Specifications
Table 3‑12. Ports Required for Communication Between Components (Continued)
Port Description
636 For vCenter Server Linked Mode, this is the SSL port of the local instance. If another service is
running on this port, it might be preferable to remove it or change its port to a different port. You can
run the SSL service on any port from 1025 through 65535.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts
also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts or between hosts.
903 Port 903 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this
ports to display virtual machine consoles.
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
60099 Web Service change service notification port
10443 vCenter Inventory Service HTTPS
10109 vCenter Inventory Service Management
10111 vCenter Inventory Service Linked Mode Communication
To have the vCenter Server system use a different port to receive vSphere Client data, see the vCenter Server
and Host Management documentation.
For a discussion of firewall configuration, see the vSphere Security documentation.
Required Ports for the vCenter Server Appliance
The VMware vCenter Server system must be able to send data to every managed host and receive data from
every vSphere Client. For migration and provisioning activities between managed hosts, the source and
destination hosts must be able to receive data from each other.
For information about ports required for vCenter Server on Windows, see “Required Ports for vCenter
Server,” on page 22.
VMware uses designated ports for communication. Additionally, the managed hosts monitor designated
ports for data from the vCenter Server system. The vCenter Server Appliance is preconfigured to use the
ports listed in Table 3-13. For custom firewalls, you must manually open the required ports. If you have a
firewall between two managed hosts and you want to perform source or target activities, such as migration
or cloning, you must configure a means for the managed hosts to receive data.
Table 3‑13. Ports Required for the vCenter Server Appliance
Port Description
80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS
port 443. This redirection is useful if you accidentally use http://server instead of https://server.
443 The default port that the vCenter Server system uses to listen for connections from the vSphere
Client. To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in
the firewall.
The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.
If you use another port number for HTTPS, you must use ip-address:port when you log in to the
vCenter Server system.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts
also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts or between hosts.
Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this
port to display virtual machine consoles.
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
Chapter 3 System Requirements
VMware, Inc. 23