You'll have to ask a much more specific question because the image you pasted and the few lines of text you've provided are extremely general.
I need to know which port i need to open between :
Admin -> VCSA
VCSA -> ESXi Hosts
VCSA -> Active directory
ESXi Hosts -> Active directory
Go to the vSphere documentation page. All of this information is recorded in those guides.
Depends on your usage and security requirements. There's no general ruleset.
Usually users don't need access to ESXi management. But there may be use cases where they really need vSphere VM console access. Which talks to ESXi management ports.
I need a high secure environement.
So, Admin, ESX management, Vcenter, VM Network are on different network/VLAN.
First you need to define which communication is required and which is forbidden. Then you can define and implement a security policy and firewall rules are a part of that policy.
This is always a compromise between usability (access required and allowed) and security (access not required and forbidden).
There is no general ruleset to implement a 'high secure environment'.
For example 'normal' users might not need access to vSphere Management. But Administrators do. And service accounts for services like backup and monitoring. So access is required for SOME users.
EDIT: Other stuff do consider:
- Persistent log storage
- Password policy
- Certificate management
- Backup (and regular restore tests)
- DR (and regular DR tests)