Search the VMware Knowledge Base (KB)
View by Article ID

Required ports for vCenter Server 6.0 (2106283)

  • 55 Ratings

Purpose

This article provides information on the required ports for vCenter Server 6.0.

Resolution

The vCenter Server system both on Windows and in the appliance must be able to send data to every managed host and receive data from the vSphere Web Client and the Platform Services Controller services. To enable migration and provisioning activities between managed hosts, the source and destination hosts must be able to receive data from each other.

VMware uses designated ports for communication. Additionally, the managed hosts monitor designated ports for data from vCenter Server. If a Firewall exists between any of these elements, the installer opens the ports during the installation or upgrade process. For custom Firewalls, you must manually open the required ports. If you have a Firewall between two managed hosts and you want to perform source or target activities, such as migration or cloning, you must configure a means for the managed hosts to receive data.

Note: In Microsoft Windows Server 2008 and later, Firewall is enabled by default.

This table outlines the ports required for communication between components:

Port Protocol Description
22 TCP/UDP System port for SSHD. This port is used only by the vCenter Server Appliance.
80 TCP vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port 443. This redirection is useful if you accidentally use http://server instead of https://server.

WS-Management (also requires port 443 to be open).

If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as vCenter Server, port 80 is used by the SQL Reporting Service.

When you install or upgrade vCenter Server, the installer prompts you to change the HTTP port for vCenter Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation or upgrade.
88 TCP VMware key distribution center port
389 TCP/UDP This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group.

If another service is running on this port, it may be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.

If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535.
443 TCP The default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the Firewall.

The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.

Port 443 is also used for these services:
  • WS-Management (also requires port 80 to be open)
  • Third-party network management client connections to vCenter Server
  • Third-party network management clients access to hosts
514 TCP/UDP vSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance
636 TCP For vCenter Server Enhanced Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it may be preferable to remove it or change its port to a different port.

You can run the SSL service on any port from 1025 through 65535.
902 TCP/UDP The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902 to the vCenter Server system.

This port must not be blocked by firewalls between the server and the hosts or between hosts.

Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this port to display virtual machine consoles
903 TCP    Access a virtual machine console from the vSphere Client when the vSphere Client directly connected to the ESXi host.
1514 TCP/UDP vSphere Syslog Collector TLS port for vCenter Server on Windows and vSphere Syslog Service TLS port for vCenter Server Appliance
2012 TCP Control interface RPC for vCenter Single Sign-On (SSO)
2014 TCP RPC port for all VMCA (VMware Certificate Authority) APIs
2020 TCP/UDP Authentication framework management
6500 TCP/UDP ESXi Dump Collector port
6501 TCP Auto Deploy service
6502 TCP Auto Deploy management
7444 TCP Secure Token Service
8088 TCP Workflow Management Service
9443 TCP vSphere Web Client HTTPS
11711 TCP VMware Directory service (vmdir) LDAP
11712 TCP VMware Directory service (vmdir) LDAPS
5480 TCP vCenter Server Appliance Web Console (VAMI)

Note: To configure the vCenter Server system to use a different port to receive vSphere Web Client data, see the vCenter Server and Host Management Guide.

For more information about firewall configuration, see the vSphere Security Guide.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 55 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 55 Ratings
Actions
KB: