In a single customer setup, the network traffic and ports used in the virtual infrastructure are typically not a focus area because most components can be placed on the same networks. However, in a multiple customer environment we're experiencing that the network guys are asking a lot of questions as they want to lock down and secure the networks (which makes sense..).
Anyway, I just wanted to gather some of the info that I use regularly.
- A link to my previous post with a network diagram
- Link to VMware KB article about used ports for a vSphere environment and related components
- vMotion between networks requires TCP port 8000
- If searching and sorting VMs in the vSphere client is slow, then ensure that port 8443 TCP is opened between the vSphere client and the ESX hosts
- If hardware status tab is not available, then ensure that port 8443 TCP is opened between the vSphere client and the vCenter server
- In vCenter 5.x, if searching and sorting VMs in the vSphere client is slow then port 10443 TCP has to be opened between the vSphere client/client PC and the vCenter server (also, opening this port is required for viewing VM inventory across linked mode vCenter servers - for v5.1)
- If you can't get a remote console on the VMs (you get a black screen and a yellow bar in the top stating some sort of MKS error) ensure that port 903 (and 902) TCP is allowed from the vSphere client and to the ESX hosts
- If an ESX host keeps disconnecting in vCenter, ensure that port 902 UDP is allowed from the ESX host to the vCenter
Required ports between ESX and vCenter:
Source
|
Destination
|
Direction
|
Protocol
|
Port
|
Purpose
|
vCenter
|
ESX
|
In/out
|
TCP
|
902
|
VMware console
|
vCenter
|
ESX
|
In/out
|
TCP
|
903
|
VMware console
|
vCenter
|
ESX
|
In/out
|
TCP
|
443
|
HTTPS
|
vCenter
|
ESX
|
In/out
|
TCP
|
22
|
SSH
|
vCenter
|
ESX
|
In/out
|
TCP
|
80
|
HTTP
|
vCenter
|
ESX
|
In/out
|
TCP
|
161
|
SNMP
|
vCenter
|
ESX
|
In/out
|
TCP
|
5989
|
CIM
|
ESX
|
vCenter
|
out
|
UDP
|
902
|
Heartbeart
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.