Whether you connect your client to ESX hosts through vCenter Server or use a direct connection to the host, certain ports are required for user and administrator communication with virtual machine consoles. These ports support different client functions, interface with different layers on ESX, and use different authentication protocols.

Port 902

vCenter Server uses this port to send data to vCenter Server managed hosts. Port 902 is the port that vCenter Server assumes is available when sending data to an ESX host.

Port 902 connects vCenter Server to the host through the VMware Authorization Daemon (vmware-authd). This daemon multiplexes port 902 data to the appropriate recipient for processing. VMware does not support configuring a different port for this connection.

Port 443

The vSphere Client, vSphere Web Access Client, and SDK use this port to send data to vCenter Server managed hosts. Also, the vSphere Client, vSphere Web Access Client, and SDK, when connected directly to an ESX host, use this port to support any management functions related to the server and its virtual machines. Port 443 is the port that clients assume is available when sending data to the ESX host. VMware does not support configuring a different port for these connections.

Port 443 connects clients to the ESX host through the Tomcat Web service or the SDK. The vmware-hostd multiplexes port 443 data to the appropriate recipient for processing.

Port 903

The vSphere Client and vSphere Web Access use this port to provide a connection for guest operating system MKS activities on virtual machines. It is through this port that users interact with the guest operating systems and applications of the virtual machine. Port 903 is the port that the vSphere Client and vSphere Web Access assume is available when interacting with virtual machines. VMware does not support configuring a different port for this function.

Port 903 connects the vSphere Client to a specified virtual machine configured on the ESX host.

Port Use for vSphere Client Communications with ESX shows the relationships between vSphere Client functions, ports, and ESX processes.

The vSphere Web Access Client uses the same basic mapping for its interactions with the ESX host.

Port Use for vSphere Client Communications with ESX
Port use for vSphere client communications with ESX

If you have a firewall between your vCenter Server system and vCenter Server managed host, open Ports 443 and 903 in the firewall to allow data transfer to ESX hosts from vCenter Server and ESX hosts directly from the vSphere Client and vSphere Web Access.

For additional information on configuring the ports, see the firewall system administrator.