Specifications

ManualsBrandsVMware ManualsOtherTHINAPP 4.6 - MIGRATING APPLICATIONS TECHNICAL NOTE

Back-End Firewall Rules

To allow a security server to communicate with each View Connection Server instance that resides within the

internal network, the back-end firewall must allow inbound traffic on certain TCP ports. Behind the back-end

firewall, internal firewalls must be similarly configured to allow View desktops and View Connection Server

instances to communicate with each other. Table 5-2 summarizes the back-end firewall rules.

Table 5-2. Back-End Firewall Rules

Source Protocol Port Destination Notes

Security server HTTP 80 Transfer Server Security servers can use port 80 to

download View desktop data to local

mode desktops from the Transfer Server

and to replicate data to the Transfer

Server.

Security server HTTPS 443 Transfer Server If you configure View Connection

Server to use SSL for local mode

operations and desktop provisioning,

security servers use port 443 for

downloads and replication between

local mode desktops and the Transfer

Server.

Security server AJP13 8009 View Connection Server Security servers use port 8009 to

transmit AJP13-forwarded Web traffic

to View Connection Server instances.

Security server JMS 4001 View Connection Server Security servers use port 4001 to

transmit Java Message Service (JMS)

traffic to View Connection Server

instances.

Security server RDP 3389 View desktop Security servers use port 3389 to

transmit RDP traffic to View desktops.

NOTE For USB redirection, TCP port

32111 is used alongside RDP. For MMR,

TCP port 9427 is used alongside RDP.

Security server PCoIP TCP 4172

UDP

4172

View desktop Security servers use TCP port 4172 to

transmit PCoIP traffic to View desktops,

and security servers use UDP port 4172

to transmit PCoIP traffic in both

directions.

For USB redirection, TCP port 32111 is

used alongside PCoIP from the client to

the View desktop.

TCP Ports for View Connection Server Intercommunication

Groups of View Connection Server instances use additional TCP ports to communicate with each other. For

example, View Connection Server instances use port 4100 to transmit JMS inter-router (JMSIR) traffic to each

other. Firewalls are generally not used between the View Connection Server instances in a group.

Understanding VMware View Communications Protocols

VMware View components exchange messages by using several different protocols.

Figure 5-5 illustrates the protocols that each component uses for communication when a security server is not

configured. That is, the secure tunnel for RDP and the PCoIP secure gateway are not turned on. This

configuration might be used in a typical LAN deployment.

Chapter 5 Planning for Security Features

VMware, Inc. 61