Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

TCP and UDP Ports required to access VMware vCenter Server, VMware ESXi and ESX hosts, and other network components (1012382)

Purpose

These services and agents are commonly present in a VMware vSphere environment:
  • CIM HTTP server (insecure service)
  • CIM HTTPS server
  • FTP client (insecure service)
  • FTP server (insecure service)
  • iSCSI software client
  • NFS client (insecure service)
  • NFS server (insecure service)
  • NIS client
  • NTP client
  • SMB client (insecure service)
  • SNMP server
  • SSH client
  • SSH server
  • Syslog client
  • Telnet client (insecure service)
  • Telnet server (insecure service)
  • Other supported management agents that you install
vCenter Server, ESX hosts, and other network components are accessed using predetermined TCP and UDP ports. If you manage network components from outside a firewall, you may be required to reconfigure the firewall to allow access on the appropriate ports.

This article provides information on the ports required for VMware products.

For more information, see the documentation associated with your product:

Resolution

TCP and UDP ports should be modified for each of these products:

Note: Ports used with the Virtual Infrastructure / vSphere Client are listed in a separate table at the end of this article.

ProductPortProtocolSourceTargetPurpose
AppSpeed80TCPAppSpeed ServervCenter Server 4vCenter proxy interface. Used only during setup to verify the proxy is setup correctly. Port 80 is the default Web Service Port, but a different TCP port can be configured in vCenter Server 4.
AppSpeed443TCPAppSpeed ServervCenter Server 4Default port for communications. A different TCP port can be configured in vCenter Server 4.
AppSpeed22TCPAppSpeed ServerAppSpeed ProbeConnections to the probes to access the probes outside of the VPN.
AppSpeed123UDPAppSpeed ServerAppSpeed ProbeNTP services
AppSpeed1194TCP/UDPAppSpeed ServerAppSpeed ProbeCommunications over OpenVPN
Auto Deploy Server6501TCPESXivCenter ServerAuto Deploy service
Auto Deploy Server6502TCPESXivCenter ServerAuto Deploy management
Consolidated Backup443TCPVCB Proxy ServervCenter ServerRequired for VCB and vcbMounter communication and backup processes
Consolidated Backup443TCPVCB Proxy ServerESXi/ESX HostRequired for VCB and vcbMounter communication and backup processes
Converter 3.x137UDPvCenter Converter ServerSource Computer to be convertedFor hot migration. Not required if the source computer does not use NetBIOS
Converter 3.x138UDPvCenter Converter ServerSource Computer to be convertedFor hot migration. Not required if the source computer does not use NetBIOS
Converter 3.x139TCPvCenter Converter ServerSource Computer to be convertedFor hot migration. Not required if the source computer does not use NetBIOS
Converter 3.x443TCPSource Computer to be convertedESXi/ESX HostRequired for destination VM access when target is ESXi/ESX/vCenter
Converter 3.x443TCPSource Computer to be convertedvCenter ServerRequired if vCenter Server is the conversion target
Converter 3.x443TCPvCenter Converter ServervCenter ServerRequired if vCenter Server is the conversion target
Converter 3.x443TCPvCenter Converter ServerESXi/ESX HostRequired for system conversion
Converter 3.x445TCPvCenter Converter ServerSource Computer to be convertedRequired for system conversion. Not required if the source computer uses NetBIOS
Converter 3.x902TCPSource Computer to be convertedESXi/ESX HostRequired for data transport during cloning of system to be converted to target ESXi/ESX Host
Converter 4.x22TCPHelper Virtual MachineSource Computer to be convertedRequired for conversion of Linux-based source computers (data flows from source to VM)
Converter 4.x22TCPvCenter Converter ServerSource Computer to be convertedRequired for conversion of Linux-based source computers
Converter 4.x137UDPvCenter Converter ServerSource Computer to be convertedFor hot migration. Not required if the source computer does not use NetBIOS
Converter 4.x138UDPvCenter Converter ServerSource Computer to be convertedFor hot migration. Not required if the source computer does not use NetBIOS
Converter 4.x139TCPvCenter Converter ServerSource Computer to be convertedFor hot migration. Not required if the source computer does not use NetBIOS
Converter 4.x443TCPvCenter Converter ClientvCenter Converter ServerOnly required if the Converter Client and Converter Server were installed on different systems
Converter 4.x443TCPSource Computer to be convertedESXi/ESX HostRequired for destination VM access when target is ESXi/ESX/vCenter
Converter 4.x443TCPSource Computer to be convertedvCenter ServerRequired if vCenter Server is the conversion target
Converter 4.x443TCPvCenter Converter ServervCenter ServerRequired if vCenter Server is the conversion target
Converter 4.x443TCPvCenter Converter ServerESXi/ESX HostRequired for system conversion
Converter 4.x443TCPvCenter Converter ServerHelper Virtual MachineRequired for conversion of Linux-based source computers
Converter 4.x445TCPvCenter Converter ServerSource Computer to be convertedRequired for system conversion. Not required if the source computer uses NetBIOS
Converter 4.x902TCPSource Computer to be convertedESXi/ESX HostRequired for data transport during cloning of system to be converted to target ESXi/ESX Host
Converter 4.x9089, 9090TCPvCenter Converter ServerSource Computer to be convertedRequired for system conversion. Remote agent deployment
Converter 5.x22TCPConverter Standalone serverpowered-on source machineUsed to establish an SSH connection between the Converter Standalone server and the source Linux machine
Converter 5.x137UDPConverter Standalone serverpowered-on source machineFor hot migration. Not required if the source computer does not use NetBIOS
Converter 5.x138UDPConverter Standalone serverpowered-on source machineFor hot migration. Not required if the source computer does not use NetBIOS
Converter 5.x139TCPConverter Standalone serverpowered-on source machineFor hot migration. Not required if the source computer does not use NetBIOS
Converter 5.x443TCPConverter Standalone servervCenter ServerRequired only if theconversion destination is a vCenter Server
Converter 5.x443TCPConverter Standalone clientConverter Standalone serverRequired only if the Converter Standalone server and Linux client components are on different machines
Converter 5.x443TCPConverter Standalone clientvCenter serverRequired only if the Converter Standalone server and client components are on different machines
Converter 5.x22TCPPowered-on Source Linux machineESXi/ESX HostUses secure connection port 22 to Host
Converter 5.x443, 902TCPPowered-on Source Windows machineESXi/ESX HostRequired for data transfer to destination ESXi/ESX host
Converter 5.x445TCPConverter Standalone serverpowered-on source machineRequired for system conversion. Not required if the source computer uses NetBIOS
Converter 5.x9089TCPConverter Standalone serverpowered-on source machineRequired for system conversion. Remote agent deployment
Data Recovery443TCPData Recovery AppliancevCenter ServerVDR to vCenter Server communications
Data Recovery902TCPData Recovery ApplianceESX HostVDR to ESX communications
Data Recovery22024TCPData Recovery vSphere Client Plug-inData Recovery ApplianceData Recovery management
ESX 3.x21TCPFTP ClientESX HostFTP
ESX 3.x21TCPESX HostFTP ServerFTP
ESX 3.x22TCPSSH ClientESX HostSSH
ESX 3.x22TCPESX HostSSH ServerSSH
ESX 3.x53UDPESXi/ESX HostDNS ServerDNS
ESX 3.x80TCPClient PCESXi/ESX HostRedirect Web Browser to HTTPS Service (443)
ESX 3.x88TCPESX HostActive Directory ServerPAM Active Directory Authentication - Kerberos
ESX 3.x111UDPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESX 3.x111TCPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESX 3.x123UDPESXi/ESX HostNTP Time ServerNTP Client
ESX 3.x137 to 139TCPESX HostSMB ServerSMB
ESX 3.x161UDPSNMP ServerESX HostSNMP Polling
ESX 3.x162UDPESX HostSNMP CollectorSNMP Trap Send
ESX 3.x389TCP/UDPESX HostLDAP ServerPAM Active Directory Authentication – LDAP
ESX 3.x427UDPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESX 3.x427TCPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESX 3.x443TCPClient PCESX HostHost VI Management via web browser
ESX 3.x443TCPVI / vSphere ClientESXi/ESX HostVI / vSphere Client to ESXi/ESX Host management connection
ESX 3.x443TCPESXi/ESX HostESXi/ESX HostHost to host VM migration and provisioning
ESX 3.x445TCPESX HostSMB ServerSMB
ESX 3.x445TCPESX HostMS Directory Services ServerPAM Active Directory Authentication
ESX 3.x445UDPESX HostMS Directory Services ServerPAM Active Directory Authentication
ESX 3.x464TCPESX HostActive Directory ServerPAM Active Directory Authentication – Kerberos Password Services
ESX 3.x514UDPESXi/ESX HostSyslog ServerRemote syslog logging
ESX 3.x902TCPVI /vSphere ClientESXi/ESX HostVI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS)
ESX 3.x902TCP/UDPESXi/ESX HostESXi/ESX HostAuthentication, Provisioning, VM Migration
ESX 3.x902TCP/UDPESXi/ESX HostVirtual Center 3.x/ vCenter Server 4.xHeartbeat
ESX 3.x903TCPVI / vSphere ClientESXi/ESX HostVM Remote Console
ESX 3.x2049UDPESXi/ESX HostNFS ServerNFS Client
ESX 3.x2049TCPESXi/ESX HostNFS ServerNFS Client
ESX 3.x2050 to 2250UDPESXi/ESX HostESXi/ESX HostVMware HA
ESX 3.x3260TCPESXi/ESX HostiSCSI SANSoftware iSCSI Client and Hardware iSCSI HBA
ESX 3.x5988TCPESXi/ESX HostESXi/ESX HostCIM Client to CIM Secure Server
ESX 3.x5989TCPESXi/ESX HostVirtualCenter/vCenter ServerCIM Secure Server to CIM Client
ESX 3.x5989TCPVirtualCenter/vCenter ServerESXi/ESX HostCIM Client to CIM Secure Server
ESX 3.x8000TCPESXi/ESX Host (VM Target)ESXi/ESX Host (VM Source)VMotion Communication on VMKernel Interface
ESX 3.x8000TCPESXi/ESX Host (VM Source)ESXi/ESX Host (VM Target)VMotion Communication on VMKernel Interface
ESX 3.x8042 to 8045TCPESXi/ESX HostESXi/ESX HostVMware HA
ESX 3.x27000TCPESXi/ESX HostVMware License ServerESXi/ESX 3.x Host to License Server communication
ESX 3.x27010TCPESXi/ESX HostVMware License ServerESXi/ESX 3.x Host to License Server communication
ESX 4.x21TCPFTP ClientESX HostFTP
ESX 4.x21TCPESX HostFTP ServerFTP
ESX 4.x22TCPESX HostSSH ServerSSH
ESX 4.x22TCPSSH ClientESX HostSSH
ESX 4.x53UDPESXi/ESX HostDNS ServerDNS
ESX 4.x80TCPClient PCESXi/ESX HostRedirect Web Browser to HTTPS Service (443)
ESX 4.x88TCPESX HostActive Directory ServerPAM Active Directory Authentication - Kerberos
ESX 4.x111UDPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESX 4.x111TCPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESX 4.x123UDPESXi/ESX HostNTP Time ServerNTP Client
ESX 4.x137 to 139TCPESX HostSMB ServerSMB
ESX 4.x161UDPSNMP ServerESX HostSNMP Polling
ESX 4.x162UDPESX HostSNMP CollectorSNMP Trap Send
ESX 4.x389TCP/UDPESX HostLDAP ServerPAM Active Directory Authentication – LDAP
ESX 4.x427UDPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESX 4.x427TCPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESX 4.x443TCPESXi/ESX HostESXi/ESX HostHost to Host VM migration and provisioning
ESX 4.x443TCPClient PCESX HostHost VI Management via web browser
ESX 4.x443TCPvSphere ClientESXi/ESX HostvSphere Client to ESXi/ESX Host management connection
ESX 4.x445UDPESX HostMS Directory Services ServerPAM Active Directory Authentication
ESX 4.x445TCPESX HostMS Directory Services ServerPAM Active Directory Authentication
ESX 4.x445TCPESX HostSMB ServerSMB
ESX 4.x464TCPESX HostActive Directory ServerPAM Active Directory Authentication – Kerberos Password Services
ESX 4.x514UDPESXi/ESX HostSyslog ServerRemote syslog logging
ESX 4.x902TCPvSphere ClientESXi/ESX HostvSphere Client to ESXi/ESX hosted VM connectivity (MKS)
ESX 4.x902TCP/UDPESXi/ESX HostESXi/ESX HostAuthentication, Provisioning, VM Migration
ESX 4.x902TCP/UDPESXi/ESX HostvCenter Server 4.xHeartbeat
ESX 4.x903TCPVI / vSphere ClientESXi/ESX HostVM Remote Console (MKS)
ESX 4.x1024 (dynamic)TCP/UDPESX HostActive Directory ServerBi-directional communication on TCP/UDP ports is required between the ESX host and the Active Directory Domain Controller (via the netlogond process on the ESX host). See Active Directory and Active Directory Domain Services Port Requirements and the Microsoft Knowledge Base article 179442.
ESX 4.x2049UDPESXi/ESX HostNFS ServerNFS Client
ESX 4.x2049TCPESXi/ESX HostNFS ServerNFS Client
ESX 4.x2050 to 2250UDPESXi/ESX HostESXi/ESX HostVMware HA
ESX 4.x3260TCPESXi/ESX HostiSCSI SANSoftware iSCSI Client and Hardware iSCSI HBA
ESX 4.x5900 to 5964TCPESXi/ESX HostESXi/ESX HostRFB Protocol used by management toolssuch as VNC
ESX 4.x5988TCPESXi/ESX HostESXi/ESX HostCIM Client to CIM Secure Server
ESX 4.x5989TCPVirtualCenter/vCenterESXi/ESX HostCIM Client to CIM Secure Server
ESX 4.x5989TCPESXi/ESX HostVirtualCenter/vCenterCIM Secure Server to CIM Client
ESX 4.x8000TCPESXi/ESX Host (VM Target)ESXi/ESX Host (VM Source)VMotion Communication on VMKernel Interface
ESX 4.x8000TCPESXi/ESX Host (VM Source)ESXi/ESX Host (VM Target)VMotion Communication on VMKernel Interface
ESX 4.x8042 to 8045TCPESXi/ESX HostESXi/ESX HostVMware HA
ESX 4.x47UDPESXi/ESX HostPhysical SwitchesvDS (Virtual Distributed Switch) Broadcast
ESX 4.x8100TCP/UDPESXi/ESX 4 HostESXi/ESX 4.x HostVMware Fault Tolerance. ESXi/ESX 4 only.
ESX 4.x8200TCP/UDPESXi/ESX 4 HostESXi/ESX 4.x HostVMware Fault Tolerance. ESXi/ESX 4 only.
ESX 4.x8301UDPESXi/ESX 4.x HostESXi/ESX 4.xDVS Port Information
ESX 4.x8302UDPESXi/ESX 4.x HostESXi/ESX 4.x HostDVS Port Information
ESXi 3.x53UDPESXi/ESX HostDNS ServerDNS
ESXi 3.x80TCPClient PCESXi/ESX HostRedirect Web Browser to HTTPS Service (443)
ESXi 3.x111TCPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESXi 3.x111UDPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESXi 3.x123UDPESXi/ESX HostNTP Time ServerNTP Client
ESXi 3.x162UDPESX HostSNMP CollectorSNMP Trap Send
ESXi 3.x427UDPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESXi 3.x427TCPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESXi 3.x443TCPVI / vSphere ClientESXi/ESX HostVI / vSphere Client to ESXi/ESX Host management connection
ESXi 3.x443TCPESXi/ESX HostESXi/ESX HostHost to host VM migration and provisioning
ESXi 3.x514UDPESXi/ESX HostSyslog ServerRemote syslog logging
ESXi 3.x902TCPVI / vSphere ClientESXi/ESX HostVI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS/Remote Console)
ESXi 3.x902TCP/UDPESXi/ESX HostESXi/ESX HostAuthentication, Provisioning, VM Migration
ESXi 3.x902TCP/UDPESXi/ESX HostVirtual Center 3.x/ vCenter Server 4.xHeartbeat
ESXi 3.x903TCPVI / vSphere ClientESXi/ESX HostVM Remote VM Console (MKS)
ESXi 3.x2049TCPESXi/ESX HostNFS ServerNFS Client
ESXi 3.x2049UDPESXi/ESX HostNFS ServerNFS Client
ESXi 3.x2050 to 2250UDPESXi/ESX HostESXi/ESX HostVMware HA
ESXi 3.x3260TCPESXi/ESX HostiSCSI SANSoftware iSCSI Client and Hardware iSCSI HBA
ESXi 3.x5988TCPESXi/ESX HostESXi/ESX HostCIM Client to CIM Secure Server
ESXi 3.x5989TCPVirtualCenter/vCenterESXi/ESX HostCIM Client to CIM Secure Server
ESXi 3.x5989TCPESXi/ESX HostVirtualCenter/vCenterCIM Secure Server to CIM Client
ESXi 3.x8000TCPESXi/ESX Host (VM Target)ESXi/ESX Host (VM Source)VMotion Communication on VMKernel Interface
ESXi 3.x8000TCPESXi/ESX Host (VM Source)ESXi/ESX Host (VM Target)VMotion Communication on VMKernel Interface
ESXi 3.x8042 to 8045TCPESXi/ESX HostESXi/ESX HostVMware HA
ESXi 3.x27000TCPESXi/ESX HostVMware License ServerESXi/ESX 3.x Host to License Server communication
ESXi 3.x27010TCPESXi/ESX HostVMware License ServerESXi/ESX 3.x Host to License Server communication
ESXi 4.x53UDPESXi/ESX HostDNS ServerDNS
ESXi 4.x80TCPClient PCESXi/ESX HostRedirect Web Browser to HTTPS Service (443)
ESXi 4.x88TCPESXi hostActive Directory ServerPAM Active Directory Authentication - Kerberos
ESXi 4.x111TCPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESXi 4.x111UDPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESXi 4.x123UDPESXi/ESX HostNTP Time ServerNTP Client
ESXi 4.x161UDPSNMP ServerESXi 4.x HostSNMP Polling. Not used in ESXi 3.x
ESXi 4.x162UDPESXi HostSNMP CollectorSNMP Trap Send
ESXi 4.x389TCP/UDPESXi hostLDAP ServerPAM Active Directory Authentication - Kerberos
ESXi 4.x427UDPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESXi 4.x427TCPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESXi 4.x443TCPVI / vSphere ClientESXi/ESX HostVI / vSphere Client to ESXi/ESX Host management connection
ESXi 4.x443TCPESXi/ESX HostESXi/ESX HostHost to host VM migration and provisioning
ESXi 4.x445UDPESXi hostMS Directory Services ServerPAM Active Directory Authentication
ESXi 4.x445TCPESXi hostMS Directory Services ServerPAM Active Directory Authentication
ESXi 4.x445TCPESXi hostSMB ServerSMB Server
ESXi 4.x464TCPESXi hostActive Directory ServerPAM Active Directory Authentication - Kerberos
ESXi 4.x514UDPESXi/ESX HostSyslog ServerRemote syslog logging
ESXi 4.x902TCPVI / vSphere ClientESXi/ESX HostVI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS/Remote Console)
ESXi 4.x902TCP/UDPESXi/ESX HostESXi/ESX HostAuthentication, Provisioning, VM Migration
ESXi 4.x902TCP/UDPESXi/ESX HostvCenter 4 ServerHeartbeat
ESXi 4.x902TCPVI / vSphere ClientESXi/ESX HostVM Remote VM Console (MKS)
ESXi 4.x1024 (dynamic)TCP/UDPESXi HostActive Directory ServerBi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). See Active Directory and Active Directory Domain Services Port Requirements and the Microsoft Knowledge Base article 179442.
ESXi 4.x2049TCPESXi/ESX HostNFS ServerNFS Client
ESXi 4.x2049UDPESXi/ESX HostNFS ServerNFS Client
ESXi 4.x2050 to 2250UDPESXi/ESX HostESXi/ESX HostVMware HA
ESXi 4.x3260TCPESXi/ESX HostiSCSI SANSoftware iSCSI Client and Hardware iSCSI HBA
ESXi 4.x5900to 5964TCPESXi/ESX HostESXi/ESX HostRFB Protocol used by management toolssuch as VNC
ESXi 4.x5988TCPESXi/ESX HostESXi/ESX HostCIM Client to CIM Secure Server
ESXi 4.x5989TCPVirtualCenter/vCenterESXi/ESX HostCIM Client to CIM Secure Server
ESXi 4.x5989TCPESXi/ESX HostVirtualCenter/vCenterCIM Secure Server to CIM Client
ESXi 4.x8000TCPESXi/ESX Host (VM Target)ESXi/ESX Host (VM Source)VMotion Communication on VMkernel Interface
ESXi 4.x8000TCPESXi/ESX Host (VM Source)ESXi/ESX Host (VM Target)VMotion Communication on VMkernel Interface
ESXi 4.x47UDPESXi/ESX HostPhysical SwitchesvDS (Virtual Distributed Switch) Broadcast
ESXi 4.x8042 to 8045TCPESXi/ESX HostESXi/ESX HostVMware HA
ESXi 4.x8100TCP/UDPESXi/ESX 4 HostESXi/ESX 4.x HostVMware Fault Tolerance. ESXi/ESX 4 only.
ESXi 4.x8200TCP/UDPESXi/ESX 4 HostESXi/ESX 4.x HostVMware Fault Tolerance. ESXi/ESX 4 only.
ESXi 4.x8301UDPESXi/ESX 4.x HostESXi/ESX 4.x HostDVS Port Information
ESXi 4.x8302UDPESXi/ESX 4.x HostESXi/ESX 4.x HostDVS Port Information
ESXi 5.x22TCPClient PCESXi HostSSH Server
ESXi 5.x53UDPESXi 5.xDNS ServerDNS Client
ESXi 5.x68UDPESXi 5.xDHCP ServerDHCP Client
ESXi 5.x80TCPClient PCESXi HostRedirect Web Browser to HTTPS Service (443)
ESXi 5.x88TCPESXi hostActive Directory ServerPAM Active Directory Authentication - Kerberos
ESXi 5.x111TCPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESXi 5.x111UDPESXi/ESX HostNFS ServerNFS Client – RPC Portmapper
ESXi 5.x123UDPESXi/ESX HostNTP Time ServerNTP Client
ESXi 5.x161UDPSNMP ServerESXi HostSNMP Polling. Not used in ESXi 3.x
ESXi 5.x162UDPESXi HostSNMP CollectorSNMP Trap Send
ESXi 5.x389TCP/UDPESXi hostLDAP ServerPAM Active Directory Authentication - Kerberos
ESXi 5.x427UDPVI / vSphere ClientESXi/ESX HostCIM Service Location Protocol (SLP)
ESXi 5.x443TCPVI / vSphere ClientESXi/ESX HostVI / vSphere Client to ESXi/ESX Host management connection
ESXi 5.x443TCPESXi/ESX HostESXi/ESX HostHost to host VM migration and provisioning
ESXi 5.x445UDPESXi hostMS Directory Services ServerPAM Active Directory Authentication
ESXi 5.x445TCPESXi hostMS Directory Services ServerPAM Active Directory Authentication
ESXi 5.x445TCPESXi hostSMB ServerSMB Server
ESXi 5.x464TCPESXi hostActive Directory ServerPAM Active Directory Authentication - Kerberos
ESXi 5.x514UDP/TCPESXi 5.xSyslog ServerRemote syslog logging
ESXi 5.x902TCP/UDPESXi 5.xESXi HostHost access to other hosts for migration and provisioning
ESXi 5.x902TCPvSphere ClientESXi HostvSphere Client access to virtual machine consoles (MKS)
ESXi 5.x902TCP/UDPESXi 5.xvCenter Server(UDP) Status update (heartbeat) connection from E SXi to vCenter Server
ESXi 5.x1024 (dynamic)TCP/UDPESXi HostActive Directory ServerBi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). See Active Directory and Active Directory Domain Services Port Requirements and the Microsoft Knowledge Base article 179442.
ESXi 5.x2049TCPESXi 5.xNFS ServerTransactions from NFS storage devices
ESXi 5.x2049UDPESXi 5.xNFS ServerTransactions from NFS storage devices
ESXi 5.x3260TCPESXi 5.xiSCSI storage serverTransactions to iSCSI storage devices
ESXi 5.x5900 to 5964TCPESXi 5.xESXi HostRFB protocol, which is used by management tools such as VNC
ESXi 5.x5988TCPCIM ServerESXi HostCIM transactions over HTTP
ESXi 5.x5989TCPvCenter ServerESXi HostCIM XML transactions over HTTPS
ESXi 5.x5989TCPESXi 5.xvCenter ServerCIM XML transactions over HTTPS
ESXi 5.x8000TCPESXi 5.x (VM Target)ESXi (VM Source)Requests from vMotion
ESXi 5.x8000TCPESXi 5.x (VM Source)ESXi (VM Target)Requests from vMotion
ESXi 5.x8100TCP/UDPESXi 5.xESXi HostTraffic between hosts for vSphere Fault Tolerance (FT)
ESXi 5.x8182TCP/UDPESXi 5.xESXi HostTraffic between hosts for vSphere High Availability (vSphere HA)
ESXi 5.x8200TCP/UDPESXi 5.xESXi HostTraffic between hosts for vSphere Fault Tolerance (FT)
ESXi 5.x8301UDPESXi 5.xESXi HostDVS Port Information
ESXi 5.x8302UDPESXi 5.xESXi HostDVS Port Information
ESXi 5.x31000TCPSPS ServervCenterInternal Communication Port
ESXi Dump Collector6500UDPESXivCenter ServerNetwork coredump server
ESXi Dump Collector8000TCPESXivCenter ServerNetwork coredump web port
ESXi Syslog Collector8001TCPESXivCenter ServerNetwork syslog server
Guided Consolidation135TCP/UDPConsolidation Target (Physical Server)vCenter Converter ServerMicrosoft DCE Locator Service, also known at End-Point Mapper
Guided Consolidation137TCP/UDPConsolidation Target (Physical Server)vCenter Converter ServerNetBIOS names service. Firewall administrators frequently see larger numbers of incoming packets to port 137. This is because of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the gethostbyaddr() function. As users behind the firewalls visit Windows-based Web sites, those servers frequently respond with NetBIOS lookups.
Guided Consolidation138TCP/UDPConsolidation Target (Physical Server)vCenter Converter ServerNetBIOS datagram Used by Windows, as well as UNIX services (such as SAMBA). Port 138 is used primarily by the SMB browser service that obtains Network Neighborhood information.
Guided Consolidation139TCP/UDPConsolidation Target (Physical Server)vCenter Converter ServerNetBIOS Session Windows File and Printer sharing.
Guided Consolidation445TCP/UDPConsolidation Target (Physical Server)vCenter Converter ServerDNS Direct Hosting port. In Windows 2000 and Windows XP, redirector and server components now support direct hosting for communicating with other computers running Windows 2000 or Windows XP. Direct hosting does not use NetBIOS for name resolution. DNS is used for name resolution, and the Microsoft networking communication is sent directly over TCP without a NetBIOS header. Direct hosting over TCP/IP uses TCP and UDP port 445 instead of the NetBIOS session TCP port 139.
Heartbeat52267TCPvCenter Server Heartbeat ConsolevCenter Server Heartbeat ServerClient Connection Port
Heartbeat57348TCPvCenter Server Primary ServervCenter Server Secondary ServerDefault Channel Port to communicate between Primary and Secondary server
Lab Manager137UDPESXi/ESX HostSMB File ServerSMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x
Lab Manager138UDPESXi/ESX HostSMB File ServerSMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x
Lab Manager139TCPESXi/ESX HostSMB File ServerSMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x
Lab Manager389TCP/UDPLab Manager ServerLDAP ServerLDAP Authentication (optional)
Lab Manager443TCPClient PCLab Manager ServerLab Manager Console (Web Browser)
Lab Manager443TCPLab Manager ServervCenter ServerLab Manager to vCenter Server Communication
Lab Manager445TCPESXi/ESX HostSMB File ServerSMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x
Lab Manager514TCPLab Manager ServerVirtual RouterUpdate IP tables and routing on the vRouter
Lab Manager636TCPLab Manager ServerLDAP ServerLDAPS Authentication (optional)
Lab Manager1433TCPLab Manager ServerMicrosoft SQL ServerLab Manager Connectivity to Microsoft SQL Server (for LM database)
Lab Manager5212TCPLab Manager ServerESXi/ESX HostLab Manager Agent. ESXi requires Lab Manager 4.x
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)25TCPvRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator)SMTP ServerEmail notifications
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)80TCPvRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator)vCenter ServerUsed to obtain virtual infrastructure and virtual machine information from orchestrated vCenter Server(s) through the vCenter API (Shared sessions)
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)389TCP/UDPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServerLDAP ServerLDAP Authentication
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)443TCPvRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator)vCenter ServerUsed to obtain virtual infrastructure and virtual machine information from orchestrated vCenter Server(s) through the vCenter API
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)636TCPvRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator)LDAP ServervRealize Orchestrator (formerly known as VMware vCenter Orchestrator) uses LDAP authentication and group membership to determine role authorization in LCM and access to VMs/requests. This is the SSL secured LDAP protocol LDAPS (the SSL pendent of 389). This is used for secured LDAP authentication
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)1433TCPvRealize Orchestartor ServerMicrosoft SQL ServervRealize Orchestrator Server to Microsoft SQL Server for vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Database
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)1521TCPvRealize Orchestrator ServerOracle Database ServervRealize Orchestrator Server to Oracle for vRealize Orchestrator Database
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)3306TCPvRealize Orchestrator ServerMySQL ServervRealize Orchestrator Server to MySQL Server for vRealize Orchestrator Database
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)5432TCPvRealize Orchestrator ServerPostgresSQL ServervRealize Orchestrator Server to PostgresSQL Server for vRealize Orchestrator Database
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8230TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ClientvRealize Orchestrator ServerLookup port – The main port to communicate with vRealize Orchestrator Configurator server (JNDI port). All other ports communicate with the vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Configurator smart client through this one. It is part of the JBoss Application server infrastructure
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8240TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ClientvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServerCommand port – The application communication port (RMI container port), it is used for remote invocations. It is part of the JBoss Application server infrastructure.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8244TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ClientvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServerData port used to access all vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) data models, such as workflows and policies. It is part of the JBoss application server infrastructure.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8250TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ClientvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServerMessaging port – The Java messaging port used to dispatch events. It is part of the JBoss Application server infrastructure
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8280TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServervRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServerPort used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to the Web front-end via HTTP
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8281TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServervRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServerPort used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to the Web front-end via HTTPS
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8281TCPvCenter ServervRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServerPort used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to vCenter Server to communicate with the vCenter API
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8282TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PCvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) ServerHTTP server port – Port used by the HTTP connector to connect to the Web frontend.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8283TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PCvRealize Orchestrator ServerHTTPS server port – Port used by HTTP connector to connect to the Web frontend. Requires Jetty to be configured for SSL.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8286TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PCvRealize Orchestrator ServerJava messaging port used for dispatching events.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator)8287TCPvRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PCvRealize Orchestrator ServerSSL secured Java messaging port used for dispatching events.
Stage Manager137UDPESX HostSMB File ServerSMB File Sharing for Importing/Exporting VMs
Stage Manager138UDPESX HostSMB File ServerSMB File Sharing for Importing/Exporting VMs
Stage Manager139TCPESX HostSMB File ServerSMB File Sharing for Importing/Exporting VMs
Stage Manager389TCP/UDPStage Manager ServerLDAP ServerLDAP Authentication (optional)
Stage Manager443TCPClient PCStage Manager ServerStage Manager Console (Web Browser)
Stage Manager443TCPStage Manager ServerESX HostStage Manager Server communication with ESX Host Agent
Stage Manager443TCPStage Manager ServervCenter ServerStage Manager Server communication with vCenter Server
Stage Manager445TCPESX HostSMB File ServerSMB File Sharing for Importing/Exporting VMs
Stage Manager514TCPStage Manager ServerESX HostESX Host Virtual Router
Stage Manager636TCPStage Manager ServerLDAP ServerLDAPS Authentication (optional)
Stage Manager5212TCPStage Manager ServerESX HostStage Manager Agent
Update Manager80TCPUpdate Manager Serverwww.vmware.com and xml.shavlik.comTo obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com
Update Manager80TCPESXi/ESX HostUpdate Manager HostESXi/ESX Host to Update Manager Server. The reverse proxy forwards the request to port 9084
Update Manager80TCPUpdate Manager ServervCenter ServerUpdate Manager to vCenter Server communication
Update Manager443TCPUpdate Manager Serverwww.vmware.com and xml.shavlik.comTo obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com
Update Manager443TCPESXi/ESX HostUpdate Manager ServerESXi/ESX Host to Update Manager Server . The reverse proxy forwards the request to port 9084
Update Manager443TCPvCenter ServerUpdate Manager ServervCenter Server to Update Manager Server. The reverse proxy forwards the request to port 8084
Update Manager735TCPUpdate Manager ServerVirtual MachinesUpdate Managerlistenerport (rdevServer.exe) part of theRemote Device Server used for virtual machine patching.
Update Manager902TCPUpdate Manager ServerESXi/ESX HostTo push patches and updates from Update Manager to the ESXi/ESX Hosts to be updated
Update Manager1433TCPUpdate Manager ServerMicrosoft SQL ServerUpdate Manager to Microsoft SQL Server connectivity (for UM Database)
Update Manager1521TCPUpdate Manager ServerOracle Database ServerUpdate Manager to Oracle connectivity (for UM Database)
Update Manager8084TCPUpdate Manager ServerUpdate Manager Client PluginSOAP between components of Update Manager Server and the vCenter Update Manager client plug-in. Configurable at install.
Update Manager9084TCPESXi/ESX hostUpdate Manager ServerESXi/ESX hosts connect to the VUM (VMware Update Manager) webserver listening for updates. Configurable at install.
Update Manager9087TCPUpdate Manager ServerUpdate Manager Client PluginPort used for uploading host update files. Configurable at install.
Update Manager9000 to 9100TCPESXi/ESX HostUpdate Manager ServerThis is the recommend port range from which to choose ports for Update Manager if ports 80 and 443 are already in use. Update Manager automatically opens these ports for ESX Host scanning and remediation.
vCenter 2.5.x25TCPvCenter ServerSMTP ServerEmail notifications
vCenter 2.5.x53UDPvCenter ServerDNS ServerDNS lookups
vCenter 2.5.x80TCPClient PCvCenter ServerRedirect Web Browser to HTTPS Service (443)
vCenter 2.5.x88TCPvCenter ServerActive Directory ServerAD Authentication
vCenter 2.5.x88UDPvCenter ServerActive Directory ServerAD Authentication
vCenter 2.5.x161UDPSNMP ServervCenter ServerSNMP Polling
vCenter 2.5.x162UDPvCenter ServerSNMP ServerSNMP Trap Send
vCenter 2.5.x389TCP/UDPvCenter ServerLDAP ServerLDAP Authentication
vCenter 2.5.x443TCPvCenter ServerESXi/ESX HostvCenter Agent
vCenter 2.5.x443TCPClient PCvCenter ServerVI Web Access (Web Browser)
vCenter 2.5.x443TCPVI / vSphere ClientvCenter ServerVI / vSphere Client access to vCenter Server
vCenter 2.5.x445TCPvCenter ServerActive Directory ServerAD Authentication
vCenter 2.5.x445UDPvCenter ServerActive Directory ServerAD Authentication
vCenter 2.5.x902TCP/UDPvCenter ServerESXi/ESX HostHeartbeat
vCenter 2.5.x902TCP/UDPESXi/ESX HostvCenter ServerHeartbeat
vCenter 2.5.x903TCPClient PCvCenter ServerVI / vSphere Client to VM Console
vCenter 2.5.x903TCPvCenter ServerESXi/ESX HostVI / vSphere Client to VM Console (after connection established between VI / vSphere Client and vCenter)
vCenter 2.5.x1433TCPvCenter ServerMicrosoft SQL ServerFor vCenter Microsoft SQL Server Database
vCenter 2.5.x1521TCPvCenter ServerOracle Database ServerFor vCenter Oracle Database
vCenter 2.5.x5989TCPVirtualCenter/vCenterESXi/ESX HostvCenter to ESX
vCenter 2.5.x5989TCPESXi/ESX HostVirtualCenter/vCenterESX to vCenter
vCenter 2.5.x8005TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 2.5.x8006TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 2.5.x8083TCPvCenter ServervCenter ServerInternal Service Diagnostics
vCenter 2.5.x8085TCPvCenter ServervCenter ServerInternal Service Diagnostics/SDK
vCenter 2.5.x8086TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 2.5.x8087TCPvCenter ServervCenter ServerInternal Service Diagnostics
vCenter 2.5.x27000TCPvCenter ServerVMware License ServerLicensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 2.5.x27000TCPVMware License ServervCenter ServerLicensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 2.5.x27010TCPvCenter ServerVMware License ServerLicensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 2.5.x27010TCPVMware License ServervCenter ServerLicensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.x25TCPvCenter ServerSMTP ServerEmail notifications
vCenter 4.x53UDPvCenter ServerDNS ServerDNS lookups
vCenter 4.x80TCPClient PCvCenter ServerRedirect Web Browser to HTTPS Service (443)
vCenter 4.x80TCPvCenter ServerESXi/ESX 4.xDPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter 4.x88UDPvCenter ServerActive Directory ServerAD Authentication
vCenter 4.x88TCPvCenter ServerActive Directory ServerAD Authentication
vCenter 4.x135TCPvCenter ServervCenter ServerLinked Mode
vCenter 4.x161UDPSNMP ServervCenter ServerSNMP Polling
vCenter 4.x162UDPvCenter ServerSNMP ServerSNMP Trap Send
vCenter 4.x389TCP/UDPvCenter ServerLinked vCenter ServersBi-directional LDAP authentication with Kerberos encryption on TCP port 389 is required between all vCenters that need to replicate.
vCenter 4.x443TCPvCenter ServerESXi/ESX HostvCenter Agent
vCenter 4.x443TCPvCenter ServerESXi/ESX 4.xHost DPM with HP iLO Remote Management and Control Protocol
vCenter 4.x443TCPClient PCvCenter ServerVI Web Access (Web Browser)
vCenter 4.x443TCPvSphere ClientvCenter ServervSphere Client access to vCenter Server
vCenter 4.x445TCPvCenter ServerActive Directory ServerAD Authentication
vCenter 4.x445UDPvCenter ServerActive Directory ServerAD Authentication
vCenter 4.x623UDPvCenter ServerESXi/ESX 4.x HostDPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter 4.x636TCPvCenter ServerLinked vCenter ServersLinked mode connectivity between vCenter Servers
vCenter 4.x902TCP/UDPvCenter ServerESXi/ESX HostHeartbeat
vCenter 4.x902TCP/UDPESXi/ESX HostvCenter ServerHeartbeat
vCenter 4.x903TCPClient PCvCenter ServerVI / vSphere Client to VM Console
vCenter 4.x902TCPvCenter ServerESXi/ESX HostVI / vSphere Client to VM Console (after connection established between VI / vSphere Client and vCenter)
vCenter 4.x1024 (dynamic)RPCLinked vCenter ServersLinked vCenter ServersBi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all vCenters that own an object it needs to manage.
vCenter 4.x1433TCPvCenter ServerMicrosoft SQL ServerFor vCenter Microsoft SQL Server Database
vCenter 4.x1521TCPvCenter ServerOracle Database ServerFor vCenter Oracle Database
vCenter 4.x5989TCPvCenter ServerESXi/ESX HostvCenter to ESX
vCenter 4.x5989TCPESXi/ESX HostvCenter ServerESX to vCenter
vCenter 4.x8005TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 4.x8006TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 4.x8080TCPClient PCvCenter Server 4.xVMware vCenter 4 Management Web Services - HTTP
vCenter 4.x8083TCPvCenter ServervCenter ServerInternal Service Diagnostics
vCenter 4.x8085TCPvCenter ServervCenter ServerInternal Service Diagnostics/SDK
vCenter 4.x8086TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 4.x8087TCPvCenter ServervCenter ServerInternal Service Diagnostics
vCenter 4.x8089TCPvCenter ServervCenter ServerSDK Tunneling Port
vCenter 4.x8443TCPClient PCvCenter Server 4.xVMware vCenter 4 Management Web Services - HTTPS
vCenter 4.x8443TCPvCenter ServervCenter ServerLinked Mode
vCenter 4.x27000TCPvCenter ServerVMware License ServerLicensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.x27000TCPVMware License ServervCenter ServerLicensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.x27010TCPvCenter ServerVMware License ServerLicensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.x27010TCPVMware License ServervCenter ServerLicensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.160099TCPvCenter ServervCenter Server ServicesThis port is for internal communication between vCenter Server and its solutions. Specifically, it is used to exchange messages about inventory. If you do not have it open, a solution that integrates with vCenter Server using this service may be affected.
vCenter 5.x25TCPvCenter ServerSMTP ServerEmail notifications
vCenter 5.x53UDPvCenter ServerDNS ServerDNS lookups
vCenter 5.x80TCPClient PCvCenter ServervCenter Server requires port 80 for direct HTTP connections.
vCenter 5.x80TCPvCenter ServerESXi 5.xDPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter 5.x88UDPvCenter ServerActive Directory ServerAD Authentication
vCenter 5.x88TCPvCenter ServerActive Directory ServerAD Authentication
vCenter 5.x135TCPvCenter ServervCenter ServerLinked Mode
vCenter 5.x161UDPSNMP ServervCenter ServerSNMP Polling
vCenter 5.x162UDPvCenter ServerSNMP ServerSNMP Trap Send
vCenter 5.x389TCP/UDPvCenter ServerLinked vCenter ServersThis is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, you can run the LDAP service on any port from 1025 through 65535.
vCenter 5.x443TCPvSphere ClientvCenter ServervCenter Server system uses to listen for connections from the vSphere Client.
vCenter 5.x443TCPvCenter ServerESXi 5.xvCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol
vCenter 5.x623UDPvCenter ServerESXi 5.xDPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter 5.x636TCPvCenter ServersLinked vCenter ServersvCenter Server Linked Mode, this is the SSL port of the local instance.
vCenter 5.x902TCPvCenter ServerESXi 5.xvCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts.
vCenter 5.x902UDPvCenter ServerESXi 5.xManaged hosts send a regular heartbeat to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts.
vCenter 5.x902TCP/UDPvSphere ClientESXi 5.xvSphere Client uses this ports to display virtual machine consoles.
vCenter 5.x902TCP/UDPESXi 5.xESXi 5.xHost access to other hosts for migration and provisioning
vCenter 5.x1024 (dynamic)RPCLinked vCenter ServersLinked vCenter ServersBi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all vCenters that own an object it needs to manage.
vCenter 5.x1433TCPvCenter ServerMicrosoft SQL ServerFor vCenter Microsoft SQL Server Database
vCenter 5.x1521TCPvCenter ServerOracle Database ServerFor vCenter Oracle Database
vCenter 5.x5988TCPESXi 5.xvCenter ServerCIM transactions over HTTP
vCenter 5.x5989TCPvCenter ServerESXi 5.xCIM XML transactions over HTTPS
vCenter 5.x5989TCPESXi 5.xvCenter ServerCIM XML transactions over HTTPS
vCenter 5.x7500UDPvCenter ServervCenter ServerLinked Mode, Java Discovery Port
vCenter 5.x8005TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 5.x8006TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 5.x8009TCPvCenter ServervCenter ServerAJP Port
vCenter 5.x8080TCPClient PCvCenter ServerWeb Services HTTP. Used for the VMware VirtualCenter Management Web Services.
vCenter 5.x8083TCPvCenter ServervCenter ServerInternal Service Diagnostics
vCenter 5.x8085TCPvCenter ServervCenter ServerInternal Service Diagnostics/SDK
vCenter 5.x8086TCPvCenter ServervCenter ServerInternal Communication Port
vCenter 5.x8087TCPvCenter ServervCenter ServerInternal Service Diagnostics
vCenter 5.x8089TCPvCenter ServervCenter ServerSDK Tunneling Port
vCenter 5.x8443TCPClient PCvCenter ServerWeb Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
vCenter 5.x8443TCPvCenter ServervCenter ServerLinked Mode
vCenter 5.x9443TCPClient PCvCenter ServervSphere Web Client Access
vCenter 5.x10109TCPvCenter ServervCenter ServervCenter Inventory Service Service Management
vCenter 5.x10111TCPvCenter ServervCenter ServervCenter Inventory Service Linked Mode Communication
vCenter 5.x10443TCPClient PCvCenter ServervCenter Inventory Service HTTPS
vCenter 5.x51915TCPESXivSphere Authentication ProxyThis is a web service, which is used to add host to Active Directory domain.
vCenter 5.x60099TCPvCenter ServervCenter ServerWeb Service change service notification port
vCenter 5.17005TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnBase shutdown port.
For more information, see Configuring VMware Tomcat Server Settings in vCenter Server 5.1.
vCenter 5.17080TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnHTTP Port
vCenter 5.1\5.57444TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnLookup Service, HTTPS Port
vCenter 5.17009TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnAJP Port
vCenter 5.1/5.510109 to 10111TCPvCenter Inventory ServicevCenter ServervCenter Inventory Service Linked Mode Communication
vCenter 5.1/5.58003TCPvCenter Server (Tomcat Server settings)vCenter Server Management Web ServicesvCenter Server Management Web Service shutdown
vCenter 5.149152 to 65535TCPActive DirectoryvCenter ServerAllow Active Directory authentication/communication between domain controllers and vCenter Server.
vCenter 5.588TCPvCenter ServervCenter Single Sign-OnKdc Service
vCenter 5.52012TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnDirectory Service
vCenter 5.52013TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnKdc Service
vCenter 5.52014TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnVMware Certificate Service inter-communications with vCenter Single Sign-On
vCenter 5.56501TCPAuto Deploy serviceESXi HostAuto Deploy Service
vCenter 5.56502TCPAuto Deploy ManagervSphere ClientAuto Deploy Manager Service
vCenter 5.57331TCPvCenter Server (Tomcat Server settings)vSphere Web ClientHTML5 remote console for virtual machines
vCenter 5.5 Update 2 and later7343TCPvCenter Server (Tomcat Server settings)vSphere Web ClientHTML5 remote console for virtual machines, HTTPS
vCenter 5.57444TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnLookup Service, HTTPS port
vCenter 5.58190TCPvCenter ServervCenter ServerStorage Policy Server HTTP
vCenter 5.58191TCPvCenter ServervCenter ServerStorage Policy Server HTTPS
vCenter 5.59875-9877TCPvSphere Web Client vSphere Web Client vSphere Web Client Java Management Extension (JMX). Dynamically acquired upon the vSphere Web Client service starting.
vCenter 5.59090TCPvSphere Web Client HTTPvSphere Web ClientHTTP redirect to HTTPS
vCenter 5.511711TCPvCenter Single Sign-OnvCenter Single Sign-OnDirectory service LDAP use for replication between vCenter Single Sign-On nodes
vCenter 5.511712TCPvCenter Single Sign-OnvCenter Single Sign-OnDirectory service LDAPS use for replication between vCenter Single Sign-On nodes
vCenter 5.512721TCPvCenter Single Sign-OnvCenter Single Sign-OnIdentity Management Service (IDM) internal client/server communication port.
Used by VMware Identity Management Service.
vCenter 5.512443TCPLog BrowservCenter ServerLog Browser
vCenter 5.522000TCPvCenter ServervCenter ServervCenter Server Storage Monitoring Service HTTP
vCenter 5.522100TCPvCenter ServervCenter ServervCenter Server Storage Monitoring Service HTTPS
vCenter 5.531000TCPvCenter ServervCenter ServerVMware vSphere Profile-Driven Storage Service HTTP
vCenter 5.531100TCPvCenter ServervCenter ServerVMware vSphere Profile-Driven Storage Service HTTPS
vCenter 5.549000 to 65000TCPActive DirectoryvCenter ServerAllow Active Directory authentication/communication between domain controllers and vCenter Server.
Used by the VMware Identity Management Service
vCenter 6.022TCP/UDPvCenter ServerSSH ClientSystem port for SSHD.  This port is only used by the vCenter Server Appliance
vCenter 6.080TCPClient PCvCenter ServervCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port 443. This redirection is useful if you accidentally use http://server instead of https://server.

WS-Management (also requires port 443 to be open).

If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as vCenter Server, port 80 is used by the SQL Reporting Service. 

When you install or upgrade vCenter Server, the installer prompts you to change the HTTP port for vCenter Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation or upgrade.
vCenter 6.088TCPvCenter ServerActive Directory ServerVMware key distribution center port
vCenter 6.0389TCP/UDPvCenter ServerLinked vCenter ServersThis port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group.

If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.

If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535. 
vCenter 6.0443TCPvCenter ServervSphere Web ClientThe default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the firewall.

The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.

Port 443 is also used for these services:
  • WS-Management (also requires port 80 to be open)
  • Third-party network management client connection to vCenter Server
  • Third-party network management clients access to host
vCenter 6.0514UDPSyslog CollectorSyslog CollectorvSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance
vCenter 6.0636TCPvCenter ServersLinked vCenter ServersFor vCenter Server Enhanced Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it might be preferable to remove it or change its port to a different port. 
You can run the SSL service on any port from 1025 through 65535.
vCenter 6.0902TCP/UDPvCenter ServerESXi 5.xThe default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902 to the vCenter Server system. 
This port must not be blocked by firewalls between the server and the hosts or between hosts.

Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this port to display virtual machine consoles.
vCenter 6.01514TCP/UDPSyslog CollectorSyslog CollectorvSphere Syslog Collector TLS port for vCenter Server on Windows and vSphere Syslog Service TLS port for vCenter Server Appliance
vCenter 6.02012TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnControl interface RPC for vCenter Single Sign-On(SSO).
vCenter 6.02014TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnRPC port for all VMCA (VMware Certificate Authority) APIs.
vCenter 6.02020TCP/UDPvCenter ServervCenter ServerAuthentication framework management
vCenter 6.06500TCP/UDPvCenter ServerESXi hostESXi Dump Collector port
vCenter 6.06501TCPAuto Deploy serviceESXi HostAuto Deploy service 
vCenter 6.06502TCPAuto Deploy ManagervSphere ClientAuto Deploy management
vCenter 6.07444TCP

Secure Token Service
vCenter 6.09443TCPvSphere Web Client ServervSphere Web ClientvSphere Web Client HTTPS
vCenter 6.011711TCPvCenter Single Sign-OnvCenter Single Sign-OnVMware Directory service (vmdir) LDAP
vCenter 6.011712TCPvCenter Single Sign-OnvCenter Single Sign-OnVMware Directory service (vmdir) LDAPS
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x22TCPClient PCvRealize Infrastructure Navigator ApplianceEnables SSH access tovRealize Infrastructure Appliance
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x80TCPvRealize Infrastructure (formerly known as vCenter Infrastructure Navigator) NavigatorvSphere Web service APIHTTP web service
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x443TCPvRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator)vSphere Web service APIHTTPS web service
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x443TCPvRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator)ESXi/ESX hosts and virtual machinesVIX protocol on target hosts to perform discovery
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x902TCPvRealize Infrastructure NavigatorESXi/ESX hosts and virtual machinesVIX protocol on target hosts to perform discovery
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x2868TCPvCenter ServervRealize Infrastructure (formerly known as vCenter Infrastructure Navigator) NavigatorPlug-in downloads. This download happens as part of the registration process.
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x6969TCPvCenter ServervRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator)Connectivity from vSphere Web Client to vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator)
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x22TCPSSH ClientvRealize Log Insight (formerly known as vCenter Log Insight)Secure Shell (SSH) access to the vRealize Log Insight (formerly known as vCenter Log Insight) virtual appliance
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x25TCPvRealize Log Insight (formerly known as vCenter Log Insight)SMTP ServerEmail notifications from vRealize Log Insight (formerly known as vCenter Log Insight) to a configured mail server
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x514UDPSyslog ClientvRealize Log Insight (formerly known as vCenter Log Insight)Remote Syslog logging
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x514TCPSyslog ClientvRealize Log Insight (formerly known as vCenter Log Insight)Remote Syslog logging
Realize Log Insight (formerly known as vCenter Log Insight) 1.x1514TCPSyslog ClientvRealize Log Insight (formerly known as vCenter Log Insight)SSL Encrypted Remote Syslog logging
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x445UDPvRealize Log Insight (formerly known as vCenter Log Insight)MS Directory Services ServerConnection to a Domain Controller for Active Directory Authentication
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x80TCPHTTP ClientvRealize Log Insight (formerly known as vCenter Log Insight)vRealize Log Insight (formerly known as vCenter Log Insight) Web Interface. Redirects to encrypted web interface
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x443TCPHTTP ClientvRealize Log Insight (formerly known as vCenter Log Insight)vRealize Log Insight (formerly known as vCenter Log Insight) Web Interface Encrypted
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x123UDPvRealize Log Insight (formerly known as vCenter Log Insight)NTP ServerTime synchronization with NTP server
vCloud Usage Meter80TCPvCloud Usage MetervCenter ServerThis is for vSphere API
vCloud Usage Meter443TCPvCloud Usage MetervCenter ServerThis is for vSphere API
vCloud Usage Meter5480TCPvCenter Update ManagervCloud Usage MeterThis is used for virtual appliance updates
vCloud Usage Meter8443TCPClient BrowservCloud Usage MeterThis is for WebApp
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x)22TCPSSH ClientvRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual applianceEnables SSH access to the vRealize Operations Manager Standard (formerly known as vCenter Operations Manager Standard) virtual appliance
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x)443TCPBrowser or vSphere Client pluginvRealize Operations Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual applianceHTTPS server port for the vRealize Operations Manager Standard (formerly known as vCenter Operations Manager Standard) Administration page
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x)5480TCPBrowservRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual applianceHTTPS server port for the VMware Studio Web console to administer the virtual appliance
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x )80TCPBrowservRealize Operations Manager (formerly known as vCenter Operations Manager) UI VMHTTP server port that unconditionally redirects to HTTPS port
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x )443TCP
  • Browser or vSphere Client plugin
  • vRealize Operations Manager UI VM, vRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VM
  • vRealize Operations Manager UI VM
  • vCenter Server
  • HTTPS server port for the vRealize Operations Manager (formerly known as vCenter Operations Manager) UIs: Administration, vSphere, and Custom
  • UI VM: Registration of vRealize Operations Manager (formerly known as vCenter Operations Manager) as an extension to vCenter, Analytics VM: Collecting metric data from vCenter Server.
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x )22TCPSSH ClientvRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM, vRealize Operations Manager Analytics VMEnables SSH access to the vRealize Operations Manager (formerly known as vCenter Operations Manager) virtual appliance
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x )1194TCPvRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VMvRealize Operations Manager (formerly known as vCenter Operations Manager) UI VMOpen VPN tunnel for communication between the two VMs
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x)443TCPvRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM, vRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VMvCenter ServerUI VM: Registration of vRealize Operations Manager as an extension to vCenter, Analytics VM: Collecting metric data from vCenter
vRealize Operations Manager (Standalone) 5.x80TCPBrowservRealize Operations Manager (formerly known as vCenter Operations Manager) (Standalone)(If chosen during configuration) HTTP port to access vRealize Operations Manager (formerly known as vCenter Operations Manager) UI
vRealize Operations Manager (Standalone) 5.x443TCPBrowservRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone) )(If chosen during configuration) HTTPS port to access vRealize Operations Manager (formerly known as vCenter Operations Manager) UI
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x)1199TCPvRealize Operations Manager (formerly known as vCenter Operations Manager) remote collectorvRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone))Heartbeat connection between remote collector and main vRealize Operations Manager (formerly known as vCenter Operations Manager) server
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x)61616TCPvRealize Operations Manager (formerly known as vCenter Operations Manager) remote collectorvRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone))Connection between remote collector and ActiveMQ component on the main vRealize Operations Manager (formerly known as vCenter Operations Manager) server
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x)443TCPvRealize Operations Manager (formerly known as vCenter Operations Manager) local/remote collectorvCenter ServerConnection between remote collector and ActiveMQ component on the main vRealize Operations Manager (formerly known as vCenter Operations Manager) server
vRealize Operations Manager(Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x)10443TCPvRealize Operaions Manager (formerly known as vCenter Operations Manager) Analytics VMvCenter ServervCenter Inventory Service HTTPS
vRealize Operations Manager 6.0.122TCPSSH ClientvRealize Operations ManagerUsed for SSH access to the vRealize Operations Manager cluster.
vRealize Operations Manager 6.0.180TCPBrowservRealize Operations ManagerRedirects to port 443.
vRealize Operations Manager 6.0.1123UDPvRealize Log InsightNTP ServerUsed by vRealize Operations Manager for Network Time Protocol (NTP) synchronization to the master node.
vRealize Operations Manager 6.0.1443TCPBrowservRealize Operations ManagerUsed to access the vRealize Operations Manager product user interface and the vRealize Operations Manager administrator interface.
vRealize Operations Manager 6.0.11235TCPvRealize Operation Manager 6.0 nodesvRealize Operation Manager 6.0 nodesUsed by all nodes in the cluster to transmit resource data and key-value data for the Global xDB database instance.
vRealize Operations Manager 6.0.13091-3094TCPWhen Horizon View (V4V)vRealize Operations ManagerWhen Horizon View (V4V) is installed, used to access data for vRealize Operations Manager from V4V.
vRealize Operations Manager 6.0.16061TCPvRealize Operations Manager 6.0 clientsvRealize Operation Manager 6.0 nodesUsed by clients to connect to the GemFire Locator to get connection information to servers in the distributed system. Also monitors server load to send clients to the least-loaded servers.
vRealize Operations Manager 6.0.110000-10010TCP/UDPvRealize Operation Manager 6.0 nodesvRealize Operation Manager 6.0 nodesGemFire Server ephemeral port range used for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system.
vRealize Operations Manager 6.0.120000-20010TCP/UDPvRealize Operation Manager 6.0 nodesvRealize Operation Manager 6.0 nodesGemFire Locator ephemeral port range used for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system.
View 3.x3389TCPThin ClientESX hostRDP Protocol
View 3.x18443TCPView Connection Server/View ManagervCenter ServerView Composer
View 3.x32111TCPView Agent (Virtual Desktop)View ClientUSB Device Communication
View 3.x32111TCPView ClientView Agent (Virtual Desktop)USB Device Communication
View 4.0.x902TCPView Client/View Client with Offline DesktopESX Host(Optional) View Client with Offline Desktop data is downloaded and uploaded through this port.
View 4.0.x3268TCPView/VDM Connection Server/View ManagerActive Directory ServerGlobal Catalog Server
View 4.0.x3269TCPView/VDM Connection Server/View ManagerActive Directory ServerGlobal Catalog Server
View 4.0.x3389TCPThin ClientESX hostRDP Protocol
View 4.0.x9427TCPView Client/View Client with Offline DesktopView Agent (Virtual Desktop)(Optional) Multimedia Redirection (MMR). MMR is supported by View Client and View Client with Offline Desktop on certain operating systems.
View 4.0.x18443TCPView Connection Server/View ManagervCenter ServerView Composer
View 4.0.x50002TCP/UDPView Agent (Virtual Desktop)View ClientPCoIP (AES 128-bit encryption)
View 4.0.x50002TCP/UDPView ClientView Agent (Virtual Desktop)PCoIP (AES 128-bit encryption)
View 4.5.x----For more information, see Network connectivity requirements for VMware View Manager 4.5 and later (1027217).
View 4.5.x80/443TCPView Client with Local ModeView Transfer ServerHTTP(S) access via direct connection for downloading and uploading Local Mode data
View 4.5.x80/443TCPSecurity ServerView Transfer ServerHTTP(S) access via tunnel connection for downloading and uploading Local Mode data
View 4.5.x902TCPView Connection ServerESX HostUsed when checking out local desktops. Must be accessible on your ESX host when using View Client with Local Mode.
View 4.5.x902TCPView Transfer ServerESX HostPublishing View Composer packages for Local Mode
View 4.5.x4001TCPView Connection ServerView Transfer ServerRequired by JMS for Local Mode
View 4.5.x4172TCP/UDPView ClientView Agent (Virtual Desktop)PCoIP (AES 128-bit encryption)
View 4.5.x50002UDPView ClientView Agent (Virtual Desktop)PCoIP (AES 128-bit encryption)
View 4.6.x----For more information, see Network connectivity requirements for VMware View Manager 4.5 and later (1027217).
View 4.6.x80/443TCPView Client with Local ModeView Transfer ServerHTTP(S) access via direct connection for downloading and uploading Local Mode data
View 4.6.x80/443TCPSecurity ServerView Transfer ServerHTTP(S) access via direct connection for downloading and uploading Local Mode data
View 4.6.x902TCPView Connection ServerESX HostUsed when checking out local desktops. Must be accessible on your ESX host when using View Client with Local Mode.
View 4.6.x902TCPView Transfer ServerESX HostPublishing View Composer packages for Local Mode
View 4.6.x4001TCPView Connection ServerView Transfer ServerRequired by JMS for Local Mode
View 4.6.x4172TCP/UDPView ClientView Agent (Virtual Desktop)PCoIP (AES 128-bit encryption)
View 4.6.x50002UDPView ClientView Agent (Virtual Desktop)PCoIP (AES 128-bit encryption)
View 5.x----For more information, see Network connectivity requirements for VMware View Manager 4.5 and later (1027217).
View 5.x80/443TCPView Client with Local ModeView Transfer ServerHTTP(S) access via direct connection for downloading and uploading Local Mode data
View 5.x80/443TCPSecurity ServerView Transfer ServerHTTP(S) access via direct connection for downloading and uploading Local Mode data
View 5.x902TCPView Connection ServerESXi HostUsed when checking out local desktops. Must be accessible on your ESXi host when using View Client with Local Mode.
View 5.x902TCPView Transfer ServerESXi HostPublishing View Composer packages for Local Mode
View 5.x902TCPView Composer ServerESXi HostUsed when View Composer customizes linked-clone disks, including View Composer internal disks and, if they are specified, persistent disks and system disposable disks.
View 5.x4001TCPView Connection ServerView Transfer ServerRequired by JMS for Local Mode
View 5.x4172TCP/UDPView ClientView Agent (Virtual Desktop)PCoIP (AES 128-bit encryption)
View 5.x50002UDPView ClientView Agent (Virtual Desktop)PCoIP (AES 128-bit encryption)
View/VDM 2.x80TCPView/VDM ClientView/VDM Security ServerVDM Access (not required if only HTTPS is to be supported)
View/VDM 2.x80TCPClient PCView/VDM Security ServerVDM Web Access (not required if only HTTPS is to be supported). The Security Server used as a proxy in a DMZ to allow for external connections in. The View Manager/Connection Broker has an ADAM instance on it.
View/VDM 2.x80TCPView/VDM ClientView/VDM Connection ServerVDM Access (not required if only HTTPS is to be supported)
View/VDM 2.x80TCPClient PCView/VDM Connection ServerVDM Web Access (not required if only HTTPS is to be supported).
View/VDM 2.x88UDPView/VDM Connection Server/View ManagerActive Directory ServerAD Authentication
View/VDM 2.x88TCPView/VDM Connection Server/View ManagerActive Directory ServerAD Authentication
View/VDM 2.x389TCP/UDPView/VDM Connection Server/View ManagerLDAP ServerLDAP Authentication
View/VDM 2.x443TCPView/VDM ClientView/VDM Security ServerVDM Access
View/VDM 2.x443TCPClient PCView/VDM Connection Server/View ManagerVDM Web Access and VDM Administration
View/VDM 2.x443TCPThin ClientView/VDM Connection Server/View ManagerVDM API
View/VDM 2.x443TCPView/VDM ClientView/VDM Connection Server/View ManagerVDM Access
View/VDM 2.x443TCPClient PCView/VDM Security ServerVDM Web Access (Web Browser)
View/VDM 2.x443TCPView/VDM Connection Server/View ManagervCenter ServerVDM to vCenter communication
View/VDM 2.x445UDPView/VDM Connection Server/View ManagerActive Directory ServerAD Authentication
View/VDM 2.x445TCPView/VDM Connection Server/View ManagerActive Directory ServerAD Authentication
View/VDM 2.x1024 to 65535TCPView/VDM Connection Server/View ManagerVirtual Desktop VM (View/VDM Agent)Ephemeral Ports. A short-lived connection between View Manager and the virtual desktop
View/VDM 2.x1024 to 65535TCPView/VDM Connection Server/View ManagerView/VDM Connection Server/View ManagerThis is required for ADAM replication between VDM Connection Servers. With a Registry entry, this can be fixed to a defined set of ports, but by default it is a random TCP high port
View/VDM 2.x3389TCPView/VDM Security ServerVirtual Desktop VM (View/VDM Agent)Tunneled RDP Connection (RSA RC4 encryption, can be set High/Medium/Low)

High: Encrypts both the data sent from client to server and the data sent from server to client using a 128-bit key.

Medium: Encrypts both the data sent from client to server and the data sent from server to client using a 56-bit key if the client is a Windows 2000 or above client, or a 40-bit key if the client is an earlier version.

Low: Encrypts only the data sent from client to server, using either a 56- or 40-bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server.
View/VDM 2.x3389TCPClient PC/Thin Client/View/VDM ClientVirtual Desktop VM (View/VDM Agent)Direct RDP Connection (RSA RC4 encryption, can be set High/Medium/Low).

High: Encrypts both the data sent from client to server and the data sent from server to client using a 128-bit key.

Medium: Encrypts both the data sent from client to server and the data sent from server to client using a 56-bit key if the client is a Windows 2000 or above client, or a 40-bit key if the client is an earlier version.

Low: Encrypts only the data sent from client to server, using either a 56- or 40-bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server.
View/VDM 2.x4001TCPView/VDM Security ServerView/VDM Connection Server/View ManagerJava Messenger Service (JMS)
View/VDM 2.x4001TCPView/VDM Connection Server/View ManagerView/VDM Security ServerJava Messenger Service (JMS)
View/VDM 2.x4001TCPVirtual Desktop VM (View/VDM Agent)View/VDM Connection Server/View ManagerJava Messenger Service (JMS)
View/VDM 2.x4100TCPView/VDM Connection Server/View ManagerView/VDM Connection Server/View ManagerJava Messenger Service (JMS) inter-router traffic
View/VDM 2.x8009TCPView/VDM Security ServerView/VDM Connection Server/View ManagerApache Jserv Protocol (AJP)
View/VDM 2.x8009TCPView/VDM Connection Server/View ManagerView/VDM Security ServerApache Jserv Protocol (AJP)
View/VDM 2.x42966TCPView Client/View Client with Offline DesktopESX Host(Optional) Hewlett-Packard RGS Sender Application is the server-side component of the HP RGS remote display protocol
VMware vCenter Chargeback 1.58080TCPVMWare vCenter Chargeback ServerClientHTTP
VMware vCenter Chargeback 1.58009TCPVMWare vCenter Chargeback ServerClientLoad Balancer
VMware vCenter Chargeback 1.5443TCPVMWare vCenter Chargeback ServerClientHTTPS
VMware vCenter Chargeback 1.525TCPVMWare vCenter Chargeback ServerClientSMTP
VMware vCenter Chargeback 1.5389TCP/UDPVMWare vCenter Chargeback ServerClientLDAP
Virtual SAN2233TCPESXi hostESXi hostInter Node Communication port
Virtual SAN12345UDPESXi hostESXi hostCluster Management – Multicast
Virtual SAN23451UDPESXi hostESXi hostCluster Management – Multicast
Virtual SAN8080TCPVMware vSphere Profile-Driven Storage ServiceESXi hostVirtual SAN VASA Provider
vShield 1.x22TCPvShield ManagervShield agentSSH traffic passing from vShield Manager to vShield agents
vShield 1.x123UDPvShield Time SynchronizationvShield Manager (NTP Server)NTP time synchronization with vShield Manager server
vShield 1.x443TCPWeb browser/Client accessvShield ManagerWeb browser using HTTPS to access vShield Manager user interface
vShield 1.x1162UDPvShield ZonesvShield ManagerSends SNMP trap messages from vShield agents to vShield Manager
vShield 4.x22TCPvShield ManagervShield agentSSH traffic passing from vShield Manager to vShield agents
vShield 4.x123UDPvShield Time SynchronizationvShield Manager (NTP Server)NTP time synchronization with vShield Manager server
vShield 4.x443TCPWeb browser/Client accessvShield ManagerWeb browser using HTTPS to access vShield Manager user interface
vShield 4.x1162UDPvShield ZonesvShield ManagerSends SNMP trap messages from vShield agents to vShield Manager
vSphere Management Assistant443TCPvSphere Management AssistantESX HostFor SDK traffic
EVO:RAIL 1.x7443TCPClient PCvCenter Server (EVO:RAIL)EVO:RAIL Configuration & Management UI
EVO:RAIL 1.x9443TCPClient PCvCenter ServervSphere Web Client Access
EVO:RAIL 1.x5353UDPESXi host/vCenter ServerESXi host/vCenter ServerLoudmouth auto-discovery


VI / vSphere Client ports:

ProductPortProtocolSourceTargetPurpose
Data Recovery22024TCPData Recovery vSphere Client Plug-inData Recovery ApplianceData Recovery management
ESX 3.x80TCPVI / vSphere clientESXi/ESX HostRedirect Web Browser to HTTPS Service (443)
ESX 3.x443TCPVI / vSphere clientESXi/ESX HostVI / vSphere client to ESXi/ESX Host management connection
ESX 3.x902TCPVI / vSphere clientESXi/ESX HostVI / vSphere client to ESXi/ESX hosted VM connectivity (MKS)
ESX 3.x903TCPVI / vSphere clientESXi/ESX HostVM Remote Console
ESX 4.x80TCPVI / vSphere clientESXi/ESX HostRedirect Web Browser to HTTPS Service (443)
ESX 4.x443TCPvSphere ClientESXi/ESX HostvSphere Client to ESXi/ESX Host management connection
ESX 4.x902TCPvSphere ClientESXi/ESX HostvSphere Client to ESXi/ESX hosted VM connectivity (MKS)
ESX 4.x903TCPVI / vSphere clientESXi/ESX HostVM Remote Console (MKS)
ESXi 3.x80TCPVI / vSphere clientESXi/ESX HostRedirect Web Browser to HTTPS Service (443)
ESXi 3.x443TCPVI / vSphere clientESXi/ESX HostVI / vSphere client to ESXi/ESX Host management connection
ESXi 3.x902TCPVI / vSphere clientESXi/ESX HostVI / vSphere client to ESXi/ESX hosted VM connectivity (MKS/Remote Console)
ESXi 3.x903TCPVI / vSphere clientESXi/ESX HostVM Remote VM Console (MKS)
ESXi 4.x80TCPVI / vSphere clientESXi/ESX HostRedirect Web Browser to HTTPS Service (443)
ESXi 4.x443TCPVI / vSphere clientESXi/ESX HostVI / vSphere client to ESXi/ESX Host management connection
ESXi 4.x902TCPVI / vSphere clientESXi/ESX HostVI / vSphere client to ESXi/ESX hosted VM connectivity (MKS/Remote Console)
ESXi 4.x903TCPVI / vSphere clientESXi/ESX HostVM Remote Console (MKS)
ESXi 5.x22TCPvSphere clientESXi 5.xSSH Server
ESXi 5.x80TCPvSphere client / vSphere Web clientESXi 5.xRedirect Web Browser to HTTPS Service (443)
ESXi 5.x443TCPVI / vSphere client/ vSphere Web clientESXi/ESX HostVI / vSphere client to ESXi/ESX Host management connection
ESXi 5.x902TCPvSphere ClientESXi 5.xvSphere Client access to virtual machine consoles (MKS)
vCenter 2.5.x80TCPVI / vSphere clientvCenter ServerRedirect Web Browser to HTTPS Service (443)
vCenter 2.5.x443TCPVI / vSphere clientvCenter ServerVI / vSphere client access to vCenter Server
vCenter 2.5.x903TCPVI / vSphere clientvCenter ServerVI / vSphere client to VM Console
vCenter 4.x80TCPVI / vSphere clientvCenter ServerRedirect Web Browser to HTTPS Service (443)
vCenter 4.x443TCPvSphere ClientvCenter ServervSphere Client access to vCenter Server
vCenter 4.x903TCPVI / vSphere clientvCenter ServerVI / vSphere client to VM Console
vCenter 4.x8080TCPVI / vSphere clientvCenter Server 4.xVMware vCenter 4 Management Web Services - HTTP
vCenter 4.x8443TCPVI / vSphere clientvCenter Server 4.xVMware vCenter 4 Management Web Services - HTTPS
vCenter 5.x80TCPvSphere Client /vSphere Web ClientvCenter ServervCenter Server requires port 80 for direct HTTP connections.
vCenter 5.x443TCPvSphere Client /vSphere Web ClientvCenter ServervCenter Server system uses to listen for connections from the vSphere Client.
vCenter 5.x902TCP/UDPvSphere ClientESXi 5.xvSphere Client uses this ports to display virtual machine consoles.
vCenter 5.x903TCP