By Ray Heffer, VCDX#122, VMware EUC Architect
Back in April 2012, I posted on my blog my original Horizon View network firewall ports diagram. Over the past two years, it’s been used widely both internally at VMware and in the community. Since Horizon 6 just recently released, I thought I’d create a brand new full size diagram to include Cloud Pod Architecture. This updated diagram contains a better layout and a new color theme to boot! This image is 3767 x 2355 pixels, so simply click it to enlarge then ‘Save Image’ to get the full size HD version.
You’ll notice the addition of VIPA (View inter-pod API) and ADLDS port 22389 which are both used for Cloud Pod Architecture. Bear in mind that between your View Pods, you will still require the usual Active Directory ports.
Key Firewall Considerations for VMware Horizon 6
- TCP 8472: View interpod API (Cloud Pod Architecture) – NEW
- TCP 22389: Global ADLDS (Cloud Pod Architecture) – NEW
- HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)
- HTTPS (8443): Used by HTML Access (Blast)
- HTTPS (22443): HTML Access (Blast) to Virtual Desktops
- TCP 9427: Used by Windows multimedia redirection (MMR)
- TCP 32111: USB Redirection
- ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
- UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.
For a full list of network ports please refer to the latest Horizon 6 documentation: https://www.vmware.com/support/pubs/view_pubs.html
Ray Heffer is an EUC Architect working at VMware and a double VCDX with both VCDX-DCV (Data Center) and VCDX-DT (Desktop). Previously part of the VMware Professional Services team as a Senior Consultant, Ray now works for the Desktop Technical Product Marketing BU at VMware. Ray joined the IT industry in 1997 as a Unix admin, before focusing on end user computing with Citrix MetaFrame and Terminal Services in the early days. In 2004 Ray joined an ISP providing managed hosting and Linux web applications, but soon discovered VMware ESX 2.5 (and GSX!) and passed his first VCP in 2007. Ray has many years of complex infrastructure design and delivery including the integration of VCE Vblock for both EUC and Cloud, and two highly successful 10,000+ user VMware Horizon View design and implementation engagements. This post originally appeared on Ray’s blog. Follow Ray on Twitter @rayheffer.
Related Posts:
How to Add a Linux Machine as PowerShell Host in vRO
Hybrid Cloud Manager Deployment Considerations
VMware Validated Design for SDDC 2.0 – Now Available
VMware Validated Design for SDDC 3.0 – Now Available!
VMware App Volumes Backup Utility Fling: Introduction
Securing Your PowerShell Execution and Password in…
Pingback: VMware Horizon 6 (View) Firewall and Network Ports Visualized | VMware Consulting Blog – VMware Blogs | configMgr
Pingback: VMware: Horizon 6, Mapa de Puertos y Firewall » Blog de Jorge de la Cruz
Pingback: [VMware] Horizon 6 View 利用ポートダイアグラム | virtual hive-jp
Great diagram! I know you mention the link for the full list of ports. I was wondering is there a reason you left off TCP 902 from Composer to the ESXi Hosts? I’ve been bit by this one before, and just wanted to check. Thanks!
Pingback: The Scoop – June Edition | vmnick
Pingback: Making NSX for Horizon 6 More Approachable | VMware End-User Computing Blog - VMware Blogs
Pingback: Making NSX for Horizon 6 More Approachable | VMware SMB Blog - VMware Blogs
Pingback: Fire Wall Design |
hi, i am able to connect through PCoIP and RDP, but i can’t connect w/ VMware Blast. All these ports seem to be open. any ideas?
omg this was amazing..have you do this already admin?
but i can’t connect w/ VMware Blast. All these ports seem to be open. any ideas?