Network Port Diagram - vSphere 6.

x
- Reference Sheet
Updated August 2015

Source: VMware KB 1012382, KB 1030816, KB 2106283, KB 2039095

Network Port Diagram – vSphere 6.x
Source: VMware KB 1012382, KB 1030816, KB 2106283, KB 2039095 Version: 2.0

Products Covered
9084 / TCP (50) Clients
Inventory Service • ESXi 6.x and vCenter 6.x • vCloud Director 6.x
10443 / TCP (141)
vSphere Client 10080 / TCP (140) (On a separate
Storage 427 / UDP (12) server) • Update Manager • vCenter Orchestrator
vSphere 5.1 Only

443 / TCP (13)

>_
80 / TCP (45) 443 / TCP (53) • Virtual SAN
NFS iSCSI Client PC
22 / TCP (1) Naming Convention Example
902 / TCP,UDP (59)
5480 / TCP (61)

902 / TCP,UDP (59)

9090 / TCP (143)

9443 / TCP (142)

10111 / TCP (138)

10111 / TCP (139)

8080 / TCP (73)
80 / TCP (4)
9443 / TCP (80)
Port # Protocol Ref. #
2049 / TCP,UDP (24,25)

902 / TCP (21)

3260 / TCP (26)

443 / TCP (158)

Web Client Server Legend
Database

10443 / TCP (83)

(On a separate server)
vSphere 5.1 Only Unidirectional Communication
SQL Oracle
Log Browser Service Bi-directional Communication
ESXi 6.x

10109 / TCP (137)

902 / TCP,UDP (22)

12443 / TCP (147)

8443 / TCP (78)

12221 / TCP (148)

1433 / TCP (63)

1521 / TCP (64)

111 / TCP,UDP (6,7)

5989 / TCP
6500 / UDP (40)

443 / TCP (144)

51915 / TCP (84)
(29,30)
80 / TCP (46)

5988 / TCP (65) vCenter 7444 / TCP (145)

vSphere
Authentication Internal Communication Inventory Service
Proxy
8000,8001 / TCP (41,42) (Simple Install)
8005,8006 / TCP (70,71)

443 / TCP (54) vSphere 5.x and

623 / UDP (55) 8009 / TCP (72)
5.1 Only
8083,8085 / TCP (74,75)
902 / TCP,UDP (57,58) 8000 / TCP (69)
Tomcat Server 2012 / TCP (154) 2014 / TCP (155)
8086,8087 / TCP (76,77)
Settings vCenter SSO
8301 / UDP (36)

6500 /TCP UDP (157) 60099 / TCP (86) 7005 / TCP (86) 7080 / TCP (87)
8100 / TCP,UDP (33)

10109 / TCP (81) (On a separate server)

7444 / TCP (88) 7009 / TCP (89) vSphere 5.1 Only
2020 / TCP UDP (156)

53 / UDP (2) vCenter SSO

(On a separate server)
443 / TCP (14)

vSphere 6.0 Only

53 / UDP (44)
8000 / TCP (VM Target VMSource) (31,32)
8302 / UDP (37)

8281 / TCP (105)

68 / UDP (3)

31100 / TCP (38)

1024-Dynamic / TCP,UDP (23)
8182 / TCP,UDP (34)

443 / TCP (93)

31000 / TCP (39)
5989 / TCP

Servers
161 / UDP (9)

DNS Server vCenter Orchestrator

902 / TCP,UDP (20)

(28)

Linked Mode Communications

DHCP Server VCO VCO
SPS
162 / UDP (51)

Client Client PC
902 / TCP,UDP (60)

Server

135 / TCP (49)

25 / TCP (43)

5988,8889 / TCP (146) CIM Server

8200 ,8300/ TCP,UDP

8282 / TCP (106)

8240 / TCP (100)

8250 / TCP (102)

8244 / TCP (101)
8230 / TCP

8283/ TCP (107)

123 / UDP (8) NTP Server
464 / TCP (18)

162 / UDP (10) SNMP Server

5900 to 5964 / TCP (27)

1024-Dynamic / RPC (62)

(99)
445 / UDP (17) SMB Server
(35)

88 / TCP (5) Active Directory Server 88 / TCP,UDP (47,48) Internal Communication

25 / TCP (91) VCO
8280 / TCP
Server
(103)
514 / TCP,UDP (19) Syslog Server 8281 / TCP (104)
389 / TCP,UDP (92) 636 / TCP (94)

SMTP Server

3306 / TCP (97)

5432 / TCP (98)

389 / TCP,UDP

1433 / TCP (95)

MS Directory Service

1521 / TCP (96)

445 / UDP (15,16)
ESXi 6.x
389 / TCP,UDP (11) LDAP Server

546/547 / TCP,UDP (150/151) DHCP Server (IPv6)

(52)
389 / TCP,UDP

SQL Oracle MySQL Postgres

25 / TCP,UDP (126)
514 / UDP (131)

7500 / UDP (68)

123 / TCP,UDP (128)

(129)
12345,23451 / UDP (153)
2233 / TCP

80 / TCP (109)

Cell 1

53 / TCP,UDP (127) Message Bus

(152)

vCloud Director
636 / TCP
735 / TCP (114)

5672 / TCP,UDP (136)

920 / TCP,UDP (123)

111 / TCP,UDP (122)

61616 / TCP (125)

61611 / TCP (124)

1433 / TCP (134)

1521 / TCP (135)

(56)

Virtual SAN
443 / TCP (112)

10111 / TCP (82,90)

NFS SQL AMQP Oracle

vCloud
Cell2

RabbitMQ
Director
902 / TCP (115)

443 / TCP (130) 902 / TCP (132) 903 / TCP (133)

8443 / TCP (79)
9084 / TCP (119)

SQL www.vmware.com and xml.shavlik.com Oracle

vCenter 9 / UDP (149)

443 / TCP (111)
80 / TCP (108)

Linked Mode
9000 to 9100 / TCP (121)

1433/ TCP (116) 1521 / TCP (117)

80 / TCP (110) 8084 / TCP (118)

Update 9087 / TCP (120)

Manager
443 / TCP (113)

SUPPORT READINESS Ashish Prajapati

TRAINING Kilian Walker

This document was created using the official VMware icon and diagram library. Copyright © 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware does not endorse or make any representations about third party information
included in this document, nor does the inclusion of any VMware icon or diagram in this document imply such an endorsement. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. Product names, logos and trademarks of other companies which are used in this document remain the property of those other companies.
Reference for Port Diagram
Ref. No. Port Protocol Source Target Purpose
1 22 TCP Client PC ESXi 6.x SSH Server
2 53 UDP ESXi 6.x DNS Server DNS Client
3 68 UDP ESXi 6.x DHCP Server DHCP Client
4 80 TCP Client PC ESXi 6.x Redirect Web Browser to HTTPS Service (443)
Active Directory
5 88 TCP ESXi host PAM Active Directory Authentication - Kerberos
Server
6 111 TCP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
7 111 UDP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
8 123 UDP ESXi/ESX Host NTP Time Server NTP Client
9 161 UDP SNMP Server ESXi 4.x Host SNMP Polling. Not used in ESXi 3.x
10 162 UDP ESXi Host SNMP Collector SNMP Trap Send
11 389 TCP/UDP ESXi host LDAP Server PAM Active Directory Authentication - Kerberos
12 427 UDP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
13 443 TCP VI / vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX Host management connection
14 443 TCP ESXi/ESX Host ESXi/ESX Host Host to host VM migration and provisioning
MS Directory Ser-
15 445 UDP ESXi host PAM Active Directory Authentication
vices Server
MS Directory Ser-
16 445 TCP ESXi host PAM Active Directory Authentication
vices Server
17 445 TCP ESXi host SMB Server SMB Server
Active Directory
18 464 TCP ESXi host PAM Active Directory Authentication - Kerberos
Server
19 514 UDP/TCP ESXi 6.x Syslog Server Remote syslog logging
20 902 TCP/UDP ESXi 6.x ESXi 6.x Host access to other hosts for migration and provisioning
21 902 TCP vSphere Client ESXi 6.x vSphere Client access to virtual machine consoles (MKS)
22 902 TCP/UDP ESXi 6.x vCenter Server (UDP) Status update (heartbeat) connection from ESXi to vCenter Server
Bi-directional communication on TCP/UDP ports is required between the ESXi host and
Active Directory the Active Directory Domain Controller (via the netlogond process on the ESXi host).
23 1024 (dynamic) TCP/UDP ESXi Host
Server See Active Directory and Active Directory Domain Services Port Requirements and MS
article 179442.
24 2049 TCP ESXi 6.x NFS Server Transactions from NFS storage devices
25 2049 UDP ESXi 6.x NFS Server Transactions from NFS storage devices
26 3260 TCP ESXi 6.x iSCSI storage server Transactions to iSCSI storage devices
Ref. No. Port Protocol Source Target Purpose
27 5900 to 5964 TCP ESXi 6.x ESXi 6.x RFB protocol, which is used by management tools such as VNC

28 5989 TCP CIM Server ESXi 6.x CIM transactions over HTTP
29 5989 TCP vCenter Server ESXi 6.x CIM XML transactions over HTTPS
30 5989 TCP ESXi 6.x vCenter Server CIM XML transactions over HTTPS
31 8000 TCP ESXi 6.x (VM Target) ESXi 6.x (VM Source) Requests from vMotion
32 8000 TCP ESXi 6.x (VM Source) ESXi 6.x (VM Target) Requests from vMotion
33 8100 TCP/UDP ESXi 6.x ESXi 6.x Traffic between hosts for vSphere Fault Tolerance (FT)
34 8182 TCP/UDP ESXi 6.x ESXi 6.x Traffic between hosts for vSphere High Availability (vSphere HA)
35 8200,8300 TCP/UDP ESXi 6.x ESXi 6.x Traffic between hosts for vSphere Fault Tolerance (FT)
36 8301 UDP ESXi 6.x ESXi 6.x DVS Port Information
37 8302 UDP ESXi 6.x ESXi 6.x DVS Port Information
38 31100 TCP vCenter SPS Server Internal Communication Port
39 31000 TCP SPS Server vCenter Internal Communication Port
40 6500 UDP ESXi vCenter Server Network coredump server
41 8000 TCP ESXi vCenter Server Network coredump web port
42 8001 TCP ESXi vCenter Server Network syslog server
43 25 TCP vCenter Server SMTP Server Email notifications
44 53 UDP vCenter Server DNS Server DNS lookups
45 80 TCP Client PC vCenter Server vCenter Server requires port 80 for direct HTTP connections.
46 80 TCP vCenter Server ESXi 6.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
Active Directory
47 88 UDP vCenter Server AD Authentication
Server
Active Directory
48 88 TCP vCenter Server AD Authentication
Server
49 135 TCP vCenter Server vCenter Server Linked Mode
50 9084 TCP vSphere Client Update Manager Download of VUM client binary from VUM server machine to the VI client machine.
51 162 UDP vCenter Server SNMP Server SNMP Trap Send
This is the LDAP port number for the Directory Services for the vCenter Server group.
Linked vCenter The vCenter Server system needs to bind to port 389, even if you are not joining this
52 389 TCP/UDP vCenter Server
Servers vCenter Server instance to a Linked Mode group. If another service is running on this
port, you can run the LDAP service on any port from 1025 through 65535.
53 443 TCP vSphere Client vCenter Server vCenter Server system uses to listen for connections from the vSphere Client.
54 443 TCP vCenter Server ESXi 6.x vCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol
Ref. No. Port Protocol Source Target Purpose
55 623 UDP vCenter Server ESXi 6.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
Linked vCenter
56 636 TCP vCenter Servers vCenter Server Linked Mode, this is the SSL port of the local instance.
Servers
vCenter Server system uses to send data to managed hosts. This port must not be
57 902 TCP vCenter Server ESXi 6.x
blocked by firewalls between the server and the hosts or between hosts.
Managed hosts send a regular heartbeat to the vCenter Server system. This port must
58 902 UDP vCenter Server ESXi 6.x
not be blocked by firewalls between the server and the hosts or between hosts.
59 902 TCP/UDP vSphere Client ESXi 6.x vSphere Client uses this ports to display virtual machine consoles.
60 902 TCP/UDP ESXi 6.x ESXi 6.x Host access to other hosts for migration and provisioning
Only applicable for vCenter Server Virtual Appliance - used for accessing VAMI page of
61 5480 TCP Client PC vCenter Server
vCenter Server Appliance over HTTPS
Bi-directional RPC communication on dynamic TCP ports is required between all
Linked vCenter
62 1024 (dynamic) RPC Linked vCenter Servers vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all
Servers
vCenters that own an object it needs to manage.
63 1433 TCP vCenter Server Microsoft SQL Server For vCenter Microsoft SQL Server Database
Oracle Database
64 1521 TCP vCenter Server For vCenter Oracle Database
Server
65 5988 TCP ESXi 6.x vCenter Server CIM transactions over HTTP
68 7500 UDP vCenter Server vCenter Server Linked Mode, Java Discovery Port
69 8000 TCP vCenter Server ESXi 6.x Requests from vMotion
70 8005 TCP vCenter Server vCenter Server Internal Communication Port
71 8006 TCP vCenter Server vCenter Server Internal Communication Port
72 8009 TCP vCenter Server vCenter Server AJP Port
73 8080 TCP Client PC vCenter Server Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
74 8083 TCP vCenter Server vCenter Server Internal Service Diagnostics
75 8085 TCP vCenter Server vCenter Server Internal Service Diagnostics/SDK
76 8086 TCP vCenter Server vCenter Server Internal Communication Port
77 8087 TCP vCenter Server vCenter Server Internal Service Diagnostics
78 8443 TCP Client PC vCenter Server Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
79 8443 TCP vCenter Server vCenter Server Linked Mode
80 9443 TCP Client PC vCenter Server vSphere Web Client Access
81 10109 TCP vCenter Server vCenter Server vCenter Inventory Service Service Management
82 10111 TCP vCenter Server vCenter Server vCenter Inventory Service Linked Mode Communication
83 10443 TCP Client PC vCenter Server vCenter Inventory Service HTTPS
Ref. No. Port Protocol Source Target Purpose
vSphere Authentica-
84 51915 TCP ESXi This is a web service, which is used to add host to Active Directory domain.
tion Proxy
85 60099 TCP vCenter Server vCenter Server Web Service change service notification port
vCenter Server (Tom- vCenter Single Sign Base shutdown port. For more information, see Configuring VMware Tomcat Server
86 7005 TCP
cat Server settings) On Settings in vCenter Server 5.1.
vCenter Server (Tom- vCenter Single Sign
87 7080 TCP HTTP Port
cat Server settings) On
vCenter Server (Tom- vCenter Single Sign
88 7444 TCP HTTPS Port
cat Server settings) On
vCenter Server (Tom- vCenter Single Sign
89 7009 TCP AJP Port
cat Server settings) On
vCenter Inventory
90 10111 TCP vCenter Server vCenter Inventory Service Linked Mode Communication
Service
91 25 TCP VCO Server SMTP Server Email notifications
92 389 TCP/UDP VCO Server LDAP Server LDAP Authentication
Used to obtain virtual infrastructure and virtual machine information from orchestrat-
93 443 TCP VCO Server vCenter Server
ed vCenter Server(s) through the vCenter API
VCO uses LDAP authentication and group membership to determine role authorization
94 636 TCP VCO Server LDAP Server in LCM and access to VMs/requests. This is the SSL secured LDAP protocol LDAPS (the
SSL pendent of 389). This is used for secured LDAP authentication
95 1433 TCP VCO Server Microsoft SQL Server vCenter Orchestrator Server to Microsoft SQL Server for VCO Database
Oracle Database
96 1521 TCP VCO Server vCenter Orchestrator Server to Oracle for VCO Database
Server
97 3306 TCP VCO Server MySQL Server vCenter Orchestrator Server to MySQL Server for VCO Database
98 5432 TCP VCO Server PostgresSQL Server vCenter Orchestrator Server to PostgresSQL Server for VCO Database
Lookup port – The main port to communicate with Orchestrator Configurator server
99 8230 TCP VCO Client VCO Server (JNDI port). All other ports communicate with the Orchestrator Configurator smart
client through this one. It is part of the JBoss Application server infrastructure
Command port – The application communication port (RMI container port), it is used
100 8240 TCP VCO Client VCO Server
for remote invocations. It is part of the JBoss Application server infrastructure.
Data port used to access all Orchestrator data models, such as workflows and policies.
101 8244 TCP VCO Client VCO Server
It is part of the JBoss application server infrastructure.
Messaging port – The Java messaging port used to dispatch events. It is part of the
102 8250 TCP VCO Client VCO Server
JBoss Application server infrastructure
103 8280 TCP VCO Server VCO Server Port used by VCO Server to connect to the Web front-end via HTTP
104 8281 TCP VCO Server VCO Server Port used by VCO Server to connect to the Web front-end via HTTPS
Ref. No. Port Protocol Source Target Purpose
Port used by VCO Server to connect to vCenter Server to communicate with the vCen-
105 8281 TCP vCenter Server VCO Server
ter API
106 8282 TCP VCO Client PC VCO Server HTTP server port – Port used by the HTTP connector to connect to the Web frontend.
HTTPS server port – Port used by HTTP connector to connect to the Web frontend.
107 8283 TCP VCO Client PC VCO Server
Requires Jetty to be configured for SSL.
Update Manager www.vmware.com To obtain metadata for the updates, Update Manager must be able to connect to
108 80 TCP
Server and xml.shavlik.com http://www.vmware.com and http://xml.shavlik.com
Update Manager ESXi/ESX Host to Update Manager Server. The reverse proxy forwards the request to
109 80 TCP ESXi/ESX Host
Host port 9084
Update Manager
110 80 TCP vCenter Server Update Manager to vCenter Server communication
Server
Update Manager www.vmware.com To obtain metadata for the updates, Update Manager must be able to connect to
111 443 TCP
Server and xml.shavlik.com http://www.vmware.com and http://xml.shavlik.com
Update Manager ESXi/ESX Host to Update Manager Server . The reverse proxy forwards the request to
112 443 TCP ESXi/ESX Host
Server port 9084
Update Manager vCenter Server to Update Manager Server. The reverse proxy forwards the request to
113 443 TCP vCenter Server
Server port 8084
Update Manager Update Managerlistenerport (rdevServer.exe) part of theRemote Device Server used
114 735 TCP Virtual Machines
Server for virtual machine patching.
Update Manager To push patches and updates from Update Manager to the ESXi/ESX Hosts to be updat-
115 902 TCP ESXi/ESX Host
Server ed
Update Manager
116 1433 TCP Microsoft SQL Server Update Manager to Microsoft SQL Server connectivity (for UM Database)
Server
Update Manager Oracle Database
117 1521 TCP Update Manager to Oracle connectivity (for UM Database)
Server Server
Update Manager SOAP between components of Update Manager Server and the vCenter Update Man-
118 8084 TCP vCenter Server
Server ager client plug-in. Configurable at install.
Update Manager ESXi/ESX hosts connect to the VUM (VMware Update Manager) webserver listening for
119 9084 TCP ESXi/ESX host
Server updates. Configurable at install.
Update Manager
120 9087 TCP vCenter Server Port used for uploading host update files. Configurable at install.
Server
This is the recommend port range from which to choose ports for Update Manager if
Update Manager
121 9000 to 9100 TCP ESXi/ESX Host ports 80 and 443 are already in use. Update Manager automatically opens these ports
Server
for ESX Host scanning and remediation.
122 111 TCP, UDP vCloud Director Cell NFS Server NFS portmapper used by transfer service
123 920 TCP, UDP vCloud Director Cell NFS Server NFS rpc.statd used by transfer service
Ref. No. Port Protocol Source Target Purpose
vCloud Director Cell
124 61611 TCP vCloud Director Cell ActiveMQ
(Message Bus)
vCloud Director Cell
125 61616 TCP vCloud Director Cell ActiveMQ
(Message Bus)
126 25 TCP, UDP vCloud Director Cell SMTP Server SMTP
127 53 TCP, UDP vCloud Director Cell DNS Server DNS
128 123 TCP, UDP vCloud Director Cell NTP Time Server NTP
129 389 TCP, UDP vCloud Director Cell LDAP Server LDAP
130 443 TCP vCloud Director Cell ESXi / vCenter vCenter Server and ESXi connections
131 514 UDP vCloud Director Cell Syslog Server Optional, enables syslog use
132 902 TCP vCloud Director Cell ESXi / vCenter vCenter Server and ESXi connections
133 903 TCP vCloud Director Cell ESXi / vCenter vCenter Server and ESXi connections
134 1433 TCP vCloud Director Cell SQL Server Database Default Microsoft SQL Server database port
Oracle Database
135 1521 TCP vCloud Director Cell Default Oracle database port
Server
136 5672 TCP, UDP vCloud Director Cell AMQP RabbitMQ Optional, AMQP messages for task extensions.
137 10109 TCP vCenter Server vCenter Server vCenter Inventory Service Management
138 10111 TCP vCenter Server vCenter Server vCenter Inventory Service Linked Mode Communication
vCenter Inventory
139 10111 TCP vCenter Server vCenter Inventory Service Linked Mode Communication
Service
140 10080 TCP vSphere Client vCenter Server vCenter Inventory Service HTTP
141 10443 TCP vSphere Client vCenter Server vCenter Inventory Service HTTPS
142 9443 TCP Client PC Web Client Server Web Client Server HTTPS connection
143 9090 TCP Client PC Web Client Server Web Client Server HTTP connection
144 443 TCP Web Client Server vCenter Server Web Client Server to vCenter Server connection
145 7444 TCP Web Client Server vCenter SSO SSO Lookup service connection
CIM transactions over HTTP (only used in case of loopback – for the applications
146 5988,8889 TCP CIM Server ESXi 6.x
running locally)
147 12443 TCP Web Client Server Log Browser Service For accessing the logs
Internal port for Log Browser adminitstration page. It opens a socket (only bound to
148 12221 TCP Log Browser Proxy Log Browser Service
localhost) to accept admin commands.
149 9 UDP vCenter Server Virtual Volume Used by the Virtual Volumes feature

150 546 TCP/UDP DHCP Server ESXi Host DHCP client for IPv6

151 547 TCP/UDP ESXI Host DHCP Server DHCP client for IPv6
152 2233 TCP ESXi Host Virtual SAN Used for RDT traffic (Unicast peer to peer communication) between Virtual SAN nodes.
Transport

153 12345, UDP ESXI Host Virtual SAN Cluster Monitoring, Membership, and Directory Service used by Virtual SAN.
23451 Clustering Service

154 2012 TCP vCenter Server SSO Control interface RPC for vCenter Single Sign-On(SSO).

155 2014 TCP vCenter Server SSO RPC port for all VMCA (VMware Certificate Authority) APIs.

156 2020 TCP/UDP vCenter Server vCenter Server Authentication framework management

157 6500 TCP/UDP vCenter Server ESXi host ESXi Dump Collector port

158 443 TCP vSphere Web Client ESXi host Client connections