Network Ports for on
The operation of
requires certain ports to be open.
The components that make up the service, namely
vCenter
Server
,
, , the appliance, and servers, require different ports to be open. You must
ensure that all the required network ports are open for to function correctly. and do not have public IP
addresses. You must use a VPN or Direct Connect to access the HTML 5 user
interface.vCenter
Server
and ESXi Server network port requirements for
vCenter
Server
and ESXi
Server network port requirements for requires certain ports to be open on
vCenter
Server
, Platform Services Controller
, and on ESXi
Server. Default Port | Protocol or Description | Source | Target | Description |
---|---|---|---|---|
443 | HTTPS | vCenter
Server | Default SSL Web port. | |
443 | HTTPS | Platform Services Controller (PSC) | Traffic from to local and remote
Platform Services Controller . | |
443 | HTTPS | on the recovery site | Recovery site ESXi host. | Traffic from the on the recovery site
to ESXi hosts when recovering or testing virtual
machines with configured IP customization, or callout commands
on recovered virtual machines. |
902 | TCP and UDP | on the recovery site. | Recovery site ESXi host. | Traffic from the on the recovery site
to ESXi hosts when recovering or testing virtual
machines with IP customization, with configured callout commands
on recovered virtual machines, or that use raw disk mapping
(RDM). All NFC traffic for updating or patching the VMX files of
virtual machines that are replicated using use this port. |
network ports
The instances on the protected and recovery sites require
certain ports to be open.
Default Port | Protocol or Description | Source | Target | Endpoints or Consumers |
---|---|---|---|---|
443 | HTTPS | vCenter
Server | Default SSL Web Port for incoming TCP
traffic. | |
443 | HTTPS | Platform Services Controller | Traffic from to local and remote
Platform Services Controller . | |
443 | HTTPS | on the recovery site | Recovery site ESXi host. | Traffic from the on the recovery site
to ESXi hosts when recovering or testing virtual
machines with configured IP customization, or callout commands
on recovered virtual machines. |
902 | TCP and UDP | on the recovery site. | Recovery site ESXi host. | Traffic from the on the recovery site
to ESXi hosts when recovering or testing virtual
machines with IP customization, with configured callout commands
on recovered virtual machines, or that use raw disk mapping
(RDM). All NFC traffic for updating or patching the VMX files of
virtual machines that are replicated using use this port. |
Site Pairing Port
Requirements
Port | Protocol | Source | Target | Description | |
---|---|---|---|---|---|
443 | HTTPS | vCenter
Server | Appliance | vCenter
Server and target communication. | |
443 | HTTPS | Appliance | Appliance on target
site | Bi-directional communication between
servers. | |
443 | HTTPS | Platform Services Controller and vCenter
Server | to vCenter
Server communication - local and remote. |
Network ports that must be open on
and Protected and Recovery sites
and require that the protected and recovery sites can
communicate.
Port | Protocol or Description | Source | Target | Endpoints or Consumers |
---|---|---|---|---|
31031 | Initial replication traffic | ESXi host | appliance on the recovery site | From the ESXi host at the protected site to the
appliance at the recovery site
|
32032 | TCP | ESXi
host on the source site | server at the target site | Initial and outgoing replication traffic from
the ESXi host at the source site to the appliance or server at the target site for
replication traffic with network encryption. |
8043 | HTTPS | appliance on either site | appliance on either site | Management traffic between
appliances. |
8043 | HTTPS | appliance on the recovery and
protected sites | Management traffic between instances and appliances. |
appliance network ports
Port | Protocol or Description | Source | Target | Endpoints or Consumers |
---|---|---|---|---|
80 | TCP | appliance | All local and remote PSCs in same
domain (only if external
Platform Services Controller is used) | All management traffic to the appliance goes to port 80 on the
vCenter
Server proxy system. |
80 | TCP | appliance | Local vCenter
Server | All management traffic to the appliance goes to port 80 on the
vCenter
Server proxy system. |
80 | HTTP | server in the appliance | ESXi host (intra-site) | Used to establish the connection before
initial replication starts. |
443 | TCP | appliance | All local and remote Platform Services Controller s in same SSO domain (only
if external Platform Services Controller is used) | All management traffic to the appliance. |
443 | TCP | appliance | Local and remote vCenter
Server | All management traffic to the appliance. |
443 | HTTPS | HTML 5 user interface | appliance | Default port for the HTML 5 user
interface when you open it from the
appliance. |
902 | TCP and UDP | server in the appliance on secondary site | ESXi host (intra-site) on secondary site | Used by servers to send replication
traffic to the destination ESXi hosts. |
5480 | HTTPS | Browser | appliance | virtual appliance management
interface (VAMI) Web UI. Required only for on-premises site, not
required for VMware Cloud on Dell EMC site. |
7444 | TCP | appliance | vCenter
Server (intra-site) | |
7444 | TCP | vCenter
Server | All local and remote PSCs | |
8123 | SOAP | appliance | server | Intra-site management traffic from the
Management server to additional
servers in the environment.
|
10443 | HTTPS | on the primary site | vCenter
Server Inventory Service on the target site | The UI uses the Inventory Service of
the remote vCenter
Server to list target datastores. |
31031 | Initial and ongoing replication traffic | ESXi host on source site | server in the appliance on the secondary site or
an external server on the secondary site | Initial and outgoing replication traffic from
the ESXi host at the source site to the appliance or server at the target site.
|
32032 | TCP | ESXi
host on the source site | server at the target site | Initial and outgoing replication traffic from
the ESXi host at the source site to the
appliance or server at the target site for
replication traffic with network encryption. |
server network ports
If you deploy additional servers, ensure that the subset of the ports that
servers require are open on those servers.
Port | Protocol or Description | Source | Target | Endpoints or Consumers |
---|---|---|---|---|
902 | TCP and UDP | server in the appliance on secondary site | ESXi host (intra-site) on secondary site | Traffic (specifically the NFC service to the
destination ESXi servers) between the server and the ESXi hosts on the same site. |
5480 | VAMI Web UI for additional servers | Browser | server | Administrator's web browser. Required only for
on-premises site, not required for VMware Cloud on Dell EMC site. |
8123 | SOAP | Management server | server | Intra-site management traffic from the
appliance or Management server to the servers. |
31031 | Initial and ongoing replication traffic | ESXi host on source site | server | From the ESXi host at the protected site to the
appliance or server at the recovery site. |
32032 | TCP | ESXi host
on the source site | server at the target site | Initial and outgoing replication traffic from the
ESXi host at the source site to the
appliance or server at the target site for
replication traffic with network encryption. |