The vCenter Server system, both on Windows and in the appliance, must be able to send data to every managed host and receive data from the vSphere Web Client and the Platform Services Controller services. To enable migration and provisioning activities between managed hosts, the source and destination hosts must be able to receive data from each other.

If a port is in use or is blacklisted, the vCenter Server installer displays an error message. You must use another port number to proceed with the installation. There are internal ports that are used only for inter-process communication.

VMware uses designated ports for communication. Additionally, the managed hosts monitor designated ports for data from vCenter Server. If a built-in firewall exists between any of these elements, the installer opens the ports during the installation or upgrade process. For custom firewalls, you must manually open the required ports. If you have a firewall between two managed hosts and you want to perform source or target activities, such as migration or cloning, you must configure a means for the managed hosts to receive data.

Note

In Microsoft Windows Server 2008 and later, firewall is enabled by default.

Ports Required for Communication Between Components

Port

Protocol

Description

Required for

Used for Node-to-Node Communication

22

TCP/UDP

System port for SSHD.

Appliance deployments of

vCenter Server

Platform Services Controller

No

53

DNS service

Windows installations and appliance deployments of Platform Services Controller

No

80

TCP

vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port 443. This redirection is useful if you accidentally use http://server instead of https://server.

WS-Management (also requires port 443 to be open).

If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as the vCenter Server, port 80 is used by the SQL Reporting Service. When you install or upgrade vCenter Server, the installer prompts you to change the HTTP port for vCenter Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation or upgrade.

Important

You can change this port number during the vCenter Server and Platform Services Controller installations on Windows.

Windows installations and appliance deployments of

vCenter Server

Platform Services Controller

No

88

TCP

Active Directory server. This port must be open for host to join Active Directory. If you use native Active Directory, the port must be open on both vCenter Server and Platform Services Controller.

Windows installations and appliance deployments of Platform Services Controller

No

389

TCP/UDP

This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.

If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535.

Windows installations and appliance deployments of Platform Services Controller

vCenter Server to Platform Services Controller

Platform Services Controller to Platform Services Controller

443

TCP

The default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the firewall.

The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.

This port is also used for the following services:

WS-Management (also requires port 80 to be open)

Third-party network management client connections to vCenter Server

Third-party network management clients access to hosts

Important

You can change this port number during the vCenter Server and Platform Services Controller installations on Windows.

Windows installations and appliance deployments of

vCenter Server

Platform Services Controller

vCenter Server to vCenter Server

vCenter Server to Platform Services Controller

Platform Services Controller to vCenter Server

514

TCP/UDP

vSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance

Important

You can change this port number during the vCenter Server and Platform Services Controller installations on Windows.

Windows installations and appliance deployments of

vCenter Server

Platform Services Controller

No

636

TCP

vCenter Single Sign-On LDAPS

For backward compatibility with vSphere 6.0 only.

Windows installations and appliance deployments of Platform Services Controller

During upgrade from vSphere 6.0 only.

vCenter Server 6.0 to Platform Services Controller 6.5

902

TCP/UDP

The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts.

Port 902 must not be blocked between the VMware Host Client and the hosts. The VMware Host Client uses this port to display virtual machine consoles

Important

You can change this port number during the vCenter Server installations on Windows.

Windows installations and appliance deployments of vCenter Server

No

1514

TCP/UDP

vSphere Syslog Collector TLS port for vCenter Server on Windows and vSphere Syslog Service TLS port for vCenter Server Appliance

Important

You can change this port number during the vCenter Server and Platform Services Controller installations on Windows.

Windows installations and appliance deployments of

vCenter Server

Platform Services Controller

No

2012

TCP

Control interface RPC for vCenter Single Sign-On

Windows installations and appliance deployments of Platform Services Controller

vCenter Server to Platform Services Controller

Platform Services Controller to vCenter Server

Platform Services Controller to Platform Services Controller

2014

TCP

RPC port for all VMCA (VMware Certificate Authority) APIs

Important

You can change this port number during the Platform Services Controller installations on Windows.

Windows installations and appliance deployments of Platform Services Controller

vCenter Server to Platform Services Controller

Platform Services Controller to vCenter Server

2015

TCP

DNS management

Windows installations and appliance deployments of Platform Services Controller

Platform Services Controller to Platform Services Controller

2020

TCP/UDP

Authentication framework management

Important

You can change this port number during the vCenter Server and Platform Services Controller installations on Windows.

Windows installations and appliance deployments of

vCenter Server

Platform Services Controller

vCenter Server to Platform Services Controller

Platform Services Controller to vCenter Server

5480

TCP

Appliance Management Interface

Open endpoint serving all HTTPS, XMLRPS and JSON-RPC requests over HTTPS.

Appliance deployments of

vCenter Server

Platform Services Controller

No

6500

TCP/UDP

ESXi Dump Collector port

Important

You can change this port number during the vCenter Server installations on Windows.

Windows installations and appliance deployments of vCenter Server

No

6501

TCP

Auto Deploy service

Important

You can change this port number during the vCenter Server installations on Windows.

Windows installations and appliance deployments of vCenter Server

No

6502

TCP

Auto Deploy management

Important

You can change this port number during the vCenter Server installations on Windows.

Windows installations and appliance deployments of vCenter Server

No

7080, 12721

TCP

Secure Token Service

Note

Internal ports

Windows installations and appliance deployments of Platform Services Controller

No

7081

TCP

VMware Platform Services Controller Web Client

Note

Internal port

Windows installations and appliance deployments of Platform Services Controller

No

8200, 8201, 8300, 8301

TCP

Appliance management

Note

Internal ports

Appliance deployments of

vCenter Server

Platform Services Controller

No

7444

TCP

Secure Token Service

For backward compatibility with vSphere 5.5 only.

Windows installations and appliance deployments of Platform Services Controller

During upgrade from vSphere 5.5 only.

vCenter Server 5.5 to Platform Services Controller 6.5

Platform Services Controller 6.5 to vCenter Server 5.5

8084

TCP

vSphere Update Manager SOAP port

The port used by vSphere Update Manager client plug-in to connect to the vSphere Update Manager SOAP server.

Appliance deployments of vCenter Server

No

9084

TCP

vSphere Update Manager Web Server Port

The HTTP port used by ESXi hosts to access host patch files from vSphere Update Manager server.

Appliance deployments of vCenter Server

No

9087

TCP

vSphere Update Manager Web SSL Port

The HTTPS port used by vSphere Update Manager client plug-in to upload host upgrade files to vSphere Update Manager server.

Appliance deployments of vCenter Server

No

9123

TCP

Migration Assistant port

Only when you run the Migration Assistant on the source Windows installation. The Migration Assistant lets you migrate Windows installations of vCenter Server and Platform Services Controller to appliances.

Windows installations and appliance deployments of

vCenter Server

Platform Services Controller

During migration only.

Source vCenter Server 5.5 or 6.5 to target vCenter Server Appliance 6.5

Source vCenter Single Sign-On 5.5 to target Platform Services Controller appliance 6.5

Source Platform Services Controller 5.5 to target Platform Services Controller appliance 6.5

9443

TCP

vSphere Web Client HTTPS

Windows installations and appliance deployments of vCenter Server

No

11711

TCP

vCenter Single Sign-On LDAP

For backward compatibility with vSphere 5.5 only.

Windows installations and appliance deployments of Platform Services Controller

During upgrade from vSphere 5.5 only.

vCenter Single Sign-On 5.5 to Platform Services Controller 6.5

11712

TCP

vCenter Single Sign-On LDAPS

For backward compatibility with vSphere 5.5 only.

Windows installations and appliance deployments of Platform Services Controller

During upgrade from vSphere 5.5 only.

vCenter Single Sign-On 5.5 to Platform Services Controller 6.5

To configure the vCenter Server system to use a different port to receive vSphere Web Client data, see the vCenter Server and Host Management documentation.

For more information about firewall configuration, see the vSphere Security documentation.