I've been capturing Virtual Infrastructure Client <> VirtualCenter Server <> ESX Server <--> Virtual Infrastructure Client network traffic lately to monitor the use of port 905 and I'm not seeing that port 905 is being used any longer for VirtualCenter or VIC communication of any sort. Port 902 seems to be used throughout, with the general exception of license server and Tomcat traffic.
In the VirtualCenter 1.x days, both ports 902 and 905 were used. One port was used exclusively for VC Client communication to VC Server, and the other port was used for VC Server communication to ESX Server. Port 902 was also used soley for VMware Remote Console connectivity to the ESX server.
The reason why I was checking is because I've read some conflicting VI3 documentation on which ports are used, so I wanted to find out to be sure.
What do you know to be true?
Jas
22. ssh access to service console.
80. HTTP access to web servers.
443. HTTPS SSL access to web servers for VI Web Access.
902. VI Client access to ESX Server or VirtualCenter, and communication between VirtualCenter and ESX Server hosts or between hosts.
903. VM Console access via VI Client or VI Web Access.
2049. Connection to NFS storage devices.
2050-5000, and 8042-8045. Traffic between ESX Server hosts for VMware HA (also utilizes EMC Automated Availability Manager).
3260. Connection to iSCSI storage devices.
8000. Incoming requests from VMotion.
8083. VirtualCenter diagnostics port.
8086. Apache Tomcat web server admin on VirtualCenter Server
27000. License transactions from ESX Server to the License Server.
27010. License transactions from the License Server.
It is all 902 by default now
I appologize port 903 for VM Console Access
Message was edited by:
BrianG
So we don't need to open 903 for the remote console?
According to the server config guide (p.188)
903 Remote console traffic generated by user access to virtual
machines on a specific ESX Server host.
Use Port 903 for the following:
! VI Client access to virtual machine consoles.
! VI Web Access Client access to virtual machine consoles.
Incoming TCP
Message was edited by:
Rob.Bohmann
22. ssh access to service console.
80. HTTP access to web servers.
443. HTTPS SSL access to web servers for VI Web Access.
902. VI Client access to ESX Server or VirtualCenter, and communication between VirtualCenter and ESX Server hosts or between hosts.
903. VM Console access via VI Client or VI Web Access.
2049. Connection to NFS storage devices.
2050-5000, and 8042-8045. Traffic between ESX Server hosts for VMware HA (also utilizes EMC Automated Availability Manager).
3260. Connection to iSCSI storage devices.
8000. Incoming requests from VMotion.
8083. VirtualCenter diagnostics port.
8086. Apache Tomcat web server admin on VirtualCenter Server
27000. License transactions from ESX Server to the License Server.
27010. License transactions from the License Server.
Ok, the next step is to hunt down this documentation that is still spouting about port 905 and get it fixed.
I've updated the diagrams for VI3.5. Hopefully I got all the changes. I'm going to try and post as a document also.
Jason Boche
VMware Communities User Moderator
Hi Jason
The diagrams are excellent, thanks for posting them. They will be useful to give to the network guys when they ask!!!
Cheers
David
In VC 2.5, The Virtual Center server communicates with ESX servers over port 443, not 902 anymore. The VC agent still sends back heartbeats to udp port 902, though.
Port update made to the VI 3.5 ports diagram. Thank you.
Jason Boche
VMware Communities User Moderator
Message was edited by: jasonboche
Document created at:
http://communities.vmware.com/docs/DOC-2500
Let's move future discussion there so there aren't parallel threads.
Jason Boche
VMware Communities User Moderator