port numbers in vmware

Select Language

Discover What Ports are Needed by VMware Products and Solutions

Explore the complete list of ports required by different VMware products. When deploying multiple VMware products, you no longer have to hunt for various ports information for different products in different places. You can easily create a dynamic list based on the specific products and versions in use.

Discover All Ports

Start, by entering the product for which you need the port information.

vRealize Automation

vRealize Network Insight

vRealize Operations Manager

Common ports for protocols used in VAMI based backups (86032)

• VMware vCenter Server Appliance
• VMware vCenter Server
• VMware vCenter Server Appliance 6.7.x
• VMware vCenter Server Appliance 6.5.x
• VMware vCenter Server 8.0
• VMware vCenter Server 7.0.x

How to open ports in vmware?

Good day all,

How to open a certain port in vmware?

Popular Topics in VMware

rockybalboa2 wrote: Good day all, How to open a certain port in vmware? Thanks

Which product exactly? Workstation, ESXi, vSphere, VDP... etc?

Brand Representative for Vembu BDRSuite

You mean in ESXi server ?. It is a customised OS, you can connect using VMware vSphere client by ESXi server IP / Name. 

Goto Configuration --> Security Profile --> Firewall. You can open the allowed ports, by clicking properties on right side for allowing remote access for available services.

Hello f1sz,

ESXI version 5.5 

vSphere Client version 5.5

I need to open the ports in the ESXI host.

• check 373 Best Answers
• thumb_up 1078 Helpful Votes

Open the ports why?

The ones required for normal daily use are open by default, perhaps explain what you are trying to do and why you need to open ports (and which) might help.

Do not make this available over the internet, if that is your plan

Hello Gopal (Vembu)

Yes in the ESXI server. I can connect locally and also remotely via vSphere Client. Yes i saw these firewall configs, however i am not sure if enabling all the ports will allow ports 7780, 9876, 9877, 445 and 25001 TCP. Is there any way i can check it?

I don't see any Incoming ports TCP for these numbers you mentioned. Do you want to connect these ports from ESXi machine ?

rockybalboa2 wrote: Hello Gopal (Vembu) Yes in the ESXI server. I can connect locally and also remotely via vSphere Client. Yes i saw these firewall configs, however i am not sure if enabling all the ports will allow ports 7780, 9876, 9877, 445 and 25001 TCP. Is there any way i can check it? Thanks 

Yes, you can scan it with nmap.

Hello Gopal (Vembu),

Infact i am using Acronis Backup to push the agent on the ESXI hosts, and i need these ports to be opened on the ESXI host.

Here's vmware's KB - how to open ports (creating custom firewall rules) on ESXi host: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&external... Opens a new window

I think you  need to push the agent on ESXi VMs not on the ESXi host itself. Check with Acronis Support. 

VMware will not allow any installation on ESXi host itself.

I would agree, the agents are for the guests, not the host.

Gopal (Vembu) wrote: VMware will not allow any installation on ESXi host itself.

You can install VIBs, but It's something you GENERALLY want to avoid because...

1. It's rarely supported by VMware. "Partner supported' means that GSS will tell you to uninstall it, if it causes issues.

2. It's generally for weird HPC stuff (like iSER support for Infiniband)

3. If they are unsigned then you will fail secure boot.

I am following the document, how to open the service.xml file? 

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question .

Read these next...

What is your favorite at-work snack?

Today is "Crackers Over the Keyboard" day, a somewhat bizarre holiday that few know about who aren't actively searching for obscure holidays online... but such is my lot. The original intention of the holiday I think was a small rebellion... knowing wh...

Microsoft Excel: On Exit Spreadsheet Formatting

When using Excel, and having multiple spreadsheets open simultaneously, I would like my individual documents to close with their scaling/formatting of the Excel sheet I have designated. What happens is every document I am opening, is opening with the last...

I messed up my Network Adapters

Hello Guys,I have a problem with my server and I need some serious help. What have I done?- I selected two network adapters, right clicked them and then "Bridged Connection"- While this procces was bussy I rebooted the server (very stupid)- After the rebo...

Spark! Pro series - 25th August 2023

Today in History: 1932 - Amelia Earhart Flies Nonstop Across U.S.In 1932, Amelia Earhart piloted a Lockheed Vega 5B 2,447.8 miles from Los Angeles to Newark, NJ, in a record 19 hours, 5 minutes, becoming the first woman to fly solo coast to coast. She wou...

Snap! -- WiFi Triangulation, Spotless Giraffe, Hell Freezes Over, Braille Bricks

Your daily dose of tech news, in brief. Welcome to the Snap! Flashback: August 25, 1991: The Birth of Linux (Read more HERE.) Bonus Flashback: August 25, 1997: NASA launches Advanced Composition Explorer (Read more HERE.) You need to h...

Securing RDP by Changing Default RDP Port Numbers & More Tips

Remote Desktop Protocol (RDP) is the easiest and most common method for managing a Windows server remotely . RDP is a type of service that enables users to remotely access and configure a Windows server or a computer from anywhere in the world. It provides a convenient way to work on a remote system as if you were physically present at the machine. RDP is commonly used by businesses and individuals for remote administration, technical support, and telecommuting .

How Does RDP Work?

RDP operates by establishing and maintaining a connection between a user's computer and a remote computer or server. The client computer runs an RDP client software, while the remote host runs an RDP server software. When a user initiates an RDP session , the client software sends commands and input signals to the server, which processes them and sends back the results to the client, effectively mirroring the remote system's display on the client's screen.

How Widely Available is RDP?

Included in all versions of Windows Server , RDP also has a built-in client on all Windows desktops. There are also free applications available for  Macintosh and Linux-based desktops . For an entire list of supported client operating systems, refer to our How to Access Your Windows Server Using Remote Desktop article. For group administration guidance, refer to our How to Configure Windows Remote Desktop Users Group article

Are There Security Risks Using RDP?

Unfortunately, because it is so widely used, RDP is also the target of a large number of brute force attacks  on the server. Malicious users will use compromised computers to attempt to connect to your server using RDP. Even if the attack is unsuccessful in guessing your administrator password, just the flood of attempted connections can cause instability and other performance issues on your server. Fortunately, there are some approaches you can use to minimize your exposure to these types of attacks.

Common Use Cases for RDP

RDP has various use cases in both professional and personal settings. Some common scenarios include:

• Remote Administration: IT administrators often use RDP to remotely manage and troubleshoot servers and workstations.
• Telecommuting: RDP allows remote workers to securely access their work computers from anywhere in the world.
• Collaboration: RDP enables remote teams to work together on shared projects and resources.
• Technical Support: Support personnel can use RDP to remotely assist customers and resolve technical issues.
• Virtual Desktop Infrastructure: RDP is often used to deliver virtual desktop environments to users, providing a centralized and secure computing environment.

The Liquid Web Knowledge Base contains a helpful Remote Desktop Protocol (RDP) Remote Troubleshooting Guide for customers leveraging these kinds of remote connections. One such scenario is when a user gets locked out of RDP.

5 Tips on Securing Remote Desktop Protocol (RDP) Connections

So are you curious wow to better secure RDP connections after learning they can be the target for hackers or bad actors? While it is true that RDP offers convenience and flexibility, it also poses security risks if not adequately secured . The following five tips will guide you on how to secure RDP.

Securing RDP Tip #1 — Using a VPN

A Virtual Private Network (or VPN) creates a secure, encrypted tunnel between your device and the remote desktop and it represents an important step in securing RDP. By using a VPN, you can ensure that all the traffic between your local machine and the remote system is protected from eavesdropping and tampering. It adds an extra layer of security by authenticating and encrypting the communication, making it difficult for unauthorized individuals to intercept sensitive information.

Using a VPN is one of the best ways to protect your server from malicious attacks over RDP. Using a VPN connection means that before attempting to reach your server, a connection must first be made to the secure private network. This private network is encrypted and hosted outside your server, so the secure connection itself does not require any of your server’s resources.

Once connected to the private network, your workstation is assigned a private IP address that is then used to open the RDP connection to the server. When using a VPN, the server is configured only to allow connections from the VPN address, rejecting any attempts from outside IP addresses  (see our Scoping Ports in Windows Firewall article). The VPN not only protects the server from malicious connections, but it also protects the data transmitted between your local workstation and the server over the VPN connection. For more information, see our article What is a VPN Tunnel?

Securing RDP Tip #2 — Using a Hardware Firewall

Deploying a hardware firewall is another effective measure to secure remote desktops. A hardware firewall is situated between your local network and the internet, inspecting incoming and outgoing traffic for potential threats.

By configuring the firewall to only allow RDP connections from trusted IP addresses or specific network segments, you can significantly reduce the risk of unauthorized access. Additionally, a hardware firewall can provide additional features, such as intrusion detection and prevention, further enhancing the security of your remote desktop environment.

Like using a VPN, adding a hardware firewall to your server infrastructure further protects your server from malicious attacks. You can add a Liquid Web hardware firewall powered by Cisco to your account to allow only RDP connection from a trusted location. Our firewalls operate in much the same way that the software Windows firewall operates, but the functions are handled on the hardware itself, keeping your server resources free to handle legitimate requests. To learn more about adding a hardware firewall to your account, contact our Solutions Team . If you already have a Liquid Web firewall in place, our Support Team can verify that it is correctly configured to protect RDP connections.

Securing RDP Tip #3 — Identify Trusted IP Addresses

It is essential to identify and whitelist trusted IP addresses or IP ranges that are allowed to connect to your remote desktops to minimize the risk of unauthorized access. By restricting access to known IP addresses, you can effectively block connection attempts from unknown or potentially malicious sources. Regularly reviewing and updating the list of trusted IP addresses is crucial to ensure that only authorized individuals can establish an RDP connection.

An integral part of securing your server is identifying trusted IP addresses that are not limited in scope by the firewall. This allows selected connections filtered by IP to gain access to the server. To accomplish this, we open a web browser from all the computers that are permitted to connect to the server. Then, browse to the Liquid Web Internet Web Hosting Toolkit > IP checker Tool and note the reporting IP address presented on that page. With that information, we then proceed to the next section on " scoping " a port or adding a firewall rule.

If you have issues, please see our article on troubleshooting RDP connections . Alternatively, if you simply need to find your public IP address , use this link. As well, the What’s My DNS? article can be of help.

Securing RDP Tip #4 — Scoping the RDP Firewall Rule

When configuring your network firewall to allow RDP connections , it is important to scope the rule appropriately for securing RDP efficiently. Limit the allowed source IP addresses to only those that require RDP access and avoid exposing RDP ports to the entire internet. Furthermore, consider using Network Address Translation (NAT) to map a specific external port to the standard RDP port ( 3389 ) on the internal network. This way, you can add an extra layer of obscurity and reduce the likelihood of automated scanning and brute force attacks targeting the default RDP port .

Similar to using a VPN, you can use your Windows firewall to limit access to your RDP port (by default, port 3389 ). The process of restricting access to a port to a single IP address or group of IP addresses is known as “ scoping ” the port. When you scope the RDP port, your server will no longer accept connection attempts from any IP address not included in the scope. Scoping frees up server resources because the server doesn’t need to process malicious connection attempts, the rejected unauthorized user is denied at the firewall before ever reaching the RDP system.

Here are the steps necessary to scope your RDP port:

• Click on Windows Firewall with Advanced Security.

• Scroll down to find a rule labeled RDP (or using port 3389 ).

• Make sure to include your current IP address in the list of allowed Remote IPs (you can find your current public IP address by our Liquid Web IP Checker link.
• Click on the radio button for These IP Addresses: under Remote IP addresses.
• Click OK to save the changes.

Securing RDP Tip #5 — Changing the RDP Port

Changing the default RDP port is a simple yet effective security measure. Since many attackers target the standard RDP port ( 3389 ), changing it to a non-standard port can make it harder for them to locate and exploit your remote desktops. However, keep in mind that changing this port will require updating the RDP client software settings accordingly to establish a successful connection.

While scoping the RDP port is a great way to protect your server from malicious attempts using the Remote Desktop Protocol (RDP), sometimes it is not possible to scope the port. For instance, if you or your developer must use a dynamic IP address connection, it may not be practical to limit access based on IP address. However, there are still steps you can take to improve performance and security for RDP connections.

Most brute force attacks on RDP use the default port of 3389 . If there are numerous failed attempts to log in via RDP, you can change the port that RDP uses for connections. Follow these steps to change the RDP port:

• Before changing the RDP port, make sure the new port you want to use is open in the firewall to prevent being locked out of your server. The best way to do this is duplicate the current firewall rule for RDP, then update the new rule with the new port number you want to use.
• Log into your server and open the Registry editor by entering regedit.exe in the search bar.
• Once in the registry navigate to the following: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp .
• Once there scroll down the list till you find PortNumber .
• Double-clicking on this will bring up the editor box.
• Change it from HEX to DEC so it's in numbers.
• Set the port number here and click OK . You can use whatever port number you wish, but you should pick a port that already isn’t in use for another service. A list of commonly used port numbers can be found on the S tationX Common Ports Cheat Sheet page .
• Close the registry editor and reboot the server.
• Be sure to reconnect to the server with the new RDP port number.

Frequently Asked Questions (FAQ)

Question #1: what are other rdp risks that must regularly be monitored and managed.

Answer: In addition to the tips provided, it is important to regularly monitor and manage risks such as weak passwords, brute force attacks , credential theft, and outdated RDP client/server software versions. Conducting security assessments and employing intrusion detection systems can help in detecting and mitigating possible vulnerabilities.

Question #2: What are some secure remote access alternatives to RDP?

Answer: There are several secure remote access alternatives to RDP, including Virtual Private Network (VPN) solutions, remote desktop software with built-in encryption, and remote access tools that utilize secure protocols such as SSH (Secure Shell) or HTTPS (Hypertext Transfer Protocol Secure).

Question #3: Should I replace RDP or just better secure it?

Answer: The answer depends on your specific needs and requirements. If you are satisfied with the functionality and benefits of RDP but want to enhance its security, implementing the recommended security measures can be an effective approach. However, if you have specific concerns or require additional features, exploring alternative remote access solutions might be worth considering.

Wrapping Up

Securing RDP is of great importance when it comes to protecting sensitive information and preventing security breaches. By implementing the tips mentioned above on how to secure RDP, such as using a VPN, employing a hardware firewall, identifying trusted IP addresses, scoping the RDP firewall rule, and changing the RDP port, you can significantly enhance the security of your remote desktop environment.

Remember that securing RDP is a continuous process. You should regularly monitor and manage other RDP risks, such as employing strong authentication mechanisms, using complex passwords , applying security patches and updates, and conducting regular security audits. Check our Security Infrastructure Checklist to get started improving your overall site security.

Join Us Today!

For your web hosting requirements, Liquid Web offers VPS Hosting, Cloud Dedicated Servers, VMWare Private Cloud Solutions , Private Parent Servers , and a Dedicated Servers — within our comprehensive portfolio of hosting products .

Our team of experienced Linux support technicians and talented system administrators is always available to assist you with any concerns and provide assistance. Contact our sales team to launch your outstanding website online. We pride ourselves on being The Most Helpful Humans In Hosting® !

Our technical staff has intimate knowledge of multiple web hosting technologies, especially those discussed in this article. Should you have any questions regarding this information, we are always available to answer any inquiries with issues related to this article, 24 hours a day, 7 days a week 365 days a year.

If you and you are uncomfortable with performing any of the steps outlined, we can be reached via phone at @800.580.4985 , a chat or support ticket to assisting you with this process.

Original Publication Date

This article was originally published in November 2020. It has since been updated for accuracy and comprehensiveness.

Related Articles:

Arch Linux Installation Guide for Linux Enthusiasts

Check Apache Status with systemctl status and apachectl status Commands

• How to Install Docker on Linux (AlmaLinux)
• How to Install TensorFlow on AlmaLinux
• How to Install ProFTPD with TLS on AlmaLinux
• RDP Mac: Microsoft Remote Desktop — Mac to Windows Server

About the Author: David Richards

David Richards has been an educator, a Technology Director, and now a Windows Administrator for 20+ years. He’s an English major with a love for technology and helping others find ways to use technology more effectively. In his free time, Dave loves to read, play games, and spend time his family.

Join our mailing list to receive news, tips, strategies, and inspiration you need to grow your business

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

Latest Articles

Virtualization vs. Containerization — Comparing Differences

What is File Transfer Protocol (FTP) and What Does It Do?

• VMware Technology Network
• Cloud & SDDC
• vSphere vNetwork
• vSphere™ vNetwork Discussions
• The spec.numPorts exceeds the limit 2048 - scaling...
• Subscribe to RSS Feed
• Mark Topic as New
• Mark Topic as Read
• Float this Topic for Current User
• Printer Friendly Page

• Mark as New
• Report Inappropriate Content

The spec.numPorts exceeds the limit 2048 - scaling vDS configuration maximus

Vdistributed switch maximus.

• vDistributed Switch
• All forum topics
• Previous Topic

You are using an outdated browser. Please upgrade your browser to improve your experience.

The vCenter Server system, both on Windows and in the appliance, must be able to send data to every managed host and receive data from the vSphere Web Client and the Platform Services Controller services. To enable migration and provisioning activities between managed hosts, the source and destination hosts must be able to receive data from each other.

vCenter Server is accessed through predetermined TCP and UDP ports. If you manage network components from outside a firewall, you might be required to reconfigure the firewall to allow access on the appropriate ports. For the list of all supported ports and protocols in vCenter Server , see the VMware Ports and Protocols Tool™ at https://ports.vmware.com/ .

During installation, if a port is in use or is blocked using a denylist, the vCenter Server installer displays an error message. You must use another port number to proceed with the installation.

VMware uses designated ports for communication. Also, the managed hosts monitor designated ports for data from vCenter Server . If a built-in firewall exists between any of these elements, the installer opens the ports during the installation or upgrade process. For custom firewalls, you must manually open the required ports. If you have a firewall between two managed hosts and you want to perform source or target activities, such as migration or cloning, you must configure a means for the managed hosts to receive data.

To configure the vCenter Server system to use a different port to receive vSphere Web Client data, see the vCenter Server and Host Management documentation.

You are being redirected to VMware's Cloud Services portal (Customer Connect)

Network ports in vmware horizon, about this guide.

This document lists port requirements for connectivity between the various components and servers in a VMware Horizon deployment. This document applies to all versions of Horizon 8 version 2006 onwards.

• For Horizon 7, see Network Ports in VMware Horizon 7 .
• For Horizon Cloud Service - next-gen, see VMware Horizon Cloud Service - next-generation Network Ports Diagrams .
• For Horizon Cloud Service on Microsoft Azure, see VMware Horizon Cloud Service on Microsoft Azure Network Ports Diagrams .

Figure 1: Horizon Network Ports with All Connection Types and All Display Protocols

The diagram above shows three different client connection types and also includes all display protocols. Different subsets of this diagram are displayed throughout this document. Each subset diagram focuses on a particular connection type and display protocol use.

The embedded diagrams (and those in the pdf) are screen resolution versions. If higher resolution and the ability to zoom is required, for example to print as a poster, click on the desired diagram using the online HTML5 version of this document. This will open a high-resolution version which can be saved, opened in an image viewer, and printed.

This document also contains tables that list all possible ports from a source component to destination components. This does not mean that all of these ports necessarily need to be open. If a component or display protocol is not in use, then the ports associated with it can be omitted. For example, if Blast Extreme is the only display protocol used, the PCoIP and RDP ports need not be opened.

Ports shown are destination ports. The source and destination indicate the direction of traffic initiation.

Horizon UDP protocols are bidirectional. Stateful firewalls should be configured to accept UDP reply datagrams

The Horizon tables and diagrams include connections to the following products, product families, and components:

• VMware Horizon Client ™
• VMware Workspace ONE Access™
• VMware Unified Access Gateway ™
• VMware App Volumes ™
• VMware Dynamic Environment Manager™
• VMware vCenter Server ®
• VMware ESXi ™
• VMware ThinApp ®

Client Connections

Network ports for connections between a client (either Horizon Client or a browser) and the various Horizon components vary by whether the connections are internal, external, or tunneled.

Internal Connection

An internal connection is typically used within the internal network. Initial authentication is performed to the Horizon Connection Server, and then the Horizon Client connects directly to the Horizon Agent running in the virtual desktop or RDS Host.

The following table lists network ports for internal connections from a client device to Horizon components. The diagrams following the table show network ports for internal connections, by display protocol.

With the VMware Blast display protocol, you can configure features, such as USB redirection, and client drive redirection, to send side channel traffic over a Blast Extreme ports. See:

• Enabling the USB Over Session Enhancement SDK Feature .
• Managing Access to Client Drive Redirection .

Figure 2: Internal Connection Showing All Display Protocols

Figure 3: Blast Extreme Internal Connection

Figure 4: PCoIP Internal Connection

Figure 5: RDP Internal Connection

Figure 6: HTML Access Internal Connection

External Connection

An external connection provides secure access into Horizon resources from an external network. A Unified Access Gateway (UAG) provides the secure edge services. All communication from the client will be to that edge device, which then communicates to the internal resources.

The following table lists network ports for external connections from a client device to Horizon components. The diagrams following the table show network ports for external connections, by display protocol, all with Unified Access Gateway.

The Blast Secure Gateway on Unified Gateway can dynamically adjust to network conditions such as varying speeds and packet loss. In Unified Access Gateway, you can configure the ports used by the Blast protocol.

• By default, Blast Extreme uses the standard ports TCP 8443 and UDP 8443.
• However, port 443 can also be configured for Blast TCP.
• The port configuration is set through the Unified Access Gateway Blast External URL property. See Blast TCP and UDP External URL Configuration Options.

If you configure Unified Access Gateway to use both IPv4 and IPv6 mode, then the Blast TCP/UDP must be set to port 443. You can enable Unified Access Gateway to act as a bridge for IPv6 Horizon clients to connect to an IPv4 backend Connection Server or agent environment. See Unified Access Gateway Support for IPv4 and IPv6 Dual Mode for Horizon Infrastructure .

Figure 7: External Connection Showing All Display Protocols

Figure 8: Blast Extreme External Connection

Figure 9: PCoIP External Connection

Figure 10: RDP External Connection

Figure 11: HTML Access External Connection

Tunneled Connection

A tunneled connection uses the Horizon Connection Server to provide gateway services. Authentication and session traffic is routed through the Horizon Connection Server. This approach is less frequently used because Unified Access Gateway can provide the same and more functionality.

The following table lists network ports for tunneled connections from a client device to the Horizon components. The diagrams following the table show network ports for tunneled connections, by display protocol.

Figure 12: Tunneled Connection Showing All Display Protocols

Figure 13: Blast Extreme Tunneled Connection

Figure 14: PCoIP Tunneled Connection

Figure 15: RDP Tunneled Connection

Figure 16: HTML Access Tunneled Connection

Virtual Desktop or RDS Host

The following table lists network ports for connections from a virtual desktop or RDS host, to other Horizon components.

Horizon Connection Server

The following table lists network ports for connections from a Horizon Connection Server to other Horizon components.

Replication requires RPC ports between Connection Servers, both within a Pod and between Pods with Cloud Pod Architecture (CPA). The RPC port numbers are dynamically allocated after initial communication with the RPC endpoint mapper over TCP port 135. For more information about the dynamic range of ports, see the Microsoft Windows Server documentation.

• Review the RPC port requirements for the different Microsoft Server OS versions: https://support.microsoft.com/en-gb/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
• To understand RPC dynamic ports see:   Active Directory and Active Directory Domain Services Port Requirements
• The ports required can be restricted: https://support.microsoft.com/en-gb/help/224196/restricting-active-directory-rpc-traffic-to-a-specific-port

Unified Access Gateway

The following table lists network ports for connections from a Unified Access Gateway to other Horizon components.

With the VMware Blast display protocol, you can configure USB features, such as USB redirection, and client drive redirection, to send side channel traffic over a Blast Extreme ports. See:

Enrollment Server

The following table lists network ports for connections from a Horizon Enrollment Server.

Horizon Edge Gateway Appliance

The Horizon Edge Gateway is a virtual appliance that connects the Connection Servers in a Horizon pod to the VMware Horizon Cloud Service – next-gen . The Horizon Edge Gateway appliance is required to use Horizon subscription licenses and other services provided by Horizon Cloud Service – next-gen.

The following table lists network ports for connections from a Horizon Edge Gateway appliance.

Horizon Cloud Connector

The Horizon Cloud Connector is a virtual appliance that connects Connection Servers in a Horizon pod with the Horizon Cloud Service – first-gen . The Horizon Cloud Connector is required to use with Horizon subscription licenses and other services provided by Horizon Cloud Service – first-gen.

Note, to connect to Horizon Cloud Service – next-gen , deploy the Horizon Edge Gateway Appliance .

The following table lists network ports for connections from a Horizon Cloud Connector.

The regional instance is set when the account is created, as described in Deployments and Onboarding to Horizon Cloud for Microsoft Azure and Horizon Pods .

Certificate Authority - If your organization discourages the use of wildcards in allowable DNS names, you can specify specific names to DigiCert for the Certificate Authority CRL or OCSP queries. At the time of this writing, the specific DNS names required for certificate validation are:

• ocsp.digicert.com
• crl3.digicert.com
• crl4.digicert.com
• www.digicert.com/CPS

These DNS names are determined by DigiCert and subject to change. For instructions on how to obtain the specific names required by your certificates, refer to VMware Knowledge Base (KB) article 79859 .

Figure 17: Horizon Network Ports with Horizon Cloud Connector

vCenter Server

The following table lists network ports for connections from a vCenter Server to other Horizon components.

Workspace ONE Access

The following table lists the network ports for connections from Workspace ONE Access (formerly VMware Identity Manager) to other Horizon components.

App Volumes Manager

The following table lists network ports for connections from App Volumes Manager to other Horizon components.

The following table lists network ports for the administrative consoles used in Horizon.

Display Protocol-Specific Diagram Views

The following diagrams display network ports for connections, by display protocol (Blast Extreme, PCoIP, or RDP), and for HTML Access client connections.

Figure 18: Blast Extreme Connections

Figure 19: PCoIP Connections

Figure 20: RDP Connections

Figure 21: HTML Access Connections

Summary and Additional Resources

The following updates were made to this guide.

About the Author and Contributors

Graeme Gordon, Senior Staff End-User-Computing Architect, EUC Technical Marketing, VMware, wrote this document and created the accompanying network-port diagrams.

The following people contributed their knowledge and assisted with reviewing:

• Mark Benson, VMware Alumni
• Paul Green, Staff Engineer, Virtual Workspace R&D, VMware
• Ramu Panayappan, Director, Virtual Workspace R&D, VMware
• Mike Oliver, Staff Engineer, Virtual Workspace R&D, VMware
• Andrew Jewitt, Staff Engineer, Virtual Workspace R&D, VMware
• Rick Terlep, Senior EUC Architect, EUC Technical Marketing, VMware
• Jim Yanik, Senior Manager, EUC Technical Marketing, VMware
• Frank Anderson, VMware Alumni

To comment on this paper, contact VMware End-User-Computing Technical Marketing at [email protected] .

Associated Content

Filter tags.

Modal body text goes here.