VMware
Home > VMware > VMware View ports and network connectivity requirements

VMware View ports and network connectivity requirements

Table of contents
  1. Overview
  2. Resolution

Overview

This article provides the network connectivity requirements for VMware View Manager 4.5 and later.

Resolution

For successful network connectivity in VMware View Manager 4.5 and later, ensure that:

  • Connection Servers, Replica Servers, and Transfer Servers use Static IPs
  • Replica Server is on the same LAN as the Connection Server. Replication over WAN is not supported
  • Ensure that these required ports allow incoming connections.

    Note: All ports are TCP, unless specified otherwise.

     
    • TCP Ports for View Connection Server and Replica Server Instances
       
      Source Destination Port Protocol
      View Desktop Connection Server 4001 JMS
      Replica Connection Servers Connection Server 4100 JMSIR
      Admin Browser Connection Server 80 HTTP
      Admin Browser Connection Server 443 HTTPS
      Client 1 Connection Server 4172 PCoIP
      (TCP and UDP)
      Client 2 Connection Server 443 HTTPS
      Connection Server 1 View Desktop Subnet 4172 PCoIP
      Connection Server 2 View Desktop Subnet 3389 RDP
      Connection Server Virtual Center Server 443 HTTPS
      Connection Server Virtual Center Server 80 HTTP
      Connection Server Virtual Center Server
      (View Composer)      		 18443 HTTPS

       
    • TCP Ports for View Security Server
       
      Source Destination Port Protocol
      Client Security Server 443 HTTPS
      Client Security Server 80 HTTP
      Client 1 Security Server 4172 PCoIP
      (TCP and UDP)
      Security Server1 View Desktop Subnet 4172 PCoIP
      (TCP and UDP)
      Security Server View Desktop Subnet 3389 RDP
      Security Server View Desktop 9427 MMR
      Security Server Connection Server 8009 AJP13
      Security Server Connection Server 4001 JMS
      Security Server Connection Server 4002 JMS
      Security Server Connection Server 500 IPSec (UDP)
      Security Server Connection Server 4500 NAT-T ISAKMP (UDP)
      Connection Server Security Server 500 IPSec (UDP)
      Connection Server Security Server 4500 NAT-T ISAKMP (UDP)
      Security Server Connection Server   ESP (IP Protocol 50)

      Note:
      • Port 80 is required if SSL is disabled.
         
    • TCP Ports for View Agent
       
      Source Destination Port Protocol
      Client View Desktop 3389 RDP
      Connection Server2 View Desktop 3389 RDP
      Client View Desktop 4172 PCoIP(TCP and UDP)
      Connection Server1 View Desktop 4172 PCoIP(TCP and UDP)
      Security Server1 View Desktop 4172 PCoIP(TCP and UDP)
      Client View Desktop 32111 USB Redirection
      Client View Desktop
      (Physical Only)      		 42966 HP RGS
      Client View Desktop 9427 MMR
      View Desktop Connection Server 4001 JMS
      View Desktop Connection Server 4002 JMS

       
    • TCP Ports for Local Mode
       
      Source Destination Port Protocol
      Security Server View Transfer Server 80 HTTP
      Security Server View Transfer Server 443 HTTPS
      View Client with Local Mode View Transfer Server 80 HTTP
      View Client with Local Mode View Transfer Server 443 HTTPS
      View Connection Server ESX Host 902 Disk Transfers
      View Connection Server View Transfer Server 80 HTTP
      View Connection Server View Transfer Server 443 HTTPS
      View Transfer Server View Connection Server 4001 JMS
      View Transfer Server ESX Host 902 Disk Transfers
      View Transfer Server Server that hosts the Transfer Server repository network share 445 Configuring and publishing View Composer packages to the Transfer Server repository network share

       
    • UDP Ports for View Connection Server and RSA SecurID Authentication Manager
       
      Source Destination Port Protocol
      View Connection Server RSA SecurID Authentication Manager 5500 2-Factor Authentication

       
    • Firewall rules for DMZ-based Security Servers
       
      • Front-End Firewall Rules
         
        Source Destination Port Protocol
        Any External IP Security Server 80 HTTP
        Any External IP Security Server 443 HTTPS
        Any External IP Security Server1 4172 PCoIP
        (TCP and UDP)

         
      • Back-End Firewall Rules
         
        Source Destination Port Protocol
        Security Server View Transfer Server 80 HTTP
        Security Server View Transfer Server 443 HTTPS
        Security Server Connection Server 8009 AJP13
        Security Server Connection Server 4001 JMS
        Security Server Connection Server 4002

        JMS (Secure)
        Security Server View Desktop 3389 RDP
        Security Server 1 View Desktop 4172 PCoIP
        (TCP and UDP)
        Security Server View Desktop 32111 USB Redirection
        Security Server Connection Server 500 IPSec (UDP)
        Security Server Connection Server 4500 NAT-T ISAKMP (UDP)
        Connection Server Security Server 500 IPSec (UDP)
        Connection Server Security Server 4500 NAT-T ISAKMP (UDP)
        Security Server 1 Connection Server 4172 PCoIP
        (TCP and UDP)
        Security Server Remote Desktop Services 4172

        PCoIP
        (TCP and UDP)
    • TCP ports for VMware Horizon HTML Access
       
      Source Destination Port Protocol
      Client Connection Server 443 HTTPS
      Client 4 Connection Server 8443 TCP
      Client Security Server 443 HTTPS
      Client 4 Security Server 8443 TCP
      Connection Server 4 View Desktop 22443 TCP
      Security Server 4 View Desktop 22443 TCP
      Client 5 View Desktop 22443 TCP and UPD
    • TCP ports for VMware vRealize Operations Manager (formerly vCenter Operations) for Horizon View
       
      Source Destination Port Protocol
      View Connection Server vRealize Operations Manager Analytics VM 3091 Java RMI 6
      View Desktop vRealize Operations Manager Analytics VM 3091 Java RMI 7
      View Desktop vRealize Operations Manager Analytics VM 3092 Java RMI 7
      View Connection Server vRealize Operations Manager Analytics VM 3093 Java RMI 6
      View Connection Server vRealize Operations Manager Analytics VM 3094 Java RMI 7
      View Agent vRealize Operations Manager Analytics VM 3099 Java RMI
      View Agent vRealize Operations Manager Analytics VM 3100 Java RMI
      View Agent vRealize Operations Manager Analytics VM 3101 Java RMI
    • Firewall rules for DMZ based VMware Unified Access Gateway Appliances (formally known as Access point) for Horizon View

      Front-End Firewall Rules
      Source Destination Port Protocol
      Horizon Client Unified Access Gateway Appliance 80 HTTP
      Horizon Client Unified Access Gateway Appliance 443 HTTPS
      Horizon Client Unified Access Gateway Appliance 4172 PCoIP
      (TCP and UDP)
      Unified Access GatewayAppliance Horizon Client 4172 PCoIP
      (UDP)
      Client Web Browser Unified Access Gateway Appliance 8443 HTTPS or Blast

      Back-End Firewall Rules
      Source Destination Port Protocol
      Unified Access Gateway Appliance View Connection Server or Load balancer 443 HTTPS
      Unified Access Gateway Appliance Remote Desktop 3389 RDP
      Unified Access Gateway Appliance Remote Desktop 9427 MMR or CDR
      (TCP)
      Unified Access Gateway Appliance Remote Desktop or Application 4172 PCoIP
      (TCP or UDP)
      Remote Desktop or Application Unified Access Gateway Appliance 4172 PCoIP
      (UDP)
      Unified Access Gateway Appliance Remote Desktop 32111 USB-R
      (TCP)
      Unified Access Gateway Appliance Remote Desktop 22443 HTTPS
      (TCP)

 

Notes:

  • 1 In VMware View 4.6 and later, when using PCoIP Secure Gateway on the Connection Server or Security Server.
  • 2 When RDP protocol is tunneled through the Connection Server or Security Server.
  • 3 Only for View 5.2 with Feature pack 1 and later releases of View
  • 4 If using Blast Secure Gateway
  • 5 Not using Blast Secure Gateway
  • 6 Standard encoded RMI
  • 7 RMI over SSL

For large deployments, optimize the ephemeral ports and the TCB hash table size in the Windows operating system.

 

For more information, see the VMware Horizon View Architecture Planning Guide.

 

Notes:

  • Port 902 TCP must be open between View Composer service to each ESXi host. For more information, see the View TCP and UDP Ports section in the VMware Horizon View Security Guide.
  • Port 443 must be opened between vCenter Server and standalone View Composer.
  • Port 4172 UDP must be open in both inbound and outbound directions.
  • Port 4172 TCP needs to be open in an inbound direction only.
  • Port 5443 TCP needs to be open between View Client and Linux Agent, if Blast Secure Gateway is disabled.
  • Port 5443 TCP needs to be open between Security Server/Connection Server and Linux Agent ,If Blast Secure Gateway is enabled.
  • PCoIP also uses UDP port 50002 from Horizon Client or UDP port 55000 from the PCoIP Secure Gateway) to port 4172 of the remote desktop or application.
  • In Horizon 7.2 and later, TCP 32111 is required between Connection Servers in a replica group
  • Cloud Pod Architecture Port Requirements:

    Port: 22389 - The Global Data Layer LDAP instance runs on this port. Shared data is replicated on every View Connection Server instance in a pod federation.

    Port: 8472 - The View Interpod API (VIPA) interpod communication channel runs on this port.

    The above ports needs to be open between each connection servers of a pod
Last modified

Tags

Classifications

(not set)
(not set)
Powered by CXone Expert ®