137 | UDP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| 138 | UDP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| 139 | TCP | vCenter Converter Server | Source Computer to be converted | For hot migration. Not required if the source computer does not use NetBIOS |
| 443 | TCP | vCenter Converter Server | ESX/ESXi Host | Required for system conversion |
| 443 | TCP | vCenter Converter Server | vCenter Server | Required if vCenter Server is the conversion target |
| 443 | TCP | Source Computer to be converted | vCenter Server | Required if vCenter Server is the conversion target |
| 445 | TCP | vCenter Converter Server | Source Computer to be converted | Required for system conversion. Not required if the source computer uses NetBIOS |
| 902 | TCP | Source Computer to be converted | ESX/ESXi Host | Required for data transport during cloning of system to be converted to target ESX/ESXi Host |
| 443 | TCP | Source Computer to be converted | ESX/ESXi Host | Required for destination VM access when target is ESX/ESXi/vCenter |
| 9089 | TCP | vCenter Converter Server | Source Computer to be converted | Required for system conversion. Remote agent deployment |
| 443 | TCP | vCenter Converter Client | vCenter Converter Server | Only required if the Converter Client and Converter Server were installed on different systems |
| 22 | TCP | vCenter Converter Server | Source Computer to be converted | Required for conversion of Linux-based source computers |
| 22 | TCP | Helper Virtual Machine | Source Computer to be converted | Required for conversion of Linux-based source computers (data flows from source to VM) |
| 443 | TCP | vCenter Converter Server | Helper Virtual Machine | Required for conversion of Linux-based source computers |
| 161 | UDP | SNMP Server | ESX Host | SNMP Polling |
| 161 | UDP | SNMP Server | ESXi 4.x Host | SNMP Polling. Not used in ESXi 3.x |
| 21 | TCP | ESX Host | FTP Server | FTP |
| 22 | TCP | SSH Client | ESX Host | SSH |
| 22 | TCP | ESX Host | SSH Server | SSH |
| 88 | TCP | ESX Host | Active Directory Server | PAM Active Directory Authentication – Kerberos |
| 389 | TCP | ESX Host | LDAP Server | PAM Active Directory Authentication – LDAP |
| 445 | TCP | ESX Host | MS Directory Services Server | PAM Active Directory Authentication |
| 445 | UDP | ESX Host | MS Directory Services Server | PAM Active Directory Authentication |
| 445 | TCP | ESX Host | SMB Server | SMB |
| 464 | TCP | ESX Host | Active Directory Server | PAM Active Directory Authentication – Kerberos Password Services |
| 137-139 | TCP | ESX Host | SMB Server | SMB |
| 443 | TCP | Client PC | ESX Host | Host VI Management via web browser |
| 162 | UDP | ESX Host | SNMP Collector | SNMP Trap Send |
| 53 | UDP | ESX/ESXi Host | DNS Server | DNS |
| 80 | TCP | Client PC | ESX/ESXi Host | Redirect Web Browser to HTTPS Service (443) |
| 111 | TCP | ESX/ESXi Host | NFS Server | NFS Client – RPC Portmapper |
| 111 | UDP | ESX/ESXi Host | NFS Server | NFS Client – RPC Portmapper |
| 123 | UDP | ESX/ESXi Host | NTP Time Server | NTP Client |
| 427 | TCP | ESX/ESXi Host | ESX/ESXi Host | CIM Service Location Protocol (SLP) |
| 427 | UDP | ESX/ESXi Host | ESX/ESXi Host | CIM Service Location Protocol (SLP) |
| 443 | TCP | VI/vSphere Client | ESX/ESXi Host | VI/vSphere Client to ESX/ESXi Host management connection |
| 902 | TCP/UDP | ESX/ESXi Host | ESX/ESXi Host | Authentication, Provisioning, VM Migration |
| 902 | TCP | VI/vSphere Client | ESX/ESXi Host | VI/vSphere Client to ESX/ESXi hosted VM connectivity |
| 903 | TCP | VI/vSphere Client | ESX/ESXi Host | VM Remote VM Console |
| 903 | TCP | VI/vSphere Client | ESX/ESXi Host | VM Remote VM Console |
| 2049 | TCP | ESX/ESXi Host | NFS Server | NFS Client |
| 2049 | UDP | ESX/ESXi Host | NFS Server | NFS Client |
| 3260 | TCP | ESX/ESXi Host | iSCSI SAN | Software iSCSI Client and Hardware iSCSI HBA |
| 5988 | TCP | ESX/ESXi Host | ESX/ESXi Host | CIM Client to CIM Secure Server |
| 5989 | TCP | ESX/ESXi Host | ESX/ESXi Host | CIM Client to CIM Secure Server |
| 8000 | TCP | ESX/ESXi Host (VM Target) | ESX/ESXi Host (VM Source) | VCOtion Communication on VMKernel Interface |
| 8000 | TCP | ESX/ESXi Host (VM Source) | ESX/ESXi Host (VM Target) | VCOtion Communication on VMKernel Interface |
| 2050-2250 | UDP | ESX/ESXi Host | ESX/ESXi Host | VMware HA |
| 8042-8045 | TCP | ESX/ESXi Host | ESX/ESXi Host | VMware HA |
| 514 | UDP | ESX/ESXi Host | Syslog Server | Remote syslog logging |
| 27000 | TCP | ESX/ESXi Host | VMware License Server | ESX/ESXi 3.x Host to License Server communication |
| 27010 | TCP | ESX/ESXi Host | VMware License Server | ESX/ESXi 3.x Host to License Server communication |
| 8100 | TCP/UDP | ESX/ESXi 4 Host | ESX/ESXi 4.x Host | VMware Fault Tolerance. ESX/ESXi 4 only. |
| 8200 | TCP/UDP | ESX/ESXi 4 Host | ESX/ESXi 4.x Host | VMware Fault Tolerance. ESX/ESXi 4 only. |
| 443 | TCP | Client PC | Lab Manager Server | Lab Manager Console (Web Browser) |
| 443 | TCP | Lab Manager Server | vCenter Server | Lab Manager to vCenter Server Communication |
| 1433 | TCP | Lab Manager Server | Microsoft SQL Server | Lab Manager Connectivity to Microsoft SQL Server (for LM database) |
| 5212 | TCP | Lab Manager Server | ESX/ESXi Host | Lab Manager Agent. ESXi requires Lab Manager 4.x |
| 137 | UDP | ESX/ESXi Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
| 138 | UDP | ESX/ESXi Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
| 139 | TCP | ESX/ESXi Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
| 445 | TCP | ESX/ESXi Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x |
| 514 | TCP | Lab Manager Server | ESX/ESXi Host | ESX/ESXi Host Virtual Router. ESXi requires Lab Manager 4.x |
| 389 | TCP | Lab Manager Server | LDAP Server | LDAP Authentication (optional) |
| 636 | TCP | Lab Manager Server | LDAP Server | LDAPS Authentication (optional) |
| 137 | UDP | ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs |
| 138 | UDP | ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs |
| 139 | TCP | ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs |
| 443 | TCP | Client PC | Stage Manager Server | Stage Manager Console (Web Browser) |
| 445 | TCP | ESX Host | SMB File Server | SMB File Sharing for Importing/Exporting VMs |
| 514 | TCP | Stage Manager Server | ESX Host | ESX Host Virtual Router |
| 389 | TCP | Stage Manager Server | LDAP Server | LDAP Authentication (optional) |
| 636 | TCP | Stage Manager Server | LDAP Server | LDAPS Authentication (optional) |
| 443 | TCP | Stage Manager Server | ESX Host | Stage Manager Server communication with ESX Host Agent |
| 443 | TCP | Stage Manager Server | vCenter Server | Stage Manager Server communucation with vCenter Server |
| 5212 | TCP | Stage Manager Server | ESX Host | Stage Manager Agent |
| 1433 | TCP | vCenter Server | Microsoft SQL Server | SRM Connectivity to Microsoft SQL Server (for SRM database) |
| 1521 | TCP | vCenter Server | Oracle Database Server | SRM Connectivity to Oracle (for SRM database) |
| 8095 | TCP | Site Recovery Manager | Local vCenter Server | SRM communucation with local vCenter Server |
| 443 | TCP | Site Recovery Manager | Remote vCenter Server | SRM communucation with remote vCenter Server |
| 443 | TCP | VCB Proxy Server | vCenter Server | Required for VCB and vcbMounter communication and backup processes |
| 443 | TCP | VCB Proxy Server | ESX/ESXi Host | Required for VCB and vcbMounter communication and backup processes |
| 25 | TCP | vCenter Server | SMTP Server | Email notifications |
| 53 | UDP | vCenter Server | DNS Server | DNS lookups |
| 80 | TCP | Client PC | vCenter Server | Redirect Web Browser to HTTPS Service (443) |
| 88 | TCP | vCenter Server | Active Directory Server | AD Authentication |
| 88 | UDP | vCenter Server | Active Directory Server | AD Authentication |
| 161 | UDP | SNMP Server | vCenter Server | SNMP Polling |
| 162 | UDP | vCenter Server | SNMP Server | SNMP Trap Send |
| 389 | TCP | vCenter Server | LDAP Server | LDAP Authentication |
| 443 | TCP | vCenter Server | ESX/ESXi Host | vCenter Agent |
| 443 | TCP | Client PC | vCenter Server | VI Web Access (Web Browser) |
| 443 | TCP | VI/vSphere Client | vCenter Server | VI\vSphere Client access to vCenter Server |
| 445 | TCP | vCenter Server | Active Directory Server | AD Authentication |
| 445 | UDP | vCenter Server | Active Directory Server | AD Authentication |
| 902 | UDP | vCenter Server | ESX/ESXi Host | Heartbeat |
| 902 | UDP | ESX/ESXi Host | vCenter Server | Heartbeat |
| 903 | TCP | Client PC | vCenter Server | VI/vSphere Client to VM Console |
| 903 | TCP | vCenter Server | ESX/ESXi Host | VI/vSphere Client to VM Console (after connection established between VI/vSphere Client and vCenter) |
| 1433 | TCP | vCenter Server | Microsoft SQL Server | For vCenter Microsoft SQL Server Database |
| 1521 | TCP | vCenter Server | Oracle Database Server | For vCenter Oracle Database |
| 8005 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| 8006 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| 8083 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| 8085 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| 8086 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
| 8087 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
| 27000 | TCP | vCenter Server | VMware License Server | Licensing via FlexLM. Only required by vCenter 4 if ESX/ESXi 3.x Hosts will be supported |
| 27000 | TCP | VMware License Server | vCenter Server | Licensing via FlexLM. Only required by vCenter 4 if ESX/ESXi 3.x Hosts will be supported |
| 27010 | TCP | vCenter Server | VMware License Server | Licensing via FlexLM. Only required by vCenter 4 if ESX/ESXi 3.x Hosts will be supported |
| 27010 | TCP | VMware License Server | vCenter Server | Licensing via FlexLM. Only required by vCenter 4 if ESX/ESXi 3.x Hosts will be supported |
| 636 | TCP | vCenter Server | Linked vCenter Servers | Linked mode connectivity between vCenter Servers |
| 8080 | TCP | Client PC | vCenter 4 Server | VMware vCenter 4 Management Web Services – HTTP |
| 8443 | TCP | Client PC | vCenter 4 Server | VMware vCenter 4 Management Web Services – HTTPS |
| 80 | TCP | Client PC | View/VDM Connection Server | VDM Web Access (not required if only HTTPS is to be supported) |
| 80 | TCP | View/VDM Client | View/VDM Connection Server | VDM Access (not required if only HTTPS is to be supported) |
| 80 | TCP | Client PC | View/VDM Security Server | VDM Web Access (not required if only HTTPS is to be supported) |
| 80 | TCP | View/VDM Client | View/VDM Security Server | VDM Access (not required if only HTTPS is to be supported) |
| 88 | TCP | View/VDM Connection Server | Active Directory Server | AD Authentication |
| 88 | UDP | View/VDM Connection Server | Active Directory Server | AD Authentication |
| 389 | TCP | View/VDM Connection Server | LDAP Server | LDAP Authentication |
| 443 | TCP | Client PC | View/VDM Connection Server | VDM Web Access and VDM Administration |
| 443 | TCP | Thin Client | View/VDM Connection Server | VDM API |
| 443 | TCP | View/VDM Client | View/VDM Connection Server | VDM Access |
| 443 | TCP | Client PC | View/VDM Security Server | VDM Web Access (Web Browser) |
| 443 | TCP | View/VDM Client | View/VDM Security Server | VDM Access |
| 443 | TCP | View/VDM Connection Server | vCenter Server | VDM to vCenter communication |
| 445 | TCP | View/VDM Connection Server | Active Directory Server | AD Authentication |
| 445 | UDP | View/VDM Connection Server | Active Directory Server | AD Authentication |
| 3389 | TCP | Client PC/Thin Client/View/VDM Client | Virtual Desktop VM (View/VDM Agent) | Direct RDP Connection |
| 3389 | TCP | View/VDM Security Server | Virtual Desktop VM (View/VDM Agent) | Tunneled RDP Connection |
| 4001 | TCP | View/VDM Security Server | View/VDM Connection Server | JMS |
| 4001 | TCP | View/VDM Connection Server | View/VDM Security Server | JMS |
| 4001 | TCP | Virtual Desktop VM (View/VDM Agent) | View/VDM Connection Server | |
| 8009 | TCP | View/VDM Security Server | View/VDM Connection Server | AJP |
| 8009 | TCP | View/VDM Connection Server | View/VDM Security Server | AJP |
| 1024 – 65535 | TCP | View/VDM Connection Server | View/VDM Connection Server | This is required for ADAM replication (Active Directory “lite” replication) between VDM Connection Servers. With a Registry entry this can be fixed to a defined set of ports, but by default its a random TCP high port |
| 32111 | TCP | View Client | View Agent (Virtual Desktop) | USB Device Communication |
| 32111 | TCP | View Agent (Virtual Desktop) | View Client | USB Device Communication |
| 25 | TCP | VCO Server | SMTP Server | Email notifications |
| 389 | TCP | VCO Server | LDAP Server | LDAP Authentication |
| 443 | TCP | VCO Server | vCenter Server | Used to obtain virtual infrastructure and virtual machine information from orcestrated vCenter Server(s) through the vCenter API |
| 636 | TCP | VCO Server | LDAP Server | VCO uses LDAP authentication and group membership to determine role authorization in LCM and access to VMs/requests. This is the SSL secured LDAP protocol ldaps (the SSL pendent of 389). This is used for secured LDAP authentication |
| 3306 | TCP | VCO Server | MySQL Server | vCenter Orchestrator Server to MySQL Server for VCO Database |
| 1433 | TCP | VCO Server | Microsoft SQL Server | vCenter Orchestrator Server to Microsoft SQL Server for VCO Database |
| 1521 | TCP | VCO Server | Oracle Database Server | vCenter Orchestrator Server to Oracle for VCO Database |
| 5432 | TCP | VCO Server | PostgresSQL Server | vCenter Orchestrator Server to PortgresSQL Server for VCO Database |
| 8230 | TCP | VCO Client | VCO Server | Lookup port – The main port to communicate with Orchestrator Configurator server (JNDI port). All other ports communicate with the Orchestrator Configurator smart client through this one. It is part of the Jboss Application server infrastructure |
| 8240 | TCP | VCO Client | VCO Server | Command port – The application communication port (RMI container port), it is used for remote invocations. It is part of the JBoss Application server infrastructure. |
| 8250 | TCP | VCO Client | VCO Server | Messaging port – The Java messaging port used to dispatch events. It is part of the JBoss Application server infrastructure |
| 8280 | TCP | VCO Server | VCO Server | Port used by VCO Server to connect to the Web front-end via HTTP |
| 8281 | TCP | VCO Server | VCO Server | Port used by VCO Server to connect to the Web front-end via HTTPS |
| 8281 | TCP | vCenter Server | VCO Server | Port used by VCO Server to connect to vCenter Server to communicate with the vCenter API |
| 8282 | TCP | VCO Client PC | VCO Server | HTTP server port – The port for the HTTP connector used to connect to the Web frontend. |
| 8283 | TCP | VCO Client PC | VCO Server | HTTPS server port – The port for the SSL HTTP connector used to connect to the Web frontend. Requires Jetty to be configured for SSL. |
| 80 | TCP | Update Manager Server | www.vmware.com and xml.shavlik.com | To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com |
| 80 | TCP | ESX/ESXi Host | Update Manager Host | ESX/ESXi Host to Update Manager Server . The reverse proxy forwards the required to port 9084 |
| 443 | TCP | Update Manager Server | www.vmware.com and xml.shavlik.com | To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com |
| 443 | TCP | ESX/ESXi Host | Update Manager Server | ESX/ESXi Host to Update Manager Server . The reverse proxy forwards the required to port 9084 |
| 443 | TCP | vCenter Server | Update Manager Server | vCenter Server to Update Manager Server. The reverse proxy forwards the request to port 8084 |
| 443 | TCP | Update Manager Server | vCenter Server | Update Manager to vCenter Server communication |
| 902 | TCP | Update Manager Server | ESX/ESXi Host | To push patches and updates from Update Manager to the ESX/ESXi Hosts to be updated |
| 1433 | TCP | Update Manager Server | Microsoft SQL Server | Update Manager to Microsoft SQL Server connectivity (for UM Database) |
| 1521 | TCP | Update Manager Server | Oracle Database Server | Update Manager to Oracle connectivity (for UM Database) |
| 8084 | TCP | Update Manager Server | Update Manager Server | SOAP between components of Update Manager Server |
| 9084 | TCP | Update Manager Server | Update Manager Server | Update Manager Web Server. Accessed through reverse proxy from port 80 and/or 443 |
| 9000-9010 | TCP | Update Manager Server | ESX/ESXi Host | This is the recommend port range from which to choose ports for Update Manager if ports 80 and 443 are already in use. Update Manager automatically opens these ports for ESX Host scanning and remediation |
| | | | | |