VMware Horizon 6 (View) Firewall and Network Ports Visualized

By Ray Heffer, VCDX#122, VMware EUC Architect

Back in April 2012, I posted on my blog my original Horizon View network firewall ports diagram. Over the past two years, it’s been used widely both internally at VMware and in the community. Since Horizon 6 just recently released, I thought I’d create a brand new full size diagram to include Cloud Pod Architecture. This updated diagram contains a better layout and a new color theme to boot! This image is 3767 x 2355 pixels, so simply click it to enlarge then ‘Save Image’ to get the full size HD version.

You’ll notice the addition of VIPA (View inter-pod API) and ADLDS port 22389 which are both used for Cloud Pod Architecture. Bear in mind that between your View Pods, you will still require the usual Active Directory ports.

Key Firewall Considerations for VMware Horizon 6

TCP 8472: View interpod API (Cloud Pod Architecture) – NEW
TCP 22389: Global ADLDS (Cloud Pod Architecture) – NEW
HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)
HTTPS (8443): Used by HTML Access (Blast)
HTTPS (22443): HTML Access (Blast) to Virtual Desktops
TCP 9427: Used by Windows multimedia redirection (MMR)
TCP 32111: USB Redirection
ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.

For a full list of network ports please refer to the latest Horizon 6 documentation: https://www.vmware.com/support/pubs/view_pubs.html

Ray Heffer is an EUC Architect working at VMware and a double VCDX with both VCDX-DCV (Data Center) and VCDX-DT (Desktop). Previously part of the VMware Professional Services team as a Senior Consultant, Ray now works for the Desktop Technical Product Marketing BU at VMware. Ray joined the IT industry in 1997 as a Unix admin, before focusing on end user computing with Citrix MetaFrame and Terminal Services in the early days. In 2004 Ray joined an ISP providing managed hosting and Linux web applications, but soon discovered VMware ESX 2.5 (and GSX!) and passed his first VCP in 2007. Ray has many years of complex infrastructure design and delivery including the integration of VCE Vblock for both EUC and Cloud, and two highly successful 10,000+ user VMware Horizon View design and implementation engagements. This post originally appeared on Ray’s blog. Follow Ray on Twitter @rayheffer.