Friday, 24 April 2015

Vmware View Ports

For successful network connectivity in VMware View Manager 4.5 and later, ensure that:

  • Connection Servers, Replica Servers, and Transfer Servers use Static IPs.
  • Replica Server is on the same LAN as the Connection Server. Replication over WAN is not supported.
  • Ensure that these required ports allow incoming connections.

    Note: All ports are TCP, unless specified otherwise.

Source
Destination
Port
Protocol
View Desktop
Connection Server
4001
JMS
Replica Connection Servers
Connection Server
4100
JMSIR
Admin Browser
Connection Server
80
HTTP
Admin Browser
Connection Server
443
HTTPS
Client 1
Connection Server
4172
PCoIP
(TCP and UDP)
Client 2
Connection Server
443
HTTPS
Connection Server 1
View Desktop Subnet
4172
PCoIP
Connection Server 2
View Desktop Subnet
3389
RDP
Connection Server
Virtual Center Server
443
HTTPS
Connection Server
Virtual Center Server
80
HTTP
Connection Server
Virtual Center Server
(View Composer)
18443
HTTPS


    • TCP Ports for View Security Server

Source
Destination
Port
Protocol
Client
Security Server
443
HTTPS
Client
Security Server
80
HTTP
Client 1
Security Server
4172
PCoIP
(TCP and UDP)
Security Server1
View Desktop Subnet
4172
PCoIP
(TCP and UDP)
Security Server
View Desktop Subnet
3389
RDP
Security Server
View Desktop
9427
MMR
Security Server
Connection Server
8009
AJP13
Security Server
Connection Server
4001
JMS
Security Server
Connection Server
4002
JMS
Security Server
Connection Server
500
IPSec (UDP)
Security Server
Connection Server
4500
NAT-T ISAKMP (UDP)
Connection Server
Security Server
500
IPSec (UDP)
Connection Server
Security Server
4500
NAT-T ISAKMP (UDP)
Security Server
Connection Server
ESP (IP Protocol 50)

Note:
      • Port 80 is required if SSL is disabled.
      • 4002 is used for JMS SSL traffic in View 6.1

    • TCP Ports for View Agent

Source
Destination
Port
Protocol
Client
View Desktop
3389
RDP
Connection Server2
View Desktop
3389
RDP
Client
View Desktop
4172
PCoIP(TCP and UDP)
Connection Server1
View Desktop
4172
PCoIP(TCP and UDP)
Security Server1
View Desktop
4172
PCoIP(TCP and UDP)
Client
View Desktop
32111
USB Redirection
Client
View Desktop
(Physical Only)
42966
HP RGS
Client
View Desktop
9427
MMR
View Desktop
Connection Server
4001
JMS

    • TCP Ports for Local Mode

Source
Destination
Port
Protocol
Security Server
View Transfer Server
80
HTTP
Security Server
View Transfer Server
443
HTTPS
View Client with Local Mode
View Transfer Server
80
HTTP
View Client with Local Mode
View Transfer Server
443
HTTPS
View Connection Server
ESX Host
902
Disk Transfers
View Connection Server
View Transfer Server
80
HTTP
View Connection Server
View Transfer Server
443
HTTPS
View Transfer Server
View Connection Server
4001
JMS
View Transfer Server
ESX Host
902
Disk Transfers

    • UDP Ports for View Connection Server and RSA SecurID Authentication Manager

Source
Destination
Port
Protocol
View Connection Server
RSA SecurID Authentication Manager
5500
2-Factor Authentication

    • Firewall rules for DMZ-based Security Servers

      • Front-End Firewall Rules

Source
Destination
Port
Protocol
Any External IP
Security Server
80
HTTP
Any External IP
Security Server
443
HTTPS
Any External IP
Security Server1
4172
PCoIP
(TCP and UDP)

      • Back-End Firewall Rules

Source
Destination
Port
Protocol
Security Server
View Transfer Server
80
HTTP
Security Server
View Transfer Server
443
HTTPS
Security Server
Connection Server
8009
AJP13
Security Server
Connection Server
4001
JMS
Security Server
View Desktop
3389
RDP
Security Server 1
View Desktop
4172
PCoIP
(TCP and UDP)
Security Server
View Desktop
32111
USB Redirection
Security Server
Connection Server
500
IPSec (UDP)
Security Server
Connection Server
4500
NAT-T ISAKMP (UDP)
Connection Server
Security Server
500
IPSec (UDP)
Connection Server
Security Server
4500
NAT-T ISAKMP (UDP)
Security Server 1
Connection Server
4172
PCoIP
(TCP and UDP)
Security Server
 Remote Desktop Services
4172
PCoIP
(TCP and UDP)

    • TCP ports for HTML3 access

Source
Destination
Port
Protocol
Client
Connection Server
443
HTTPS
Client 4
Connection Server
8443
HTML
Client
Security Server
443
HTTPS
Client 4
Security Server
8443
HTML
Connection Server 4
View Desktop
22443
HTML
Security Server 4
View Desktop
22443
HTML
Client 5
View Desktop
22443
HTML

    • TCP ports for VMware vRealize Operations Manager (formerly vCenter Operations) for Horizon View

Source
Destination
Port
Protocol
View Connection Server
vRealize Operations Manager Analytics VM
3091
Java RMI 6
View Desktop
vRealize Operations Manager Analytics VM
3091
Java RMI 7
View Desktop
vRealize Operations Manager Analytics VM
3092
Java RMI 7
View Connection Server
vRealize Operations Manager Analytics VM
3093
Java RMI 6
View Connection Server
vRealize Operations Manager Analytics VM
3094
Java RMI 7

Notes:
  •  In VMware View 4.6 and later, when using PCoIP Secure Gateway on the Connection Server or Security Server.
  •  When RDP protocol is tunneled through the Connection Server or Security Server.
  •  Only for View 5.2 with Feature pack 1 and later releases of View
  •  If using Blast Secure Gateway
  •  Not using Blast Secure Gateway
  •  Standard encoded RMI
  •  RMI over SSL
For large deployments, optimize the ephemeral ports and the TCB hash table size in the Windows operating system.

For more information, see the VMware Horizon View Architecture Planning Guide.

Notes:
  • Port 902 TCP must be open between View Composer service to each ESXi host. For more information, see the View TCP and UDP Ports section in the VMware Horizon View Security Guide.
  • Port 443 must be opened between vCenter Server and standalone View Composer.
  • Port 4172 UDP must be open in both inbound and outbound directions.
  • Port 4172 TCP needs to be open in an inbound direction only.