I'm planning to setup a vSphere Hypervisor 6.5 in a secured environment and would like to know what outgoing and/or incoming network connections are required for normal operation. I'm planning to buy a license for 6 processors. Incoming/outgoing network connections are on a permissive basis. I would like to avoid the scenario where a VM would suddenly stop working because of a firewall issue.
Thanks!
VMware doesn't validate licenses like that. Internally, yes you need certain ports open for different features to work. Externally, there should not be any requirements for Internet through the firewall.
Have a look at this
Incoming and Outgoing Firewall Ports for ESXi Hosts
If you found this or any other answer helpful, please consider the use of the Correct or Helpful to award points.
Best Regards,
Deepak Koshal
CNE|CLA|CWMA|VCP4|VCP5|CCAH
Sorry, the link you provided does not answer the question. The firewall I'm referring to relates to the "secured environment", which you can think of as a hardened network for which the machine is connected to. No traffic inbound/outbound from machines in this network is authorized without being whitelisted.
Check this
https://docs.vmware.com/en/VMware-vSphere/6.5/vsphere-esxi-vcenter-server-65-security-guide.pdf
vSphere 6.5 Security Configuration Guide (Hardening Guide) Release Candidate - VMware vSphere Blog
https://www.vmware.com/in/security/hardening-guides.html
Thanks for the documentation on security within the vSphere environment. I will consider this in the stage after. It still doesn't answer my question.
Suppose the vSphere machine attempts to connect to xyz.com port 80 to validate the vSphere license, but the firewall in my secured environment did not let this outbound connection, would vSphere suspend my VM? If so, I would have to allow the outbound connection in the firewall to xyz.com port 80.
I dont think Esxi need internet connectivity to validate license, none of our Esxi hosts have internet connectivity and the licenses are applied properly.
In that case when licenses are applied , vms will not be suspended.
You may check articles related to licensing requirement.
Apart from that, enabling ports are dependent on your requirement. In general port 443,902,80,8000 are most needed for basic operations.
VMware doesn't validate licenses like that. Internally, yes you need certain ports open for different features to work. Externally, there should not be any requirements for Internet through the firewall.