123/UDP/NTP client 4 4 3 /T C P /H o s t M a n a g e m e n t 9 0 2 /T C P /H o s te d V M c o n n e c tiv ity 9 0 3 /T C P /V M R e m o te V M C o n s o le 53/UDP/DNS 3 2 6 0 /T C P /S o ftw a re iS C S I C lie n t & H a rd w a re iS C S I H B A ESX only 514/UDP/Remote Syslog logging 2 1 /T C P /F T P 2 1 /T C P /F T P 2 2 /T C P /S S H
2 2 /T C P /S S H
389/TCP/LDAP
4 4 5 + 1 3 7 -1 3 9 /T C P /S M B 4 4 3 /T C P /H o s t V I M a n a g e m e n t v ia b ro w s e r 427/TCP&UDP/CIM Service Location Protocol (SLP) 443/TCP/Server-to-server migration & provisioning trafc 902/TCP&UDP/Authentication, Provisioning, VM Migration 5988/TCP/CIM Client to CIM Secure Server 5989/TCP/CIM Client to CIM Secure Server 8000/TCP/VCOtion Communication of VMkernel Interface 8100+8200/TCP&UDP/VMware FT. ESX/ESXi 4 Hosts only 2050-2250/UDP/VMware HA 8042-8045/TCP/VMware HA ESXi 4 Only 161/U D P/SN M P Polling VMware vCenter Server
80+443/TCP/Meta data for updates 80+443/TCP/Host to Update Server. forwards to 9084 9000-9100/TCP/Use if 80+443 are not available. Automatically opened for host scanning and remediation 80/TCP/VUM -VC com m unication 443/TCP/The reverse proxy forwards the request to port 8084 Update Manager Patch DB 1521/TCP/Oracle -OR- 1433/TCP/MS SQL VC DB 1521/TCP/O racle -O R- 1433/TCP/M S SQ L In te rn a l 8084/TCP/SOAP 9084/TCP/VUM Web Server. Accessed through Reverse Proxy from port 80 and/or 443 vCenter 4 Only 53/UDP/DNS 8 8 + 4 4 5 /T C P & U D P /A D A u th e n tic a tio n 161/UDP/SNMP Polling 162/UDP/SNMP Trap Send 389/TCP/LDAP 443/TCP/vCenter Agent 902/TCP/Heartbeat 903/TCP/VI-vSphere Client to VM Console 5989/TCP/CIM transaction communication Dudley Smith Fri Jan 15 2010 v5.0 443/TC P/R equired for VC B and vcbM ounter C om m unication & Backup 443/TCP/Required for VCB and vcbMounter Communication & Backup Converter 4 Only 137+138(UDP)+139(TCP)/For hot migration. Not required if the source does not use NetBIOS 445/TCP/Required for conversion. Not required if the source uses NetBIOS 22/TCP/Only for Linux-based Source Computer 443/TC P/System C onversion 4 4 3 /T C P /R e q u ire d if v C e n te r S e rv e r is th e c o n v e rs io n ta rg e t 4 4 3 /T C P /R e q u ire d if v C e n te r S e rv e r is th e c o n v e rs io n ta rg e t 902/TCP/Required for data transport during cloning of system to be converted to target ESX/ESXi Host 443/TCP/Required for destination VM access when target is ESX/ESXi/vCenter 9089/TCP/Required. Remote Agent Deployment 443/TCP/Required if Converter Client & Converter Server were installed on different systems vCenter Converter Client (ionly required if Converter Client and Converter Server were installed on different systems 443/TCP SRM DB 1521/TCP/Oracle -OR- 1433/TCP/MS SQL -OR- 5000/TCP/IBM DB2 REMOTE VMware vCenter Server (SRM) Site Recovery Manager 8 0 /T C P /S R M C o m m u n ic a tio n & P lu g in d o w n lo a d 80/TCP/SRM communication with remote vCenter Server(Port 80 is used for the initial connection to the remote site. After the initial HTTP connection is made, the two sites establish an SSL connection over port 80 for subsequent connections.) www.vmware.com xml.shavlik.com 8 8 /T C P /P A M A D A u th e n tica tio n - K e rb e ro s 4 4 5 /T C P & U D P /P M A D A u th e n tica tio n 4 6 4 /T C P /P A M A D A u th e n tica tio n - K e rb e ro s P a ssw o rd S e rvice s Linked vCenter Server Linked vCenter Server Linked vCenter Server 9 0 3 /T C P /V I-v S p h e re C lie n t to V M C o n s o le 8 0 8 0 /T C P /M a n a a g e m e n t W e b S e rv ic e s H T T P 8 4 4 3 /T C P /M a n a g e m e n t W e b S e rv ic e s H T T P S 8005&8006&8086/TCP/ Internal Communications Port 8083 & 8085 & 8087/TCP/ Internal Service Diagnostics 443/TCP/vCenter API (Orch.) 8281/TCP/vCenter AP (Orch.) In te rn a l 27000/T C P /for V I3.x hosts 27010/T C P /for V I 3.x hosts 27000/TC P /for V I3.x hosts 27010/TC P /for V I 3.x hosts 3.x Only VCO DB 1521/TCP/Oracle 1433/TCP/MS SQL 3306/TCP/MySQL 5432/TCP/PostgresSQL 8230/TCP/Lookup 8240/TCP/Command 8250/TCP/Messaging 8282/TCP/HTTP 8283/TCP/HTTPS Orchestrator VCO Client 161/U D P/SN M P Polling 162/U D P/SN M P Trap Send FTP Client SSH Client FTP Server SSH Server SMB Server iSCSI SAN NFS Server
Syslog Server
NTP Server
SNMP Server Helper 22/TCP 443/TCP/Required for Linux sources Active Directory Server
VCB Proxy DNS Server FlexLM License Server SNMP Server SMTP Server 902/TCP/Pushes updates to the host (both ESX & ESXi) Internal 8 0 /T C P /R e d ire c t b ro w s e r to H T T P S (4 4 3 ) 25/TCP/Email notications 389/TCP/LDAP (Optional) 636/TCP/LDAPS (Optional) 8280/TCP/HTTP In te rn a l LDAP Server 4 4 3 /T C P /V I/v S p h e re c lie n t a c c e s s 8 0 + 4 4 3 /T C P /R e d ire c t b ro w s e r to H T T P S s e rv ic e (4 4 3 ) Connections & Ports in ESX & ESXi Including vCenter Server, Site Recovery Manager, VMware Consolidated Backup, VMware Data Recovery, VMware Update Manager, VMware Orchestrator and VMware Converter ESX & ESXi ESX & ESXi VM VM Third-party SystemImages VMware Virtual Machines Physical Machine Third-party Virtual Machines .sv2i Source vCenter Converter 80+443/TCP/Meta data for updates Source: VMware Network Ports Compendium -v5 External API Client 9007/TCP/SOAP Data Recovery Appliance 22024/TC P /D ata R ecovery M anagem ent
Guided Consolidation Targets 1 3 5 & 1 3 7 & 1 3 8 & 1 3 9 & 4 4 5 /T C P & U D P / 25/TCP/Email notications 389/TCP/Bi-direction LDAP authentication with Kerberos encryption between vCenter Servers Bi-directional RPC communications on dynamic TCP ports required between all vCenters in Linked Mode (via ADAM) RPC RPC 902/UDP/Heartbeat