Used network ports between ESX, vCenter, and the vSphere client

In a single customer setup, the network traffic and ports used in the virtual infrastructure are typically not a focus area because most components can be placed on the same networks. However, in a multiple customer environment we're experiencing that the network guys are asking a lot of questions as they want to lock down and secure the networks (which makes sense..).

Anyway, I just wanted to gather some of the info that I use regularly.

• A link to my previous post with a network diagram
• Link to VMware KB article about used ports for a vSphere environment and related components
• vMotion between networks requires TCP port 8000
• If searching and sorting VMs in the vSphere client is slow, then ensure that port 8443 TCP is opened between the vSphere client and the ESX hosts
• If you can't get a remote console on the VMs (you get a black screen and a yellow bar in the top stating some sort of MKS error) ensure that port 903 TCP is allowed between the vSphere client and the ESX hosts
• If an ESX host keeps disconnecting in vCenter, ensure that port 902 UDP is allowed from the ESX host to the vCenter

Required ports between ESX and vCenter:

Source	Destination	Direction	Protocol	Port	Purpose
vCenter	ESX	In/out	TCP	902	VMware console
vCenter	ESX	In/out	TCP	903	VMware console
vCenter	ESX	In/out	TCP	443	HTTPS
vCenter	ESX	In/out	TCP	22	SSH
vCenter	ESX	In/out	TCP	80	HTTP
vCenter	ESX	In/out	TCP	161	SNMP
vCenter	ESX	In/out	TCP	5989	CIM
ESX	vCenter	out	UDP	902	Heartbeart