For
successful network connectivity in VMware View Manager 4.5 and later, ensure
that:
- Connection Servers, Replica
Servers, and Transfer Servers use Static IPs.
- Replica Server is on the same
LAN as the Connection Server. Replication over WAN is not supported.
- Ensure that these required ports allow incoming connections.Note: All ports are TCP, unless specified otherwise.
|
Source
|
Destination
|
Port
|
Protocol
|
|
View Desktop
|
Connection Server
|
4001
|
JMS
|
|
Replica Connection
Servers
|
Connection Server
|
4100
|
JMSIR
|
|
Admin Browser
|
Connection Server
|
80
|
HTTP
|
|
Admin Browser
|
Connection Server
|
443
|
HTTPS
|
|
Client 1
|
Connection Server
|
4172
|
PCoIP
(TCP and UDP)
|
|
Client 2
|
Connection Server
|
443
|
HTTPS
|
|
Connection Server 1
|
View Desktop Subnet
|
4172
|
PCoIP
|
|
Connection Server 2
|
View Desktop Subnet
|
3389
|
RDP
|
|
Connection Server
|
Virtual Center Server
|
443
|
HTTPS
|
|
Connection Server
|
Virtual Center Server
|
80
|
HTTP
|
|
Connection Server
|
Virtual Center Server
(View Composer)
|
18443
|
HTTPS
|
- TCP Ports for View Security
Server
|
Source
|
Destination
|
Port
|
Protocol
|
|
Client
|
Security Server
|
443
|
HTTPS
|
|
Client
|
Security Server
|
80
|
HTTP
|
|
Client 1
|
Security Server
|
4172
|
PCoIP
(TCP and UDP)
|
|
Security Server1
|
View Desktop Subnet
|
4172
|
PCoIP
(TCP and UDP)
|
|
Security Server
|
View Desktop Subnet
|
3389
|
RDP
|
|
Security Server
|
View Desktop
|
9427
|
MMR
|
|
Security Server
|
Connection Server
|
8009
|
AJP13
|
|
Security Server
|
Connection Server
|
4001
|
JMS
|
|
Security Server
|
Connection Server
|
4002
|
JMS
|
|
Security Server
|
Connection Server
|
500
|
IPSec (UDP)
|
|
Security Server
|
Connection Server
|
4500
|
NAT-T ISAKMP (UDP)
|
|
Connection Server
|
Security Server
|
500
|
IPSec (UDP)
|
|
Connection Server
|
Security Server
|
4500
|
NAT-T ISAKMP (UDP)
|
|
Security Server
|
Connection Server
|
ESP (IP Protocol 50)
|
Note:
- Port 80 is required if SSL is
disabled.
- 4002 is
used for JMS SSL traffic in View 6.1
- TCP Ports for View Agent
|
Source
|
Destination
|
Port
|
Protocol
|
|
Client
|
View Desktop
|
3389
|
RDP
|
|
Connection Server2
|
View Desktop
|
3389
|
RDP
|
|
Client
|
View Desktop
|
4172
|
PCoIP(TCP and UDP)
|
|
Connection Server1
|
View Desktop
|
4172
|
PCoIP(TCP and UDP)
|
|
Security Server1
|
View Desktop
|
4172
|
PCoIP(TCP and UDP)
|
|
Client
|
View Desktop
|
32111
|
USB Redirection
|
|
Client
|
View Desktop
(Physical Only)
|
42966
|
HP RGS
|
|
Client
|
View Desktop
|
9427
|
MMR
|
|
View Desktop
|
Connection Server
|
4001
|
JMS
|
- TCP Ports for Local Mode
|
Source
|
Destination
|
Port
|
Protocol
|
|
Security Server
|
View Transfer Server
|
80
|
HTTP
|
|
Security Server
|
View Transfer Server
|
443
|
HTTPS
|
|
View Client with Local
Mode
|
View Transfer Server
|
80
|
HTTP
|
|
View Client with Local
Mode
|
View Transfer Server
|
443
|
HTTPS
|
|
View Connection Server
|
ESX Host
|
902
|
Disk Transfers
|
|
View Connection Server
|
View Transfer Server
|
80
|
HTTP
|
|
View Connection Server
|
View Transfer Server
|
443
|
HTTPS
|
|
View Transfer Server
|
View Connection Server
|
4001
|
JMS
|
|
View Transfer Server
|
ESX Host
|
902
|
Disk Transfers
|
- UDP Ports for View Connection
Server and RSA SecurID Authentication Manager
|
Source
|
Destination
|
Port
|
Protocol
|
|
View Connection Server
|
RSA SecurID
Authentication Manager
|
5500
|
2-Factor Authentication
|
- Firewall rules for DMZ-based
Security Servers
- Front-End Firewall Rules
|
Source
|
Destination
|
Port
|
Protocol
|
|
Any External IP
|
Security Server
|
80
|
HTTP
|
|
Any External IP
|
Security Server
|
443
|
HTTPS
|
|
Any External IP
|
Security Server1
|
4172
|
PCoIP
(TCP and UDP)
|
- Back-End Firewall Rules
|
Source
|
Destination
|
Port
|
Protocol
|
|
Security Server
|
View Transfer Server
|
80
|
HTTP
|
|
Security Server
|
View Transfer Server
|
443
|
HTTPS
|
|
Security Server
|
Connection Server
|
8009
|
AJP13
|
|
Security Server
|
Connection Server
|
4001
|
JMS
|
|
Security Server
|
View Desktop
|
3389
|
RDP
|
|
Security Server 1
|
View Desktop
|
4172
|
PCoIP
(TCP and UDP)
|
|
Security Server
|
View Desktop
|
32111
|
USB Redirection
|
|
Security Server
|
Connection Server
|
500
|
IPSec (UDP)
|
|
Security Server
|
Connection Server
|
4500
|
NAT-T ISAKMP (UDP)
|
|
Connection Server
|
Security Server
|
500
|
IPSec (UDP)
|
|
Connection Server
|
Security Server
|
4500
|
NAT-T ISAKMP (UDP)
|
|
Security Server 1
|
Connection Server
|
4172
|
PCoIP
(TCP and UDP)
|
|
Security Server
|
Remote Desktop
Services
|
4172
|
PCoIP
(TCP
and UDP)
|
- TCP ports for HTML3 access
|
Source
|
Destination
|
Port
|
Protocol
|
|
Client
|
Connection Server
|
443
|
HTTPS
|
|
Client 4
|
Connection Server
|
8443
|
HTML
|
|
Client
|
Security Server
|
443
|
HTTPS
|
|
Client 4
|
Security Server
|
8443
|
HTML
|
|
Connection Server 4
|
View Desktop
|
22443
|
HTML
|
|
Security Server 4
|
View Desktop
|
22443
|
HTML
|
|
Client 5
|
View Desktop
|
22443
|
HTML
|
- TCP ports for VMware vRealize
Operations Manager (formerly vCenter Operations) for Horizon View
|
Source
|
Destination
|
Port
|
Protocol
|
|
View Connection Server
|
vRealize Operations
Manager Analytics VM
|
3091
|
Java RMI 6
|
|
View Desktop
|
vRealize Operations
Manager Analytics VM
|
3091
|
Java RMI 7
|
|
View Desktop
|
vRealize Operations
Manager Analytics VM
|
3092
|
Java RMI 7
|
|
View Connection Server
|
vRealize Operations
Manager Analytics VM
|
3093
|
Java RMI 6
|
|
View Connection Server
|
vRealize Operations
Manager Analytics VM
|
3094
|
Java RMI 7
|
Notes:
- In VMware View 4.6 and
later, when using PCoIP Secure Gateway on the Connection Server or
Security Server.
- When RDP protocol is
tunneled through the Connection Server or Security Server.
- Only for View 5.2 with
Feature pack 1 and later releases of View
- If using Blast Secure
Gateway
- Not using Blast Secure
Gateway
- Standard encoded RMI
- RMI over SSL
For large deployments, optimize the ephemeral ports and the TCB
hash table size in the Windows operating system.
For more information, see the VMware Horizon View Architecture
Planning Guide.
Notes:
- Port 902 TCP must be open
between View Composer service to each ESXi host. For more information, see
the View TCP and UDP Ports section
in the VMware Horizon View Security Guide.
- Port 443 must be opened between
vCenter Server and standalone View Composer.
- Port 4172 UDP must be open in
both inbound and outbound directions.
- Port 4172 TCP needs to be open
in an inbound direction only.
Comments
Post a Comment