If you’re setting up an environment where you have to deal with firewalling and lots of security, it might be useful to have all the necessary ports that are required for vCenter server 5.1 listed somewhere.
At first there will be all the required ports for vCenter server running on Windows system, and then bellow there will be required ports for vCenter server applicance 5.x as well. I hope you will find it useful.
vCenter server 5.x running on Windows system:
Port 80 – vCenter Server requires port 80 for direct HTTP connections. Then the port 80 redirects requests to HTTPS port 443. Of course you can directly access through the HTTPs, but this redirection can be helpfull if accessing in clear through http only.
Side Note: Make sure that you don’t conflict with IIS or other webservers, which might also use port 80. You can use NETSTAT with the “–abo” switch to determine which ports are used. Or you can also use Process Explorer tool provided by Windows Sysinternals http://technet.microsoft.com/en-us/sysinternals/bb896653
Port 389 - This is the LDAP port number for the Directory Services (DS) for the vCenter Server group. If there is another service, you might be wanting to change that. The LDAP service can run different ports. Here is the range: 1025 – 65535. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group.
Port 443 - This is the default port where vCenter Server listens. If not already, open the firewall port. This port (443) is also used for monitoring the data tranfer from SDK clients. You might want to use other port for https. In this case use https://<ip-of-your-vcenter-server>:port-number. Example : https://10.10.7.23:444
Port 636 - This port is used in case you’re using vCenter Server in Linked Mode, where this is the SSL port of the local instance. In case you’re conflicting with another port, you might want to change the other port to different one. If another service is running on this port, it might be preferable to remove it or change its port to a different port.
Port 902 - This is the default vCenter server port. vCenter server uses this port to send data to managed hosts, which also uses this port to send heartbeat (through UDP).
Port 903 – Used for diplay the VMs console. It must be opened between the vSphere Client and the hosts.
Port 8080 – This port is used for the VMware VirtualCenter Management Web Services (windows service).
Port 8443 – This port is used for the VMware VirtualCenter Management Web Services.(on SSL).
Port 60099 – Web Service change service notification port
Port 6501 – Auto Deploy Service
Port 6502 – Auto Deploy management
Port 7444 – vCenter Single Sign On HTTPS
Port 7005 - vCenter Single Sign On Base shutdown port
Port 7080 - vCenter Single Sign On HTTP port
Port 7009 – vCenter Single Sign On AJP port. For more information, see the documentation page on Configuring VMware Tomcat Server Settings in vCenter Server 5.1
Port 9443 - vSphere Web Client HTTPS
Port 9090 - vSphere Web Client HTTP
Port 10080 - vCenter Inventory Service HTTP
Port 10443 - vCenter Inventory Service HTTPS
Port 10111 - vCenter Inventory Service Management
Port 10109 - vCenter Inventory Service Linked Mode Communication
Required ports for vCenter Server running on the vCenter Server Appliance:
There are many ports that are the same as in the Windows based vCenter server installation. I’ll show the differences only. If you have a firewall between two managed hosts, you must open those ports.
Ports 80, 443, 902, 8080, 10080, 10443, 10109, 9090, 9443…….. Yes, all those ports must be opened.
Port 514 – This port is used by vSphere Syslog Collector server
Port 1514 – This port is used by vSphere Syslog Collector server (on SSL)
Port 6500 - Network coredump server (UDP)
Port 6501 - Auto Deploy service.
Port 6502 - Auto Deploy management.
Port 5480 – vCenter Server Appliance Web user interface HTTPS
Port 5489 – vCenter Server Appliance Web user interface CIM service
Port 22 – System port for SSHD
Further reading – I can recommend this very large KB1012382, which lists ALL TCP and UDP Ports required to access vCenter Server, ESXi/ESX hosts, and other network components