network port diagram - vsphere 6.x -reference sheet · pdf fileversion: 2.0 network port...
TRANSCRIPT
Network Port Diagram - vSphere 6.x - Reference Sheet
Updated August 2015
Source: VMware KB 1012382, KB 1030816, KB 2106283, KB 2039095
Version: 2.0
Network Port Diagram – vSphere 6.xSource: VMware KB 1012382, KB 1030816, KB 2106283, KB 2039095
Products Covered
• ESXi 6.x and vCenter 6.x
• Update Manager
• vCloud Director 6.x
• vCenter Orchestrator
• Virtual SAN
Naming Convention Example
902 / TCP,UDP (59)
Port # Protocol Ref. #
Legend
Unidirectional Communication
Bi-directional Communication
vSphere Client
Client PC
Clients
DNS Server
NTP Server
SNMP Server
SMB Server
Active Directory Server
Syslog Server
SMTP Server
MS Directory Service
LDAP Server
DHCP Server SPSServerCIM Server
Servers
vSphereAuthentication
Proxy
Storage
NFS iSCSI
Database
SQL Oracle
Inventory Service
(On a separateserver)vSphere 5.1 Only
Web Client Server
(On a separate server)vSphere 5.1 Only
vCenter SSO
(On a separate server)vSphere 5.1 Only
vCenter
Internal Communication
8005,8006 / TCP (70,71)
8009 / TCP (72)
8083,8085 / TCP (74,75)
8086,8087 / TCP (76,77)
60099 / TCP (86)
10109 / TCP (81)
2020 / TCP UDP (156)
Log Browser Service
12443 / TCP (147)
12221 / TCP (148)
Tomcat ServerSettings
Inventory Service
5.1 Only
(Simple Install)
vSphere 5.x and
ESXi 6.x
ESXi 6.x
vCenter
Linked Mode
Ashish PrajapatiKilian Walker
SQL Oracle MySQL Postgres
www.vmware.com and xml.shavlik.com
UpdateManager
SQL Oracle
vCloud Director
AMQPRabbitMQ
SQLNFS Oracle
vCenter Orchestrator
Internal Communication
8280 / TCP (103)
8281 / TCP (104)
VCOServer
VCOClient PC
VCOClient
vCloudDirector
Cell2
Cell 1Message Bus
427 / UDP (12)
902 / TC
P (21)
10443 / TCP (141)
80 / TCP (45) 443 / TCP (53)
9443 / TCP (80)
5480 / TCP (61)
104
43 / TC
P (83)
8080
/ TCP (73)
844
3 / TCP (78)
902 / TC
P,UD
P (59)
10080 / TCP (140)
44
3 / TCP (13)
22 / TCP (1)
80 / TC
P (4)
3260 / TC
P (26)
204
9 / TCP,U
DP (24
,25)
111 / TCP,UDP (6,7)14
33 / TCP (63)51915 / TCP (84)
1521 / TCP (64
)
1010
9 / TCP (137)
10111 / TC
P (138)
10111 / TC
P (139)
944
3 / TCP (14
2)
9090
/ TCP (14
3)
7444 / TCP (88)
7005 / TCP (86)
7009 / TCP (89)
443 / TCP (93)
8281 / TCP (105)
7080 / TCP (87)
902 / TCP,UDP (22)
623 / UDP (55)
80 / TC
P (46)
902 / TCP,UDP (57,58)
6500
/ UD
P (40
)
8230 / TC
P (99)14
33 / TCP (95)
1521 / TCP (96)
3306 / TC
P (97)
5432 / TC
P (98)
8240
/ TCP (10
0)
8244
/ TCP (10
1)
8250 / TC
P (102)
8282 / TCP (10
6)
8283/ TCP (10
7)
8000,8001 / TCP (41,42)
8000 / TCP (69)
5988 / TCP (65)
443 / TCP (54)
5989 / TCP (29,30
)
1024
-Dynam
ic / RPC
(62)
135 / TCP (4
9)389 / TC
P,UD
P (52)636 / TC
P (56)84
43 / TC
P (79)
7500
/ UD
P (68)
920 / TC
P,UD
P (123)
111 / TCP,U
DP (122)
1433 / TC
P (134)
5672 / TCP,U
DP (136)
1521 / TCP (135)
61616 / TCP (125)
61611 / TCP (124
) 10111 / TC
P (82,90)
Linked Mode Communications
44
3 / TCP (14
)590
0 to 5964
/ TCP (27)
8301 / U
DP (36)
8302 / U
DP (37)
902 / TC
P,UD
P (60)
902 / TC
P,UD
P (20)
8100
/ TCP,U
DP (33)
8182 / TCP,U
DP (34
)
800
0 / TC
P (VM
Target VM
Source) (31,32)
8200
,8300/ TC
P,UD
P (35)
25 / TCP (4
3)
25 / TCP (91)
636 / TCP (94)389 / TCP,UDP (92)
514 / U
DP (131)
25 / TCP,U
DP (126)
389 / TCP,U
DP (129)
53 / UDP (2)
514 / TCP,UDP (19)
445 / UDP (15,16)
123 / TCP,UDP (128)
53 / TCP,UDP (127)
389 / TCP,UDP (11)
123 / UDP (8)
68 / UD
P (3)
5989 / TCP (28)
5988,8889 / TCP (146)
161 / UD
P (9)
162 / UDP (10)
445 / UDP (17)
1024
-Dynam
ic / TCP,U
DP (23)
464
/ TCP (18)
88 / TCP (5)
53 / UD
P (44
)
31100
/ TCP (38)
3100
0 / TC
P (39)
162 / UD
P (51)
88 / TCP,UDP (47,48)
443 / TCP (130) 902 / TCP (132)
1521 / TCP (117)
44
3 / TCP (111)
80 / TC
P (108)
1433/ TCP (116)
903 / TCP (133)
80 / TCP (110) 8084 / TCP (118)
9087 / TCP (120)
443 / TCP (113)
80 / TC
P (109)
44
3 / TCP (112)
9084
/ TCP (119)
900
0 to 910
0 / TC
P (121)
735 / TCP (114
)
902 / TC
P (115)
7444 / TCP (145)
443 / TCP (144)
9084 / TCP (50)
This document was created using the o�cial VMware icon and diagram library. Copyright © 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware does not endorse or make any representations about third party information included in this document, nor does the inclusion of any VMware icon or diagram in this document imply such an endorsement. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. Product names, logos and trademarks of other companies which are used in this document remain the property of those other companies.
>_
SUPPORT READINESSTRAINING
9 / UDP (149)
DHCP Server (IPv6)546/547 / TCP,UDP (150/151)
Virtual SAN
2233 / TC
P (152)
12345,23451 / U
DP (1
53)
vCenter SSO
(On a separate server) vSphere 6.0 Only
6500 /TCP UDP (157)
2012 / TCP (154) 2014 / TCP (155)
443 / TCP (158)
Reference for Port Diagram
Ref. No. Port Protocol Source Target Purpose1 22 TCP Client PC ESXi 6.x SSH Server
2 53 UDP ESXi 6.x DNS Server DNS Client3 68 UDP ESXi 6.x DHCP Server DHCP Client4 80 TCP Client PC ESXi 6.x Redirect Web Browser to HTTPS Service (443)
5 88 TCP ESXi host Active Directory Server PAM Active Directory Authentication - Kerberos
6 111 TCP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper7 111 UDP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper8 123 UDP ESXi/ESX Host NTP Time Server NTP Client9 161 UDP SNMP Server ESXi 4.x Host SNMP Polling. Not used in ESXi 3.x
10 162 UDP ESXi Host SNMP Collector SNMP Trap Send11 389 TCP/UDP ESXi host LDAP Server PAM Active Directory Authentication - Kerberos12 427 UDP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)13 443 TCP VI / vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX Host management connection14 443 TCP ESXi/ESX Host ESXi/ESX Host Host to host VM migration and provisioning
15 445 UDP ESXi host MS Directory Ser-vices Server PAM Active Directory Authentication
16 445 TCP ESXi host MS Directory Ser-vices Server PAM Active Directory Authentication
17 445 TCP ESXi host SMB Server SMB Server
18 464 TCP ESXi host Active Directory Server PAM Active Directory Authentication - Kerberos
19 514 UDP/TCP ESXi 6.x Syslog Server Remote syslog logging20 902 TCP/UDP ESXi 6.x ESXi 6.x Host access to other hosts for migration and provisioning21 902 TCP vSphere Client ESXi 6.x vSphere Client access to virtual machine consoles (MKS)22 902 TCP/UDP ESXi 6.x vCenter Server (UDP) Status update (heartbeat) connection from ESXi to vCenter Server
23 1024 (dynamic) TCP/UDP ESXi Host Active Directory Server
Bi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). See Active Directory and Active Directory Domain Services Port Requirements and MS article 179442.
24 2049 TCP ESXi 6.x NFS Server Transactions from NFS storage devices25 2049 UDP ESXi 6.x NFS Server Transactions from NFS storage devices26 3260 TCP ESXi 6.x iSCSI storage server Transactions to iSCSI storage devices
Ref. No. Port Protocol Source Target Purpose
27 5900 to 5964 TCP ESXi 6.x ESXi 6.x RFB protocol, which is used by management tools such as VNC
28 5989 TCP CIM Server ESXi 6.x CIM transactions over HTTP29 5989 TCP vCenter Server ESXi 6.x CIM XML transactions over HTTPS30 5989 TCP ESXi 6.x vCenter Server CIM XML transactions over HTTPS31 8000 TCP ESXi 6.x (VM Target) ESXi 6.x (VM Source) Requests from vMotion32 8000 TCP ESXi 6.x (VM Source) ESXi 6.x (VM Target) Requests from vMotion33 8100 TCP/UDP ESXi 6.x ESXi 6.x Traffic between hosts for vSphere Fault Tolerance (FT)34 8182 TCP/UDP ESXi 6.x ESXi 6.x Traffic between hosts for vSphere High Availability (vSphere HA)35 8200,8300 TCP/UDP ESXi 6.x ESXi 6.x Traffic between hosts for vSphere Fault Tolerance (FT)36 8301 UDP ESXi 6.x ESXi 6.x DVS Port Information37 8302 UDP ESXi 6.x ESXi 6.x DVS Port Information38 31100 TCP vCenter SPS Server Internal Communication Port39 31000 TCP SPS Server vCenter Internal Communication Port40 6500 UDP ESXi vCenter Server Network coredump server41 8000 TCP ESXi vCenter Server Network coredump web port42 8001 TCP ESXi vCenter Server Network syslog server43 25 TCP vCenter Server SMTP Server Email notifications44 53 UDP vCenter Server DNS Server DNS lookups45 80 TCP Client PC vCenter Server vCenter Server requires port 80 for direct HTTP connections.46 80 TCP vCenter Server ESXi 6.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
47 88 UDP vCenter Server Active Directory Server AD Authentication
48 88 TCP vCenter Server Active Directory Server AD Authentication
49 135 TCP vCenter Server vCenter Server Linked Mode50 9084 TCP vSphere Client Update Manager Download of VUM client binary from VUM server machine to the VI client machine.51 162 UDP vCenter Server SNMP Server SNMP Trap Send
52 389 TCP/UDP vCenter Server Linked vCenter Servers
This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, you can run the LDAP service on any port from 1025 through 65535.
53 443 TCP vSphere Client vCenter Server vCenter Server system uses to listen for connections from the vSphere Client.54 443 TCP vCenter Server ESXi 6.x vCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol
Ref. No. Port Protocol Source Target Purpose55 623 UDP vCenter Server ESXi 6.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
56 636 TCP vCenter Servers Linked vCenter Servers vCenter Server Linked Mode, this is the SSL port of the local instance.
57 902 TCP vCenter Server ESXi 6.x vCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts.
58 902 UDP vCenter Server ESXi 6.x Managed hosts send a regular heartbeat to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts.
59 902 TCP/UDP vSphere Client ESXi 6.x vSphere Client uses this ports to display virtual machine consoles.60 902 TCP/UDP ESXi 6.x ESXi 6.x Host access to other hosts for migration and provisioning
61 5480 TCP Client PC vCenter Server Only applicable for vCenter Server Virtual Appliance - used for accessing VAMI page of vCenter Server Appliance over HTTPS
62 1024 (dynamic) RPC Linked vCenter Servers Linked vCenterServers
Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all vCenters that own an object it needs to manage.
63 1433 TCP vCenter Server Microsoft SQL Server For vCenter Microsoft SQL Server Database
64 1521 TCP vCenter Server Oracle Database Server For vCenter Oracle Database
65 5988 TCP ESXi 6.x vCenter Server CIM transactions over HTTP68 7500 UDP vCenter Server vCenter Server Linked Mode, Java Discovery Port69 8000 TCP vCenter Server ESXi 6.x Requests from vMotion70 8005 TCP vCenter Server vCenter Server Internal Communication Port71 8006 TCP vCenter Server vCenter Server Internal Communication Port72 8009 TCP vCenter Server vCenter Server AJP Port73 8080 TCP Client PC vCenter Server Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.74 8083 TCP vCenter Server vCenter Server Internal Service Diagnostics75 8085 TCP vCenter Server vCenter Server Internal Service Diagnostics/SDK76 8086 TCP vCenter Server vCenter Server Internal Communication Port77 8087 TCP vCenter Server vCenter Server Internal Service Diagnostics78 8443 TCP Client PC vCenter Server Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.79 8443 TCP vCenter Server vCenter Server Linked Mode80 9443 TCP Client PC vCenter Server vSphere Web Client Access81 10109 TCP vCenter Server vCenter Server vCenter Inventory Service Service Management82 10111 TCP vCenter Server vCenter Server vCenter Inventory Service Linked Mode Communication83 10443 TCP Client PC vCenter Server vCenter Inventory Service HTTPS
Ref. No. Port Protocol Source Target Purpose
84 51915 TCP ESXi vSphere Authentica-tion Proxy This is a web service, which is used to add host to Active Directory domain.
85 60099 TCP vCenter Server vCenter Server Web Service change service notification port
86 7005 TCP vCenter Server (Tom-cat Server settings)
vCenter Single Sign On
Base shutdown port. For more information, see Configuring VMware Tomcat Server Settings in vCenter Server 5.1.
87 7080 TCP vCenter Server (Tom-cat Server settings)
vCenter Single Sign On HTTP Port
88 7444 TCP vCenter Server (Tom-cat Server settings)
vCenter Single Sign On HTTPS Port
89 7009 TCP vCenter Server (Tom-cat Server settings)
vCenter Single Sign On AJP Port
90 10111 TCP vCenter Inventory Service vCenter Server vCenter Inventory Service Linked Mode Communication
91 25 TCP VCO Server SMTP Server Email notifications92 389 TCP/UDP VCO Server LDAP Server LDAP Authentication
93 443 TCP VCO Server vCenter Server Used to obtain virtual infrastructure and virtual machine information from orchestrat-ed vCenter Server(s) through the vCenter API
94 636 TCP VCO Server LDAP ServerVCO uses LDAP authentication and group membership to determine role authorization in LCM and access to VMs/requests. This is the SSL secured LDAP protocol LDAPS (the SSL pendent of 389). This is used for secured LDAP authentication
95 1433 TCP VCO Server Microsoft SQL Server vCenter Orchestrator Server to Microsoft SQL Server for VCO Database
96 1521 TCP VCO Server Oracle Database Server vCenter Orchestrator Server to Oracle for VCO Database
97 3306 TCP VCO Server MySQL Server vCenter Orchestrator Server to MySQL Server for VCO Database98 5432 TCP VCO Server PostgresSQL Server vCenter Orchestrator Server to PostgresSQL Server for VCO Database
99 8230 TCP VCO Client VCO ServerLookup port – The main port to communicate with Orchestrator Configurator server (JNDI port). All other ports communicate with the Orchestrator Configurator smart client through this one. It is part of the JBoss Application server infrastructure
100 8240 TCP VCO Client VCO Server Command port – The application communication port (RMI container port), it is used for remote invocations. It is part of the JBoss Application server infrastructure.
101 8244 TCP VCO Client VCO Server Data port used to access all Orchestrator data models, such as workflows and policies. It is part of the JBoss application server infrastructure.
102 8250 TCP VCO Client VCO Server Messaging port – The Java messaging port used to dispatch events. It is part of the JBoss Application server infrastructure
103 8280 TCP VCO Server VCO Server Port used by VCO Server to connect to the Web front-end via HTTP104 8281 TCP VCO Server VCO Server Port used by VCO Server to connect to the Web front-end via HTTPS
Ref. No. Port Protocol Source Target Purpose
105 8281 TCP vCenter Server VCO Server Port used by VCO Server to connect to vCenter Server to communicate with the vCen-ter API
106 8282 TCP VCO Client PC VCO Server HTTP server port – Port used by the HTTP connector to connect to the Web frontend.
107 8283 TCP VCO Client PC VCO Server HTTPS server port – Port used by HTTP connector to connect to the Web frontend. Requires Jetty to be configured for SSL.
108 80 TCP Update Manager Server
www.vmware.com and xml.shavlik.com
To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com
109 80 TCP ESXi/ESX Host Update Manager Host
ESXi/ESX Host to Update Manager Server. The reverse proxy forwards the request to port 9084
110 80 TCP Update Manager Server vCenter Server Update Manager to vCenter Server communication
111 443 TCP Update Manager Server
www.vmware.com and xml.shavlik.com
To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com
112 443 TCP ESXi/ESX Host Update Manager Server
ESXi/ESX Host to Update Manager Server . The reverse proxy forwards the request to port 9084
113 443 TCP vCenter Server Update Manager Server
vCenter Server to Update Manager Server. The reverse proxy forwards the request to port 8084
114 735 TCP Update Manager Server Virtual Machines Update Managerlistenerport (rdevServer.exe) part of theRemote Device Server used
for virtual machine patching.
115 902 TCP Update Manager Server ESXi/ESX Host To push patches and updates from Update Manager to the ESXi/ESX Hosts to be updat-
ed
116 1433 TCP Update Manager Server Microsoft SQL Server Update Manager to Microsoft SQL Server connectivity (for UM Database)
117 1521 TCP Update Manager Server
Oracle Database Server Update Manager to Oracle connectivity (for UM Database)
118 8084 TCP Update Manager Server vCenter Server SOAP between components of Update Manager Server and the vCenter Update Man-
ager client plug-in. Configurable at install.
119 9084 TCP ESXi/ESX host Update Manager Server
ESXi/ESX hosts connect to the VUM (VMware Update Manager) webserver listening for updates. Configurable at install.
120 9087 TCP Update Manager Server vCenter Server Port used for uploading host update files. Configurable at install.
121 9000 to 9100 TCP ESXi/ESX Host Update Manager Server
This is the recommend port range from which to choose ports for Update Manager if ports 80 and 443 are already in use. Update Manager automatically opens these ports for ESX Host scanning and remediation.
122 111 TCP, UDP vCloud Director Cell NFS Server NFS portmapper used by transfer service123 920 TCP, UDP vCloud Director Cell NFS Server NFS rpc.statd used by transfer service
Ref. No. Port Protocol Source Target Purpose
124 61611 TCP vCloud Director Cell (Message Bus) vCloud Director Cell ActiveMQ
125 61616 TCP vCloud Director Cell (Message Bus) vCloud Director Cell ActiveMQ
126 25 TCP, UDP vCloud Director Cell SMTP Server SMTP127 53 TCP, UDP vCloud Director Cell DNS Server DNS128 123 TCP, UDP vCloud Director Cell NTP Time Server NTP129 389 TCP, UDP vCloud Director Cell LDAP Server LDAP130 443 TCP vCloud Director Cell ESXi / vCenter vCenter Server and ESXi connections131 514 UDP vCloud Director Cell Syslog Server Optional, enables syslog use132 902 TCP vCloud Director Cell ESXi / vCenter vCenter Server and ESXi connections133 903 TCP vCloud Director Cell ESXi / vCenter vCenter Server and ESXi connections134 1433 TCP vCloud Director Cell SQL Server Database Default Microsoft SQL Server database port
135 1521 TCP vCloud Director Cell Oracle Database Server Default Oracle database port
136 5672 TCP, UDP vCloud Director Cell AMQP RabbitMQ Optional, AMQP messages for task extensions.137 10109 TCP vCenter Server vCenter Server vCenter Inventory Service Management138 10111 TCP vCenter Server vCenter Server vCenter Inventory Service Linked Mode Communication
139 10111 TCP vCenter Inventory Service vCenter Server vCenter Inventory Service Linked Mode Communication
140 10080 TCP vSphere Client vCenter Server vCenter Inventory Service HTTP141 10443 TCP vSphere Client vCenter Server vCenter Inventory Service HTTPS142 9443 TCP Client PC Web Client Server Web Client Server HTTPS connection143 9090 TCP Client PC Web Client Server Web Client Server HTTP connection144 443 TCP Web Client Server vCenter Server Web Client Server to vCenter Server connection145 7444 TCP Web Client Server vCenter SSO SSO Lookup service connection
146 5988,8889 TCP CIM Server ESXi 6.x CIM transactions over HTTP (only used in case of loopback – for the applications running locally)
147 12443 TCP Web Client Server Log Browser Service For accessing the logs
148 12221 TCP Log Browser Proxy Log Browser Service Internal port for Log Browser adminitstration page. It opens a socket (only bound tolocalhost) to accept admin commands.
149 9 UDP vCenter Server Virtual Volume Used by the Virtual Volumes feature
150 546 TCP/UDP DHCP Server ESXi Host DHCP client for IPv6
151 547 TCP/UDP ESXI Host DHCP client for IPv6DHCP Server
152 2233 TCP ESXi Host Virtual SAN Transport
Used for RDT traffic (Unicast peer to peer communication) between Virtual SAN nodes.
153 12345, 23451
UDP ESXI Host Cluster Monitoring, Membership, and Directory Service used by Virtual SAN.Virtual SAN Clustering Service
154 2012 TCP vCenter Server SSO Control interface RPC for vCenter Single Sign-On(SSO).
155 2014 TCP vCenter Server RPC port for all VMCA (VMware Certificate Authority) APIs.SSO
156 2020 Authentication framework managementTCP/UDP vCenter Server vCenter Server
157 6500 TCP/UDP vCenter Server ESXi host ESXi Dump Collector port
158 443 TCP vSphere Web Client ESXi host Client connections