Supported Remote Management Firmware Versions - VMware ESX 4.0 - INSTALLATION GUIDE UPDATE 1 Installation Manual

VMware uses designated ports for communication. Additionally, the managed hosts are listening for data from
the vCenter Server system on designated ports. If a firewall exists between any of these elements and Windows
firewall service is in use, the installer opens the ports during the installation. For custom firewalls, you must
manually open the required ports. If you have a firewall between two managed hosts and you want to perform
source or target activities, such as migration or cloning, you must configure a means for the managed hosts to
receive data.
N In Microsoft Windows 2008, a firewall is enabled by default.
OTE
Table 2-7 lists the default ports that are required for communication between components.
Table 2-7. Required Ports
Port
80
389
443
636
902
902/903
8080
8443
If you want the vCenter Server system to use a different port to receive vSphere Client data, see Basic System
Administration.
To tunnel the vSphere Client data through the firewall to the receiving port on the vCenter Server system, see
Basic System Administration. VMware does not recommended this method because it disables the vCenter Server
console function.
For a discussion of firewall configuration, see the Server Configuration Guide.

Supported Remote Management Firmware Versions

You can use remote management applications for installing ESX or for remote management of ESX/ESXi.
Table 2-8 lists the remote management firmware versions that are supported for installing ESX 4.0 remotely.
VMware, Inc.
Description
vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port
443. This is useful if you accidentally use http://server instead of https://server.
This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port
number for the Directory Services for the vCenter Server group. The vCenter Server system needs to
bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If
another service is running on this port, it might be preferable to remove it or change its port to different
port. If needed, you can run the LDAP service on any port from 1025 through 65535.
If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389
to an available port from 1025 through 65535.
The default port that the vCenter Server system uses to listen for connections from the vSphere Client.
To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the
firewall.
The vCenter Server system also uses port 443 to listen for data transfer from the vSphere Web Access
Client and other SDK clients.
If you use another port number for HTTPS, you must use <ip-address>:<port> when you log in to the
vCenter Server system.
For vCenter Linked Mode, this is the SSL port of the local instance. If another service is running on this
port, it might be preferable to remove it or change its port to different port. If needed, you can run the
SSL service on any port from 1025 through 65535.
The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts
also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be
blocked by firewalls between the server and the hosts, or between hosts.
Ports 902 and 903 must not be blocked between the vSphere Client and the hosts. These ports are used
by the vSphere Client to display virtual machine consoles.
Web Services HTTP. Used for the VMware VirtualCenter Management Webservices.
Web Services HTTPS. Used for the VMware VirtualCenter Management Webservices.
Chapter 2 System Requirements
19