manager Agent |
| Update Manager# | 80 | TCP | Update Manager Server | www.vmware.com and xml.shavlik.com | To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com |
| Update Manager | 80 | TCP | ESXi/ESX Host | Update Manager Host | ESXi/ESX Host to Update Manager Server. The reverse proxy forwards the request to port 9084 |
| Update Manager | 80 | TCP | Update Manager Server | vCenter Server | Update Manager to vCenter Server communication |
| Update Manager | 443 | TCP | Update Manager Server | www.vmware.com and xml.shavlik.com | To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com |
| Update Manager | 443 | TCP | ESXi/ESX Host | Update Manager Server | ESXi/ESX Host to Update Manager Server . The reverse proxy forwards the request to port 9084 |
| Update Manager | 443 | TCP | vCenter Server | Update Manager Server | vCenter Server to Update Manager Server. The reverse proxy forwards the request to port 8084 |
| Update Manager | 735 | TCP | Update Manager Server | Virtual Machines | Update Managerlistenerport (rdevServer.exe) part of theRemote Device Server used for virtual machine patching. |
| Update Manager | 902 | TCP | Update Manager Server | ESXi/ESX Host | To push patches and updates from Update Manager to the ESXi/ESX Hosts to be updated |
| Update Manager | 1433 | TCP | Update Manager Server | Microsoft SQL Server | Update Manager to Microsoft SQL Server connectivity (for UM Database) |
| Update Manager | 1521 | TCP | Update Manager Server | Oracle Database Server | Update Manager to Oracle connectivity (for UM Database) |
| Update Manager | 8084 | TCP | Update Manager Server | vCenter Server | SOAP between components of Update Manager Server and the vCenter Update Manager client plug-in. Configurable at install. |
| Update Manager | 9084 | TCP | ESXi/ESX host | Update Manager Server | ESXi/ESX hosts connect to the VUM (VMware Update Manager) webserver listening for updates. Configurable at install. |
| Update Manager | 9087 | TCP | Update Manager Server | vCenter Server | Port used for uploading host update files. Configurable at install. |
| Update Manager | 9000 to 9100 | TCP | ESXi/ESX Host | Update Manager Server | This is the recommend port range from which to choose ports for Update Manager if ports 80 and 443 are already in use. Update Manager automatically opens these ports for ESX Host scanning and remediation. |
| vCenter 2.5.x# | 25 | TCP | vCenter Server | SMTP Server | Email notifications |
| vCenter 2.5.x | 53 | UDP | vCenter Server | DNS Server | DNS lookups |
| vCenter 2.5.x | 80 | TCP | Client PC | vCenter Server | Redirect Web Browser to HTTPS Service (443) |
| vCenter 2.5.x | 88 | TCP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 2.5.x | 88 | UDP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 2.5.x | 161 | UDP | SNMP Server | vCenter Server | SNMP Polling |
| vCenter 2.5.x | 162 | UDP | vCenter Server | SNMP Server | SNMP Trap Send |
| vCenter 2.5.x | 389 | TCP/UDP | vCenter Server | LDAP Server | LDAP Authentication |
| vCenter 2.5.x | 443 | TCP | vCenter Server | ESXi/ESX Host | vCenter Agent |
| vCenter 2.5.x | 443 | TCP | Client PC | vCenter Server | VI Web Access (Web Browser) |
| vCenter 2.5.x | 443 | TCP | VI / vSphere Client | vCenter Server | VI / vSphere Client access to vCenter Server |
| vCenter 2.5.x | 445 | TCP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 2.5.x | 445 | UDP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 2.5.x | 902 | TCP/UDP | vCenter Server | ESXi/ESX Host | Heartbeat |
| vCenter 2.5.x | 902 | TCP/UDP | ESXi/ESX Host | vCenter Server | Heartbeat |
| vCenter 2.5.x | 903 | TCP | Client PC | vCenter Server | VI / vSphere Client to VM Console |
| vCenter 2.5.x | 903 | TCP | vCenter Server | ESXi/ESX Host | VI / vSphere Client to VM Console (after connection established between VI / vSphere Client and vCenter) |
| vCenter 2.5.x | 1433 | TCP | vCenter Server | Microsoft SQL Server | For vCenter Microsoft SQL Server Database |
| vCenter 2.5.x | 1521 | TCP | vCenter Server | Oracle Database Server | For vCenter Oracle Database |
| vCenter 2.5.x | 5989 | TCP | VirtualCenter/vCenter | ESXi/ESX Host | vCenter to ESX |
| vCenter 2.5.x | 5989 | TCP | ESXi/ESX Host | VirtualCenter/vCenter | ESX to vCenter |
| vCenter 2.5.x | 8005 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 2.5.x | 8006 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 2.5.x | 8083 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| vCenter 2.5.x | 8085 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics/SDK |
| vCenter 2.5.x | 8086 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 2.5.x | 8087 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| vCenter 2.5.x | 27000 | TCP | vCenter Server | VMware License Server | Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
| vCenter 2.5.x | 27000 | TCP | VMware License Server | vCenter Server | Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
| vCenter 2.5.x | 27010 | TCP | vCenter Server | VMware License Server | Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
| vCenter 2.5.x | 27010 | TCP | VMware License Server | vCenter Server | Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
| vCenter 4.x | 25 | TCP | vCenter Server | SMTP Server | Email notifications |
| vCenter 4.x# | 53 | UDP | vCenter Server | DNS Server | DNS lookups |
| vCenter 4.x | 80 | TCP | Client PC | vCenter Server | Redirect Web Browser to HTTPS Service (443) |
| vCenter 4.x | 80 | TCP | vCenter Server | ESXi/ESX 4.x | DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
| vCenter 4.x | 88 | UDP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 4.x | 88 | TCP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 4.x | 135 | TCP | vCenter Server | vCenter Server | Linked Mode |
| vCenter 4.x | 161 | UDP | SNMP Server | vCenter Server | SNMP Polling |
| vCenter 4.x | 162 | UDP | vCenter Server | SNMP Server | SNMP Trap Send |
| vCenter 4.x | 389 | TCP/UDP | vCenter Server | Linked vCenter Servers | Bi-directional LDAP authentication with Kerberos encryption on TCP port 389 is required between all vCenters that need to replicate. |
| vCenter 4.x | 443 | TCP | vCenter Server | ESXi/ESX Host | vCenter Agent |
| vCenter 4.x | 443 | TCP | vCenter Server | ESXi/ESX 4.x | Host DPM with HP iLO Remote Management and Control Protocol |
| vCenter 4.x | 443 | TCP | Client PC | vCenter Server | VI Web Access (Web Browser) |
| vCenter 4.x | 443 | TCP | vSphere Client | vCenter Server | vSphere Client access to vCenter Server |
| vCenter 4.x | 445 | TCP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 4.x | 445 | UDP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 4.x | 623 | UDP | vCenter Server | ESXi/ESX 4.x Host | DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
| vCenter 4.x | 636 | TCP | vCenter Server | Linked vCenter Servers | Linked mode connectivity between vCenter Servers |
| vCenter 4.x | 902 | TCP/UDP | vCenter Server | ESXi/ESX Host | Heartbeat |
| vCenter 4.x | 902 | TCP/UDP | ESXi/ESX Host | vCenter Server | Heartbeat |
| vCenter 4.x | 903 | TCP | Client PC | vCenter Server | VI / vSphere Client to VM Console |
| vCenter 4.x | 902 | TCP | vCenter Server | ESXi/ESX Host | VI / vSphere Client to VM Console (after connection established between VI / vSphere Client and vCenter) |
| vCenter 4.x | 1024 (dynamic) | RPC | Linked vCenter Servers | Linked vCenter Servers | Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all vCenters that own an object it needs to manage. |
| vCenter 4.x | 1433 | TCP | vCenter Server | Microsoft SQL Server | For vCenter Microsoft SQL Server Database |
| vCenter 4.x | 1521 | TCP | vCenter Server | Oracle Database Server | For vCenter Oracle Database |
| vCenter 4.x | 5989 | TCP | vCenter Server | ESXi/ESX Host | vCenter to ESX |
| vCenter 4.x | 5989 | TCP | ESXi/ESX Host | vCenter Server | ESX to vCenter |
| vCenter 4.x | 8005 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 4.x | 8006 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 4.x | 8080 | TCP | Client PC | vCenter Server 4.x | VMware vCenter 4 Management Web Services - HTTP |
| vCenter 4.x | 8083 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| vCenter 4.x | 8085 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics/SDK |
| vCenter 4.x | 8086 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 4.x | 8087 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| vCenter 4.x | 8089 | TCP | vCenter Server | vCenter Server | SDK Tunneling Port |
| vCenter 4.x | 8443 | TCP | Client PC | vCenter Server 4.x | VMware vCenter 4 Management Web Services - HTTPS |
| vCenter 4.x | 8443 | TCP | vCenter Server | vCenter Server | Linked Mode |
| vCenter 4.x | 27000 | TCP | vCenter Server | VMware License Server | Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
| vCenter 4.x | 27000 | TCP | VMware License Server | vCenter Server | Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
| vCenter 4.x | 27010 | TCP | vCenter Server | VMware License Server | Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
| vCenter 4.x | 27010 | TCP | VMware License Server | vCenter Server | Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported |
| vCenter 4.1# | 60099 | TCP | vCenter Server | vCenter Server Services | This port is for internal communication between vCenter Server and its solutions. Specifically, it is used to exchange messages about inventory. If you do not have it open, a solution that integrates with vCenter Server using this service may be affected. |
| vCenter 5.x# | 25 | TCP | vCenter Server | SMTP Server | Email notifications |
| vCenter 5.x | 53 | UDP | vCenter Server | DNS Server | DNS lookups |
| vCenter 5.x | 80 | TCP | Client PC | vCenter Server | vCenter Server requires port 80 for direct HTTP connections. |
| vCenter 5.x | 80 | TCP | vCenter Server | ESXi 5.x | DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
| vCenter 5.x | 88 | UDP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 5.x | 88 | TCP | vCenter Server | Active Directory Server | AD Authentication |
| vCenter 5.x | 135 | TCP | vCenter Server | vCenter Server | Linked Mode |
| vCenter 5.x | 161 | UDP | SNMP Server | vCenter Server | SNMP Polling |
| vCenter 5.x | 162 | UDP | vCenter Server | SNMP Server | SNMP Trap Send |
| vCenter 5.x | 389 | TCP/UDP | vCenter Server | Linked vCenter Servers | This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, you can run the LDAP service on any port from 1025 through 65535. |
| vCenter 5.x | 443 | TCP | vSphere Client | vCenter Server | vCenter Server system uses to listen for connections from the vSphere Client. |
| vCenter 5.x | 443 | TCP | vCenter Server | ESXi 5.x | vCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol |
| vCenter 5.x | 623 | UDP | vCenter Server | ESXi 5.x | DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
| vCenter 5.x | 636 | TCP | vCenter Servers | Linked vCenter Servers | vCenter Server Linked Mode, this is the SSL port of the local instance. |
| vCenter 5.x | 902 | TCP | vCenter Server | ESXi 5.x | vCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts. |
| vCenter 5.x | 902 | UDP | vCenter Server | ESXi 5.x | Managed hosts send a regular heartbeat to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts. |
| vCenter 5.x | 902 | TCP/UDP | vSphere Client | ESXi 5.x | vSphere Client uses this ports to display virtual machine consoles. |
| vCenter 5.x | 902 | TCP/UDP | ESXi 5.x | ESXi 5.x | Host access to other hosts for migration and provisioning |
| vCenter 5.x | 1024 (dynamic) | RPC | Linked vCenter Servers | Linked vCenter Servers | Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all vCenters that own an object it needs to manage. |
| vCenter 5.x | 1433 | TCP | vCenter Server | Microsoft SQL Server | For vCenter Microsoft SQL Server Database |
| vCenter 5.x | 1521 | TCP | vCenter Server | Oracle Database Server | For vCenter Oracle Database |
| vCenter 5.x | 5988 | TCP | ESXi 5.x | vCenter Server | CIM transactions over HTTP |
| vCenter 5.x | 5989 | TCP | vCenter Server | ESXi 5.x | CIM XML transactions over HTTPS |
| vCenter 5.x | 5989 | TCP | ESXi 5.x | vCenter Server | CIM XML transactions over HTTPS |
| vCenter 5.x | 7500 | UDP | vCenter Server | vCenter Server | Linked Mode, Java Discovery Port |
| vCenter 5.x | 8005 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 5.x | 8006 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 5.x | 8009 | TCP | vCenter Server | vCenter Server | AJP Port |
| vCenter 5.x | 8080 | TCP | Client PC | vCenter Server | Web Services HTTP. Used for the VMware VirtualCenter Management Web Services. |
| vCenter 5.x | 8083 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| vCenter 5.x | 8085 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics/SDK |
| vCenter 5.x | 8086 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| vCenter 5.x | 8087 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| vCenter 5.x | 8089 | TCP | vCenter Server | vCenter Server | SDK Tunneling Port |
| vCenter 5.x | 8443 | TCP | Client PC | vCenter Server | Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services. |
| vCenter 5.x | 8443 | TCP | vCenter Server | vCenter Server | Linked Mode |
| vCenter 5.x | 9443 | TCP | Client PC | vCenter Server | vSphere Web Client Access |
| vCenter 5.x | 10109 | TCP | vCenter Server | vCenter Server | vCenter Inventory Service Service Management |
| vCenter 5.x | 10111 | TCP | vCenter Server | vCenter Server | vCenter Inventory Service Linked Mode Communication |
| vCenter 5.x | 10443 | TCP | Client PC | vCenter Server | vCenter Inventory Service HTTPS |
| vCenter 5.x | 51915 | TCP | ESXi | vSphere Authentication Proxy | This is a web service, which is used to add host to Active Directory domain. |
| vCenter 5.x | 60099 | TCP | vCenter Server | vCenter Server | Web Service change service notification port |
| vCenter 5.1# | 7005 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Base shutdown port. For more information, seeConfiguring VMware Tomcat Server Settings in vCenter Server 5.1. |
| vCenter 5.1 | 7080 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | HTTP Port |
| vCenter 5.1 | 7444 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Lookup Service, HTTPS Port |
| vCenter 5.1 | 7009 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | AJP Port |
| vCenter 5.1/5.5# | 10109 to 10111 | TCP | vCenter Inventory Service | vCenter Server | vCenter Inventory Service Linked Mode Communication |
| vCenter 5.1/5.5 | 8003 | TCP | vCenter Server (Tomcat Server settings) | vCenter Server Management Web Services | vCenter Server Management Web Service shutdown |
| vCenter 5.1 | 49152 to 65535 | TCP | Active Directory | vCenter Server | Allow Active Directory authentication/communication between domain controllers and vCenter Server. |
| vCenter 5.5# | 88 | TCP | vCenter Server | vCenter Single Sign-On | Kdc Service |
| vCenter 5.5 | 2012 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Directory Service |
| vCenter 5.5 | 2013 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Kdc Service |
| vCenter 5.5 | 2014 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | VMware Certificate Service inter-communications with vCenter Single Sign-On |
| vCenter 5.5 | 7331 | TCP | vCenter Server (Tomcat Server settings) | vSphere Web Client | HTML5 remote console for virtual machines |
| vCenter 5.5 | 7444 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Lookup Service, HTTPS port |
| vCenter 5.5 | 11711 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | Directory service LDAP use for replication between vCenter Single Sign-On nodes |
| vCenter 5.5 | 11712 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | Directory service LDAPS use for replication between vCenter Single Sign-On nodes |
| vCenter 5.5 | 12721 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | Identity Management Service (IDM) internal client/server communication port. Used by VMware Identity Management Service. |
| vCenter 5.5 | 49000 to 65000 | TCP | Active Directory | vCenter Server | Allow Active Directory authentication/communication between domain controllers and vCenter Server. Used by the VMware Identity Management Service |
| vCenter Infrastructure Navigator 1.x# | 22 | TCP | Client PC | vCenter Infrastructure Navigator Appliance | Enables SSH access to vCenter Infrastructure Appliance |
| vCenter Infrastructure Navigator 1.x | 80 | TCP | vCenter Infrastructure Navigator | vSphere Web service API | HTTP web service |
| vCenter Infrastructure Navigator 1.x | 443 | TCP | vCenter Infrastructure Navigator | vSphere Web service API | HTTPS web service |
| vCenter Infrastructure Navigator 1.x | 443 | TCP | vCenter Infrastructure Navigator | ESXi/ESX hosts and virtual machines | VIX protocol on target hosts to perform discovery |
| vCenter Infrastructure Navigator 1.x | 902 | TCP | vCenter Infrastructure Navigator | ESXi/ESX hosts and virtual machines | VIX protocol on target hosts to perform discovery |
| vCenter Infrastructure Navigator 1.x | 2868 | TCP | vCenter Server | vCenter Infrastructure Navigator | Plug-in downloads. This download happens as part of the registration process. |
| vCenter Infrastructure Navigator 1.x | 6969 | TCP | vCenter Server | vCenter Infrastructure Navigator | Connectivity from vSphere Web Client to vCenter Infrastructure Navigator |
| vCenter Log Insight 1.x# | 22 | TCP | SSH Client | Log Insight | Secure Shell (SSH) access to the vCenter Log Insight virtual appliance |
| vCenter Log Insight 1.x | 25 | TCP | Log Insight | SMTP Server | Email notifications from vCenter Log Insight to a configured mail server |
| vCenter Log Insight 1.x | 514 | UDP | Syslog Client | Log Insight | Remote Syslog logging |
| vCenter Log Insight 1.x | 514 | TCP | Syslog Client | Log Insight | Remote Syslog logging |
| vCenter Log Insight 1.x | 1514 | TCP | Syslog Client | Log Insight | SSL Encrypted Remote Syslog logging |
| vCenter Log Insight 1.x | 445 | UDP | Log Insight | MS Directory Services Server | Connection to a Domain Controller for Active Directory Authentication |
| vCenter Log Insight 1.x | 80 | TCP | HTTP Client | Log Insight | Log Insight Web Interface. Redirects to encrypted web interface |
| vCenter Log Insight 1.x | 443 | TCP | HTTP Client | Log Insight | Log Insight Web Interface Encrypted |
| vCenter Log Insight 1.x | 123 | UDP | Log Insight | NTP Server | Time synchronization with NTP server |
| vCloud Usage Meter# | 80 | TCP | vCloud Usage Meter | vCenter Server | This is for vSphere API |
| vCloud Usage Meter | 443 | TCP | vCloud Usage Meter | vCenter Server | This is for vSphere API |
| vCloud Usage Meter | 5480 | TCP | vCenter Update Manager | vCloud Usage Meter | This is used for virtual appliance updates |
| vCloud Usage Meter | 8443 | TCP | Client Browser | vCloud Usage Meter | This is for WebApp |
| vCenter Operations Standard 1.x# | 22 | TCP | SSH Client | vCenter Operations Standard 1.x virtual appliance | Enables SSH access to the vCenter Operations Standard virtual appliance |
| vCenter Operations Standard 1.x | 443 | TCP | Browser or vSphere Client plugin | vCenter Operations Standard 1.x virtual appliance | HTTPS server port for the vCenter Operations Standard Administration page |
| vCenter Operations Standard 1.x | 5480 | TCP | Browser | vCenter Operations Standard 1.x virtual appliance | HTTPS server port for the VMware Studio Web console to administer the virtual appliance |
| vCenter Operations Manager (vApp) 5.x# | 80 | TCP | Browser | vCenter Operations Manager UI VM | HTTP server port that unconditionally redirects to HTTPS port |
| vCenter Operations Manager (vApp) 5.x | 443 | TCP |
|
|
|
| vCenter Operations Manager (vApp) 5.x | 22 | TCP | SSH Client | vCenter Operations Manager UI VM, vCenter Operations Manager Analytics VM | Enables SSH access to the vCenter Operations Manager virtual appliance |
| vCenter Operations Manager (vApp) 5.x | 1194 | TCP | vCenter Operations Manager Analytics VM | vCenter Operations Manager UI VM | Open VPN tunnel for communication between the two VMs |
| vCenter Operations Manager (Standalone) 5.x# | 443 | TCP | vCenter Operations Manager UI VM, vCenter Operations Manager Analytics VM | vCenter Server | UI VM: Registration of vCenter Operations Manager as an extension to vCenter, Analytics VM: Collecting metric data from vCenter |
| vCenter Operations Manager (Standalone) 5.x | 80 | TCP | Browser | vCenter Operations Manager (Standalone) | (If chosen during configuration) HTTP port to access vCenter Operations Manager UI |
| vCenter Operations Manager (Standalone) 5.x | 443 | TCP | Browser | vCenter Operations Manager (Standalone) | (If chosen during configuration) HTTPS port to access vCenter Operations Manager UI |
| vCenter Operations Manager (Standalone) 5.x | 1199 | TCP | vCenter Operations Manager remote collector | vCenter Operations Manager (Standalone) | Heartbeat connection between remote collector and main vCenter Operations Manager server |
| vCenter Operations Manager (Standalone) 5.x | 61616 | TCP | vCenter Operations Manager remote collector | vCenter Operations Manager (Standalone) | Connection between remote collector and ActiveMQ component on the main vCenter Operations Manager server |
| vCenter Operations Manager (Standalone) 5.x | 443 | TCP | vCenter Operations Manager local/remote collector | vCenter Server | Connection between remote collector and ActiveMQ component on the main vCenter Operations Manager server |
| View 3.x# | 3389 | TCP | Thin Client | ESX host | RDP Protocol |
| View 3.x | 18443 | TCP | View Connection Server/View Manager | vCenter Server | View Composer |
| View 3.x | 32111 | TCP | View Agent (Virtual Desktop) | View Client | USB Device Communication |
| View 3.x | 32111 | TCP | View Client | View Agent (Virtual Desktop) | USB Device Communication |
| View 4.0.x# | 902 | TCP | View Client/View Client with Offline Desktop | ESX Host | (Optional) View Client with Offline Desktop data is downloaded and uploaded through this port. |
| View 4.0.x | 3268 | TCP | View/VDM Connection Server/View Manager | Active Directory Server | Global Catalog Server |
| View 4.0.x | 3269 | TCP | View/VDM Connection Server/View Manager | Active Directory Server | Global Catalog Server |
| View 4.0.x | 3389 | TCP | Thin Client | ESX host | RDP Protocol |
| View 4.0.x | 9427 | TCP | View Client/View Client with Offline Desktop | View Agent (Virtual Desktop) | (Optional) Multimedia Redirection (MMR). MMR is supported by View Client and View Client with Offline Desktop on certain operating systems. |
| View 4.0.x | 18443 | TCP | View Connection Server/View Manager | vCenter Server | View Composer |
| View 4.0.x | 50002 | TCP/UDP | View Agent (Virtual Desktop) | View Client | PCoIP (AES 128-bit encryption) |
| View 4.0.x | 50002 | TCP/UDP | View Client | View Agent (Virtual Desktop) | PCoIP (AES 128-bit encryption) |
| View 4.5.x# | - | - | - | - | For more information, seeNetwork connectivity requirements for VMware View Manager 4.5 and later (1027217). |
| View 4.5.x | 80/443 | TCP | View Client with Local Mode | View Transfer Server | HTTP(S) access via direct connection for downloading and uploading Local Mode data |
| View 4.5.x | 80/443 | TCP | Security Server | View Transfer Server | HTTP(S) access via tunnel connection for downloading and uploading Local Mode data |
| View 4.5.x | 902 | TCP | View Connection Server | ESX Host | Used when checking out local desktops. Must be accessible on your ESX host when using View Client with Local Mode. |
| View 4.5.x | 902 | TCP | View Transfer Server | ESX Host | Publishing View Composer packages for Local Mode |
| View 4.5.x | 4001 | TCP | View Connection Server | View Transfer Server | Required by JMS for Local Mode |
| View 4.5.x | 4172 | TCP/UDP | View Client | View Agent (Virtual Desktop) | PCoIP (AES 128-bit encryption) |
| View 4.5.x | 50002 | UDP | View Client | View Agent (Virtual Desktop) | PCoIP (AES 128-bit encryption) |
| View 4.6.x# | - | - | - | - | For more information, seeNetwork connectivity requirements for VMware View Manager 4.5 and later (1027217). |
| View 4.6.x | 80/443 | TCP | View Client with Local Mode | View Transfer Server | HTTP(S) access via direct connection for downloading and uploading Local Mode data |
| View 4.6.x | 80/443 | TCP | Security Server | View Transfer Server | HTTP(S) access via direct connection for downloading and uploading Local Mode data |
| View 4.6.x | 902 | TCP | View Connection Server | ESX Host | Used when checking out local desktops. Must be accessible on your ESX host when using View Client with Local Mode. |
| View 4.6.x | 902 | TCP | View Transfer Server | ESX Host | Publishing View Composer packages for Local Mode |
| View 4.6.x | 4001 | TCP | View Connection Server | View Transfer Server | Required by JMS for Local Mode |
| View 4.6.x | 4172 | TCP/UDP | View Client | View Agent (Virtual Desktop) | PCoIP (AES 128-bit encryption) |
| View 4.6.x | 50002 | UDP | View Client | View Agent (Virtual Desktop) | PCoIP (AES 128-bit encryption) |
| View 5.x# | - | - | - | - | For more information, seeNetwork connectivity requirements for VMware View Manager 4.5 and later (1027217). |
| View 5.x | 80/443 | TCP | View Client with Local Mode | View Transfer Server | HTTP(S) access via direct connection for downloading and uploading Local Mode data |
| View 5.x | 80/443 | TCP | Security Server | View Transfer Server | HTTP(S) access via direct connection for downloading and uploading Local Mode data |
| View 5.x | 902 | TCP | View Connection Server | ESXi Host | Used when checking out local desktops. Must be accessible on your ESXi host when using View Client with Local Mode. |
| View 5.x | 902 | TCP | View Transfer Server | ESXi Host | Publishing View Composer packages for Local Mode |
| View 5.x | 902 | TCP | View Composer Server | ESXi Host | Used when View Composer customizes linked-clone disks, including View Composer internal disks and, if they are specified, persistent disks and system disposable disks. |
| View 5.x | 4001 | TCP | View Connection Server | View Transfer Server | Required by JMS for Local Mode |
| View 5.x | 4172 | TCP/UDP | View Client | View Agent (Virtual Desktop) | PCoIP (AES 128-bit encryption) |
| View 5.x | 50002 | UDP | View Client | View Agent (Virtual Desktop) | PCoIP (AES 128-bit encryption) |
| View/VDM 2.x | 80 | TCP | View/VDM Client | View/VDM Security Server | VDM Access (not required if only HTTPS is to be supported) |
| View/VDM 2.x# | 80 | TCP | Client PC | View/VDM Security Server | VDM Web Access (not required if only HTTPS is to be supported). The Security Server used as a proxy in a DMZ to allow for external connections in. The View Manager/Connection Broker has an ADAM instance on it. |
| View/VDM 2.x | 80 | TCP | View/VDM Client | View/VDM Connection Server | VDM Access (not required if only HTTPS is to be supported) |
| View/VDM 2.x | 80 | TCP | Client PC | View/VDM Connection Server | VDM Web Access (not required if only HTTPS is to be supported). |
| View/VDM 2.x | 88 | UDP | View/VDM Connection Server/View Manager | Active Directory Server | AD Authentication |
| View/VDM 2.x | 88 | TCP | View/VDM Connection Server/View Manager | Active Directory Server | AD Authentication |
| View/VDM 2.x | 389 | TCP/UDP | View/VDM Connection Server/View Manager | LDAP Server | LDAP Authentication |
| View/VDM 2.x | 443 | TCP | View/VDM Client | View/VDM Security Server | VDM Access |
| View/VDM 2.x | 443 | TCP | Client PC | View/VDM Connection Server/View Manager | VDM Web Access and VDM Administration |
| View/VDM 2.x | 443 | TCP | Thin Client | View/VDM Connection Server/View Manager | VDM API |
| View/VDM 2.x | 443 | TCP | View/VDM Client | View/VDM Connection Server/View Manager | VDM Access |
| View/VDM 2.x | 443 | TCP | Client PC | View/VDM Security Server | VDM Web Access (Web Browser) |
| View/VDM 2.x | 443 | TCP | View/VDM Connection Server/View Manager | vCenter Server | VDM to vCenter communication |
| View/VDM 2.x | 445 | UDP | View/VDM Connection Server/View Manager | Active Directory Server | AD Authentication |
| View/VDM 2.x | 445 | TCP | View/VDM Connection Server/View Manager | Active Directory Server | AD Authentication |
| View/VDM 2.x | 1024 to 65535 | TCP | View/VDM Connection Server/View Manager | Virtual Desktop VM (View/VDM Agent) | Ephemeral Ports. A short-lived connection between View Manager and the virtual desktop |
| View/VDM 2.x | 1024 to 65535 | TCP | View/VDM Connection Server/View Manager | View/VDM Connection Server/View Manager | This is required for ADAM replication between VDM Connection Servers. With a Registry entry, this can be fixed to a defined set of ports, but by default it is a random TCP high port |
| View/VDM 2.x | 3389 | TCP | View/VDM Security Server | Virtual Desktop VM (View/VDM Agent) | Tunneled RDP Connection (RSA RC4 encryption, can be set High/Medium/Low) High: Encrypts both the data sent from client to server and the data sent from server to client using a 128-bit key. Medium: Encrypts both the data sent from client to server and the data sent from server to client using a 56-bit key if the client is a Windows 2000 or above client, or a 40-bit key if the client is an earlier version. Low: Encrypts only the data sent from client to server, using either a 56- or 40-bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server. |
| View/VDM 2.x | 3389 | TCP | Client PC/Thin Client/View/VDM Client | Virtual Desktop VM (View/VDM Agent) | Direct RDP Connection (RSA RC4 encryption, can be set High/Medium/Low). High: Encrypts both the data sent from client to server and the data sent from server to client using a 128-bit key. Medium: Encrypts both the data sent from client to server and the data sent from server to client using a 56-bit key if the client is a Windows 2000 or above client, or a 40-bit key if the client is an earlier version. Low: Encrypts only the data sent from client to server, using either a 56- or 40-bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server. |
| View/VDM 2.x | 4001 | TCP | View/VDM Security Server | View/VDM Connection Server/View Manager | Java Messenger Service (JMS) |
| View/VDM 2.x | 4001 | TCP | View/VDM Connection Server/View Manager | View/VDM Security Server | Java Messenger Service (JMS) |
| View/VDM 2.x | 4001 | TCP | Virtual Desktop VM (View/VDM Agent) | View/VDM Connection Server/View Manager | Java Messenger Service (JMS) |
| View/VDM 2.x | 4100 | TCP | View/VDM Connection Server/View Manager | View/VDM Connection Server/View Manager | Java Messenger Service (JMS) inter-router traffic |
| View/VDM 2.x | 8009 | TCP | View/VDM Security Server | View/VDM Connection Server/View Manager | Apache Jserv Protocol (AJP) |
| View/VDM 2.x | 8009 | TCP | View/VDM Connection Server/View Manager | View/VDM Security Server | Apache Jserv Protocol (AJP) |
| View/VDM 2.x | 42966 | TCP | View Client/View Client with Offline Desktop | ESX Host | (Optional) Hewlett-Packard RGS Sender Application is the server-side component of the HP RGS remote display protocol |
| VMware vCenter Chargeback 1.5# | 8080 | TCP | VMWare vCenter Chargeback Server | Client | HTTP |
| VMware vCenter Chargeback 1.5 | 8009 | TCP | VMWare vCenter Chargeback Server | Client | Load Balancer |
| VMware vCenter Chargeback 1.5 | 443 | TCP | VMWare vCenter Chargeback Server | Client | HTTPS |
| VMware vCenter Chargeback 1.5 | 25 | TCP | VMWare vCenter Chargeback Server | Client | SMTP |
| VMware vCenter Chargeback 1.5 | 389 | TCP/UDP | VMWare vCenter Chargeback Server | Client | LDAP |
| Virtual SAN# | 2233 | TCP | ESXi host | ESXi host | Inter Node Communication port |
| Virtual SAN | 12345 | UDP | ESXi host | ESXi host | Cluster Management – Multicast |
| Virtual SAN | 23451 | UDP | ESXi host | ESXi host | Cluster Management – Multicast |
| Virtual SAN | 8080 | TCP | VMware vSphere Profile-Driven Storage Service | ESXi host | Virtual SAN VASA Provider |
| vShield 1.x | 22 | TCP | vShield Manager | vShield agent | SSH traffic passing from vShield Manager to vShield agents |
| vShield 1.x# | 123 | UDP | vShield Time Synchronization | vShield Manager (NTP Server) | NTP time synchronization with vShield Manager server |
| vShield 1.x | 443 | TCP | Web browser/Client access | vShield Manager | Web browser using HTTPS to access vShield Manager user interface |
| vShield 1.x | 1162 | UDP | vShield Zones | vShield Manager | Sends SNMP trap messages from vShield agents to vShield Manager |
| vShield 4.x# | 22 | TCP | vShield Manager | vShield agent | SSH traffic passing from vShield Manager to vShield agents |
| vShield 4.x | 123 | UDP | vShield Time Synchronization | vShield Manager (NTP Server) | NTP time synchronization with vShield Manager server |
| vShield 4.x | 443 | TCP | Web browser/Client access | vShield Manager | Web browser using HTTPS to access vShield Manager user interface |
| vShield 4.x | 1162 | UDP | vShield Zones | vShield Manager | Sends SNMP trap messages from vShield agents to vShield Manager |
| vSphere Management Assistant# | 443 | TCP | vSphere Management Assistant | ESX Host | For SDK traffic |
VI / vSphere Client ports:
| Product | Port | Protocol | Source | Target | Purpose |
| Data Recovery | 22024 | TCP | Data Recovery vSphere Client Plug-in | Data Recovery Appliance | Data Recovery management |
| ESX 3.x | 80 | TCP | VI / vSphere client | ESXi/ESX Host | Redirect Web Browser to HTTPS Service (443) |
| ESX 3.x | 443 | TCP | VI / vSphere client | ESXi/ESX Host | VI / vSphere client to ESXi/ESX Host management connection |
| ESX 3.x | 902 | TCP | VI / vSphere client | ESXi/ESX Host | VI / vSphere client to ESXi/ESX hosted VM connectivity (MKS) |
| ESX 3.x | 903 | TCP | VI / vSphere client | ESXi/ESX Host | VM Remote Console |
| ESX 4.x | 80 | TCP | VI / vSphere client | ESXi/ESX Host | Redirect Web Browser to HTTPS Service (443) |
| ESX 4.x | 443 | TCP | vSphere Client | ESXi/ESX Host | vSphere Client to ESXi/ESX Host management connection |
| ESX 4.x | 902 | TCP | vSphere Client | ESXi/ESX Host | vSphere Client to ESXi/ESX hosted VM connectivity (MKS) |
| ESX 4.x | 903 | TCP | VI / vSphere client | ESXi/ESX Host | VM Remote Console (MKS) |
| ESXi 3.x | 80 | TCP | VI / vSphere client | ESXi/ESX Host | Redirect Web Browser to HTTPS Service (443) |
| ESXi 3.x | 443 | TCP | VI / vSphere client | ESXi/ESX Host | VI / vSphere client to ESXi/ESX Host management connection |
| ESXi 3.x | 902 | TCP | VI / vSphere client | ESXi/ESX Host | VI / vSphere client to ESXi/ESX hosted VM connectivity (MKS/Remote Console) |
| ESXi 3.x | 903 | TCP | VI / vSphere client | ESXi/ESX Host | VM Remote VM Console (MKS) |
| ESXi 4.x | 80 | TCP | VI / vSphere client | ESXi/ESX Host | Redirect Web Browser to HTTPS Service (443) |
| ESXi 4.x | 443 | TCP | VI / vSphere client | ESXi/ESX Host | VI / vSphere client to ESXi/ESX Host management connection |
| ESXi 4.x | 902 | TCP | VI / vSphere client | ESXi/ESX Host | VI / vSphere client to ESXi/ESX hosted VM connectivity (MKS/Remote Console) |
| ESXi 4.x | 903 | TCP | VI / vSphere client | ESXi/ESX Host | VM Remote Console (MKS) |
| ESXi 5.x | 22 | TCP | vSphere client | ESXi 5.x | SSH Server |
| ESXi 5.x | 80 | TCP | vSphere client | ESXi 5.x | Redirect Web Browser to HTTPS Service (443) |
| ESXi 5.x | 443 | TCP | VI / vSphere client | ESXi/ESX Host | VI / vSphere client to ESXi/ESX Host management connection |
| ESXi 5.x | 902 | TCP | vSphere Client | ESXi 5.x | vSphere Client access to virtual machine consoles (MKS) |
| vCenter 2.5.x | 80 | TCP | VI / vSphere client | vCenter Server | Redirect Web Browser to HTTPS Service (443) |
| vCenter 2.5.x | 443 | TCP | VI / vSphere client | vCenter Server | VI / vSphere client access to vCenter Server |
| vCenter 2.5.x | 903 | TCP | VI / vSphere client | vCenter Server | VI / vSphere client to VM Console |
| vCenter 4.x | 80 | TCP | VI / vSphere client | vCenter Server | Redirect Web Browser to HTTPS Service (443) |
| vCenter 4.x | 443 | TCP | vSphere Client | vCenter Server | vSphere Client access to vCenter Server |
| vCenter 4.x | 903 | TCP | VI / vSphere client | vCenter Server | VI / vSphere client to VM Console |
| vCenter 4.x | 8080 | TCP | VI / vSphere client | vCenter Server 4.x | VMware vCenter 4 Management Web Services - HTTP |
| vCenter 4.x | 8443 | TCP | VI / vSphere client | vCenter Server 4.x | VMware vCenter 4 Management Web Services - HTTPS |
| vCenter 5.x | 80 | TCP | vSphere client | vCenter Server | vCenter Server requires port 80 for direct HTTP connections. |
| vCenter 5.x | 443 | TCP | vSphere Client | vCenter Server | vCenter Server system uses to listen for connections from the vSphere Client. |
| vCenter 5.x | 902 | TCP/UDP | vSphere Client | ESXi 5.x | vSphere Client uses this ports to display virtual machine consoles. |
| vCenter 5.x | 903 | TCP | vSphere Client | ESX 3.5 and 4.x | Remote console traffic generated by user access to virtual machines. This applies to all ESXi/ESX versions. |
| vCenter 5.x | 8080 | TCP | vSphere client | vCenter Server | Web Services HTTP. Used for the VMware VirtualCenter Management Web Services. |
| vCenter 5.x | 8443 | TCP | vSphere client | vCenter Server | Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services. |
| vCenter 5.x | 9443 | TCP | vSphere client | vCenter Server | vSphere Web Client Access |
| vCenter 5.x | 10080 | TCP | vSphere client | vCenter Server | vCenter Inventory Service HTTP |
| vCenter 5.x | 10443 | TCP | vSphere client | vCenter Server | vCenter Inventory Service HTTPS |
No comments:
Post a Comment