Whether you connect your client to ESXi hosts through vCenter Server or use a direct connection to the host, certain ports are required for user and administrator communication with virtual machine consoles. These ports support different client functions, interface with different layers on ESXi, and use different authentication protocols.

Port 902

This is the port that vCenter Server assumes is available for receiving data from ESXi. The vSphere Client uses this port to provide a connection for guest operating system mouse, keyboard, screen (MKS) activities on virtual machines. It is through this port that users interact with the virtual machine guest operating systems and applications. Port 902 is the port that the vSphere Client assumes is available when interacting with virtual machines.

Port 902 connects vCenter Server to the host through the VMware Authorization Daemon (vmware-authd). This daemon multiplexes port 902 data to the appropriate recipient for processing. VMware does not support configuring a different port for this connection.

Port 443

The vSphere Client and SDK use this port to send data to vCenter Server managed hosts. Also, the vSphere Client and SDK, when connected directly to ESXi, use this port to support any management functions related to the server and its virtual machines. Port 443 is the port that clients assume is available when sending data to ESXi. VMware does not support configuring a different port for these connections.

Port 443 connects clients to ESXi through the Tomcat Web service or the SDK. The host process multiplexes port 443 data to the appropriate recipient for processing.

Port 903

The vSphere Client uses this port to provide a connection for guest operating system MKS activities on virtual machines. It is through this port that users interact with the guest operating systems and applications of the virtual machine. Port 903 is the port that the vSphere Client assumes is available when interacting with virtual machines. VMware does not support configuring a different port for this function.

Port 903 connects the vSphere Client to a specified virtual machine configured on ESXi.

The following figure shows the relationships between vSphere Client functions, ports, and processes.

Port Use for vSphere Client Communications with ESXi
Port use for vSphere client communications with ESXi

If you have a firewall between your vCenter Server system and vCenter Server managed host, open ports 443 and 903 in the firewall to allow data transfer to ESXi hosts from vCenter Server and ESXi hosts directly from the vSphere Client.

For additional information on configuring the ports, see the firewall system administrator.