So I'm finding out tonight that the "minor" update from 2.0.2 to 2.5 is now requiring 443 to be open thought the firewall to my hosts. This seems rediculous that they would change what ports are needed and not mention this except in one document ( page 183). The pictures don't even show this clearly, they show 443 for your VI client to ESX but VC to ESX shows 902. No other document mentions or shows communication between VC and ESX needing 443. Is anyone else effected by this? I will have to redesign my infrastructure as infosec will not allow 443 to be open to my hosts on external DMZs.
Someone please tell me this isn't so. What was wrong with using just port 902? Worked fine for us for so long.
SR 1109708531 opened last Wednesday. Haven't gotten much "support".
You should give them a call ASAP and also are your ESX Hosts patched up to the latest?
Hope that helped.
There are 2 updates. One for ESX 3.5 and one for VC 2.5
Hope that helped.
Just came across this thread, it sounds like you have a similar setup to mine where you have a firewall between your VC Server and your ESX Hosts. 443/tcp is needed from VC to ESX. The following is the ports I needed to have opened prior to going to VC 2.5 (we have both 3.0.x and 3.5 ESX hosts):
From VC Server to ESX Hosts:
902 udp/tcp
443/tcp
From ESX Hosts to VC Server:
902/udp
80/tcp (This is needed for Update Manager - our VC Server is also our VUM Server)
27000/tcp (This is for License Server also on our VC Server)
27010/tcp (This is for License Server also on our VC Server)
From VIC Systems to VC Server:
80/tcp
443/tcp
902/tcp
From VIC Systems to ESX Hosts (these also allow for direct access to ESX Hosts via VIC in the event of a VC outage):
22/tcp (for ssh)
80/tcp
443/tcp
902/tcp
903/tcp
Hope that helps.