Installation guide
Required Ports for vCenter Server
The VMware vCenter Server system must be able to send data to every managed host and receive data from
every vSphere Client. To enable migration and provisioning activities between managed hosts, the source and
destination hosts must be able to receive data from each other.
For information about ports required for the vCenter Server Appliance, see “Required Ports for the vCenter
Server Appliance,” on page 23.
VMware uses designated ports for communication. Additionally, the managed hosts monitor designated ports
for data from the vCenter Server system. If a firewall exists between any of these elements and Windows
firewall service is in use, the installer opens the ports during the installation. For custom firewalls, you must
manually open the required ports. If you have a firewall between two managed hosts and you want to perform
source or target activities, such as migration or cloning, you must configure a means for the managed hosts to
receive data.
NOTE In Microsoft Windows Server 2008, a firewall is enabled by default.
Table 3-12. Ports Required for Communication Between Components
Port Description
80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port
443. This redirection is useful if you accidentally use http://server instead of https://server.
If you use a custom Microsoft SQL database (not the bundled SQL Server 2008 database) that is stored
on the same host machine as the vCenter Server, port 80 is used by the SQL Reporting Service. When
you install vCenter Server, the installer will prompt you to change the HTTP port for vCenter Server.
Change the vCenter Server HTTP port to a custom value to ensure a successful installation.
Microsoft Internet Information Services (IIS) also use port 80. See “Conflict Between vCenter Server and
IIS for Port 80,” on page 24.
389 This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port
number for the Directory Services for the vCenter Server group. The vCenter Server system needs to
bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If
another service is running on this port, it might be preferable to remove it or change its port to a different
port. You can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389
to an available port from 1025 through 65535.
443 The default port that the vCenter Server system uses to listen for connections from the vSphere Client.
To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the
firewall.
The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.
If you use another port number for HTTPS, you must use ip-address:port when you log in to the vCenter
Server system.
636 For vCenter Server Linked Mode, this is the SSL port of the local instance. If another service is running
on this port, it might be preferable to remove it or change its port to a different port. You can run the
SSL service on any port from 1025 through 65535.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts
also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts or between hosts.
902 Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this
ports to display virtual machine consoles.
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
60099 Web Service change service notification port
10443 vCenter Inventory Service HTTPS
vSphere Upgrade
22 VMware, Inc.