You are on page 1of 12

Network port diagram for Vmware vSphere 5.

x (2054806) - See Link to the VMware KB for Updated PDF


Please e-mail me if you spot any errors in the excel version. www.vmzone.com
This Spreadsheet Last Updated - 23-03-2014

Excel Ref PDF Ref

Port

Protocol

Source

Target

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

22
53
68
80
88
111
111
123
161
162
389
427
443
443
445
445
445
464
514
902
902
902

TCP
UDP
UDP
TCP
TCP
TCP
UDP
UDP
UDP
UDP
TCP/UDP
UDP
TCP
TCP
UDP
TCP
TCP
TCP
UDP/TCP
TCP/UDP
TCP
TCP/UDP

Client PC
ESXi 5.x
ESXi 5.x
Client PC
ESXi host
ESXi/ESX Host
ESXi/ESX Host
ESXi/ESX Host
SNMP Server
ESXi Host
ESXi host
VI / vSphere Client
VI / vSphere Client
ESXi/ESX Host
ESXi host
ESXi host
ESXi host
ESXi host
ESXi 5.x
ESXi 5.x
vSphere Client
ESXi 5.x

ESXi 5.x
DNS Server
DHCP Server
ESXi 5.x
Active Directory Server
NFS Server
NFS Server
NTP Time Server
ESXi 4.x Host
SNMP Collector
LDAP Server
ESXi/ESX Host
ESXi/ESX Host
ESXi/ESX Host
MS Directory Services Server
MS Directory Services Server
SMB Server
Active Directory Server
Syslog Server
ESXi 5.x
ESXi 5.x
vCenter Server

23

23

1024 (dynamic)

TCP/UDP

ESXi Host

Active Directory Server

24
25
26
27
28
29
30
31

24
25
26
27
28
29
30
31

2049
2049
3260
5900 to 5964
5989
5989
5989
8000

TCP
UDP
TCP
TCP
TCP
TCP
TCP
TCP

ESXi 5.x
ESXi 5.x
ESXi 5.x
ESXi 5.x
CIM Server
vCenter Server
ESXi 5.x
ESXi 5.x (VM Target)

NFS Server
NFS Server
iSCSI storage server
ESXi 5.x
ESXi 5.x
ESXi 5.x
vCenter Server
ESXi 5.x (VM Source)

32
33
34
35
36
37
38
39
40
41
42
43
44
45

32
33
34
35
36
37
38
39
40
41
42
43
44
45

8000
8100
8182
8200
8301
8302
31100
31000
6500
8000
8001
25
53
80

TCP
TCP/UDP
TCP/UDP
TCP/UDP
UDP
UDP
TCP
TCP
UDP
TCP
TCP
TCP
UDP
TCP

ESXi 5.x (VM Source)


ESXi 5.x
ESXi 5.x
ESXi 5.x
ESXi 5.x
ESXi 5.x
vCenter
SPS Server
ESXi
ESXi
ESXi
vCenter Server
vCenter Server
Client PC

ESXi 5.x (VM Target)


ESXi 5.x
ESXi 5.x
ESXi 5.x
ESXi 5.x
ESXi 5.x
SPS Server
vCenter
vCenter Server
vCenter Server
vCenter Server
SMTP Server
DNS Server
vCenter Server

46

46

80

TCP

vCenter Server

ESXi 5.x

47
48
49

47
48
49

88
88
135

UDP
TCP
TCP

vCenter Server
vCenter Server
vCenter Server

Active Directory Server


Active Directory Server
vCenter Server

50

50

9084

TCP

vSphere Client

Update Manager

51

51

162

UDP

vCenter Server

SNMP Server

52

52

389

TCP/UDP

vCenter Server

Linked vCenter Servers

53

53

443

TCP

vSphere Client

vCenter Server

54

54

443

TCP

vCenter Server

ESXi 5.x

55

55

623

UDP

vCenter Server

ESXi 5.x

56

56

636

TCP

vCenter Servers

Servers

57

57

902

TCP

vCenter Server

ESXi 5.x

58

58

902

UDP

vCenter Server

ESXi 5.x

59

59

902

TCP/UDP

vSphere Client

ESXi 5.x

60

60

902

TCP/UDP

ESXi 5.x

ESXi 5.x

61

61

5480

TCP

Client PC

vCenter Server

62

62

1024 (dynamic)

RPC

Linked vCenter Servers

Linked vCenter Servers

63
64
65
66
67
68
69
70

63
64
65
68
69
70
71
72

1433
1521
5988
7500
8000
8005
8006
8009

TCP
TCP
TCP
UDP
TCP
TCP
TCP
TCP

71

73

8080

TCP

72
73
74
75

74
75
76
77

8083
8085
8086
8087

TCP
TCP
TCP
TCP

76

78

8443

TCP

Client PC

77
78
79
80
81

79
80
81
82
83

8443
9443
10109
10111
10443

TCP
TCP
TCP
TCP
TCP

vCenter Server
Client PC
vCenter Server
vCenter Server
Client PC

82

84

51915

TCP

ESXi

vSphere Authentication Proxy

83

85

60099

TCP

vCenter Server

vCenter Server

84

86

7005

TCP

vCenter Server (Tomcat Server Settings)

vCenter Single Sign On

85

87

7080

TCP

vCenter Server (Tomcat Server Settings)

vCenter Single Sign On

86

88

7444

TCP

vCenter Server (Tomcat Server Settings)

vCenter Single Sign On

87

89

7009

TCP

vCenter Server (Tomcat Server Settings)

vCenter Single Sign On

88
89

90
91

10111
25

TCP
TCP

vCenter Inventory Service


VCO Server

vCenter Server
SMTP Server

vCenter
vCenter
ESXi
vCenter
vCenter
vCenter
vCenter
vCenter

Server
Server
5.x
Server
Server
Server
Server
Server

Client PC
vCenter
vCenter
vCenter
vCenter

Server
Server
Server
Server

Microsoft SQL Server


Oracle Database Server
vCenter Server
vCenter Server
ESXi 5.x
vCenter Server
vCenter Server
vCenter Server
vCenter Server
vCenter
vCenter
vCenter
vCenter

Server
Server
Server
Server

vCenter Server
vCenter
vCenter
vCenter
vCenter
vCenter

Server
Server
Server
Server
Server

90

92

389

TCP/UDP

VCO Server

LDAP Server

91

93

443

TCP

VCO Server

vCenter Server

92

94

636

TCP

VCO Server

LDAP Server

93
94
95
96

95
96
97
98

1433
1521
3306
5432

TCP
TCP
TCP
TCP

VCO
VCO
VCO
VCO

97

99

8230

TCP

VCO Client

VCO Server

98

100

8240

TCP

VCO Client

VCO Server

99

101

8244

TCP

VCO Client

VCO Server

100

102

8250

TCP

VCO Client

VCO Server

101
102

103
104

8280
8281

TCP
TCP

VCO Server
VCO Server

VCO Server
VCO Server

103

105

8281

TCP

vCenter Server

VCO Server

104

106

8282

TCP

VCO Client PC

VCO Server

105

107

8283

TCP

VCO Client PC

VCO Server

106

108

80

TCP

Update Manager Server

www.vmware.com and xml.shavlik.com

107

109

80

TCP

ESXi/ESX Host

Update Manager Host

108

110

80

TCP

Update Manager Server

vCenter Server

109

111

443

TCP

Update Manager Server

www.vmware.com and xml.shavlik.com

110

112

443

TCP

ESXi/ESX Host

Update Manager Server

111

113

443

TCP

vCenter Server

Update Manager Server

Server
Server
Server
Server

Microsoft SQL Server


Oracle Database Server
MySQL Server
PostgresSQL Server

112

114

735

TCP

Update Manager Server

Virtual Machines

113

115

902

TCP

Update Manager Server

ESXi/ESX Host

114
115

116
117

1433
1521

TCP
TCP

Update Manager Server


Update Manager Server

Microsoft SQL Server


Oracle Database Server

116

118

8084

TCP

Update Manager Server

vCenter Server

117

119

9084

TCP

ESXi/ESX host

Update Manager Server

118

120

9087

TCP

Update Manager Server

vCenter Server

119

121

9000 to 9100

TCP

ESXi/ESX Host

Update Manager Server

120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

111
920
61611
61616
25
53
123
389
443
514
902
903
1433
1521
5672
10109
10111
10111
10080
10443
9443
9090
443
7444

TCP, UDP
TCP, UDP
TCP
TCP
TCP, UDP
TCP, UDP
TCP, UDP
TCP, UDP
TCP
UDP
TCP
TCP
TCP
TCP
TCP, UDP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP
TCP

vCloud Director Cell


vCloud Director Cell
vCloud Director Cell (Message Bus)
vCloud Director Cell (Message Bus)
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCloud Director Cell
vCenter Server
vCenter Server
vCenter Inventory Service
vSphere Client
vSphere Client
Client PC
Client PC
Web Client Server
Web Client Server

NFS Server
NFS Server
vCloud Director Cell
vCloud Director Cell
SMTP Server
DNS Server
NTP Time Server
LDAP Server
ESXi / vCenter
Syslog Server
ESXi / vCenter
ESXi / vCenter
SQL Server Database
Oracle Database Server
AMQP RabbitMQ
vCenter Server
vCenter Server
vCenter Server
vCenter Server
vCenter Server
Web Client Server
Web Client Server
vCenter Server
vCenter SSO

144

146

5988

TCP

CIM Server

ESXi 5.x

145

147

12443

TCP

Web Client Server

Log Browser Service

146

148

12221

TCP

Log Browser Proxy

Log Browser Service

Taken from VMware Source - KB2054806 - Aug 2013

Purpose
SSH Server
DNS Client
DHCP Client
Redirect Web Browser to HTTPS Service (443)
PAM Active Directory Authentication - Kerberos
NFS Client RPC Portmapper
NFS Client RPC Portmapper
NTP Client
SNMP Polling. Not used in ESXi 3.x
SNMP Trap Send
PAM Active Directory Authentication - Kerberos
CIM Service Location Protocol (SLP)
VI / vSphere Client to ESXi/ESX Host management connection
Host to host VM migration and provisioning
PAM Active Directory Authentication
PAM Active Directory Authentication
SMB Server
PAM Active Directory Authentication - Kerberos
Remote syslog logging
Host access to other hosts for migration and provisioning
vSphere Client access to virtual machine consoles (MKS)
(UDP) Status update (heartbeat) connection from ESXi to vCenter Server
Bi-directional communication on TCP/UDP ports is required between the ESXi host
and the Active Directory Domain Controller (via the netlogond process on the ESXi
host). See Active Directory and Active Directory Domain Services Port
Requirements and MS article 179442.
Transactions from NFS storage devices
Transactions from NFS storage devices
Transactions to iSCSI storage devices
RFB protocol, which is used by management tools such as VNC
CIM transactions over HTTP
CIM XML transactions over HTTPS
CIM XML transactions over HTTPS
Requests from vMotion

Requests from vMotion


Traffic between hosts for vSphere Fault Tolerance (FT)
Traffic between hosts for vSphere High Availability (vSphere HA)
Traffic between hosts for vSphere Fault Tolerance (FT)
DVS Port Information
DVS Port Information
Internal Communication Port
Internal Communication Port
Network coredump server
Network coredump web port
Network syslog server
Email notifications
DNS lookups
vCenter Server requires port 80 for direct HTTP connections.
DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
AD Authentication
AD Authentication
Linked Mode
Download of VUM client binary from VUM server machine to the VI client machine.
SNMP Trap Send
This is the LDAP port number for the Directory Services for the vCenter Server
group. The vCenter Server system needs to bind to port 389, even if you are not
joining this vCenter Server instance to a Linked Mode group. If another service is
running on this port, you can run the LDAP service on any port from 1025 through
65535.
vCenter Server system uses to listen for connections from the vSphere Client.
vCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol
DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter Server Linked Mode, this is the SSL port of the local instance.
vCenter Server system uses to send data to managed hosts. This port must not be
blocked by firewalls between the server and the hosts or between hosts.
Managed hosts send a regular heartbeat to the vCenter Server system. This port
must not be blocked by firewalls between the server and the hosts or between
hosts.
vSphere Client uses this ports to display virtual machine consoles.

Host access to other hosts for migration and provisioning


Only applicable for vCenter Server Virtual Appliance - used for accessing VAMI
page of vCenter Server Appliance over HTTPS
Bi-directional RPC communication on dynamic TCP ports is required between all
vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to
all vCenters that own an object it needs to manage.
For vCenter Microsoft SQL Server Database
For vCenter Oracle Database
CIM transactions over HTTP
Linked Mode, Java Discovery Port
Requests from vMotion
Internal Communication Port
Internal Communication Port
AJP Port
Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
Internal Service Diagnostics
Internal Service Diagnostics/SDK
Internal Communication Port
Internal Service Diagnostics
Web Services HTTPS. Used for the VMware VirtualCenter Management Web
Services.
Linked Mode
vSphere Web Client Access
vCenter Inventory Service Service Management
vCenter Inventory Service Linked Mode Communication
vCenter Inventory Service HTTPS
This is a web service, which is used to add host to Active Directory domain.
Web Service change service notification port
Base shutdown port. For more information, see Configuring VMware Tomcat Server
Settings in vCenter Server 5.1.
HTTP Port
HTTPS Port
AJP Port
vCenter Inventory Service Linked Mode Communication
Email notifications

LDAP Authentication
Used to obtain virtual infrastructure and virtual machine information from
orchestrat- ed vCenter Server(s) through the vCenter API
VCO uses LDAP authentication and group membership to determine role
authorization in LCM and access to VMs/requests. This is the SSL secured LDAP
protocol LDAPS (the SSL pendent of 389). This is used for secured LDAP
authentication
vCenter Orchestrator Server to Microsoft SQL Server for VCO Database
vCenter Orchestrator Server to Oracle for VCO Database
vCenter Orchestrator Server to MySQL Server for VCO Database
vCenter Orchestrator Server to PostgresSQL Server for VCO Database
Lookup port The main port to communicate with Orchestrator Configurator server
(JNDI port). All other ports communicate with the Orchestrator Configurator smart
client through this one. It is part of the JBoss Application server infrastructure
Command port The application communication port (RMI container port), it is
used for remote invocations. It is part of the JBoss Application server infrastructure.
Data port used to access all Orchestrator data models, such as workflows and
policies. It is part of the JBoss application server infrastructure.
Messaging port The Java messaging port used to dispatch events. It is part of the
JBoss Application server infrastructure
Port used by VCO Server to connect to the Web front-end via HTTP
Port used by VCO Server to connect to the Web front-end via HTTPS
Port used by VCO Server to connect to vCenter Server to communicate with the
vCenter API
HTTP server port Port used by the HTTP connector to connect to the Web
frontend.
HTTPS server port Port used by HTTP connector to connect to the Web frontend.
Requires Jetty to be configured for SSL.
To obtain metadata for the updates, Update Manager must be able to connect to
http://www.vmware.com and http://xml.shavlik.com
ESXi/ESX Host to Update Manager Server. The reverse proxy forwards the request
to port 9084
Update Manager to vCenter Server communication
To obtain metadata for the updates, Update Manager must be able to connect to
http://www.vmware.com and http://xml.shavlik.com
ESXi/ESX Host to Update Manager Server . The reverse proxy forwards the request
to port 9084
vCenter Server to Update Manager Server. The reverse proxy forwards the request
to port 8084

Update Managerlistenerport (rdevServer.exe) part of theRemote Device Server


used for virtual machine patching.
To push patches and updates from Update Manager to the ESXi/ESX Hosts to be
updat- ed
Update Manager to Microsoft SQL Server connectivity (for UM Database)
Update Manager to Oracle connectivity (for UM Database)
SOAP between components of Update Manager Server and the vCenter Update
Man- ager client plug-in. Configurable at install.
ESXi/ESX hosts connect to the VUM (VMware Update Manager) webserver listening
for updates. Configurable at install.
Port used for uploading host update files. Configurable at install.
This is the recommend port range from which to choose ports for Update Manager
if ports 80 and 443 are already in use. Update Manager automatically opens these
ports for ESX Host scanning and remediation.
NFS portmapper used by transfer service
NFS rpc.statd used by transfer service
ActiveMQ
ActiveMQ
SMTP
DNS
NTP
LDAP
vCenter Server and ESXi connections
Optional, enables syslog use
vCenter Server and ESXi connections
vCenter Server and ESXi connections
Default Microsoft SQL Server database port
Default Oracle database port
Optional, AMQP messages for task extensions.
vCenter Inventory Service Management
vCenter Inventory Service Linked Mode Communication
vCenter Inventory Service Linked Mode Communication
vCenter Inventory Service HTTP
vCenter Inventory Service HTTPS
Web Client Server HTTPS connection
Web Client Server HTTP connection
Web Client Server to vCenter Server connection
SSO Lookup service connection
CIM transactions over HTTP (only used in case of loopback for the applications
running locally)
For accessing the logs

Internal port for Log Browser adminitstration page. It opens a socket (only bound
tolocalhost) to accept admin commands.