Technical Guides By Product VMware Horizon

Network Ports Diagram for VMware Horizon 6.1.1

vmware_horizon_6_network_ports_diagram_revised

For three years, I have been maintaining a diagram detailing all of the network ports used by VMware Horizon 6 (the VMware End-User-Computing product set that includes View), and I am pleased to share the third version for the latest release. The recent release of VMware Horizon 6 version 6.1.1 (June 2015) brought many new features and changes. To reflect these changes, this version of the diagram has many new components, such as connections to Linux virtual desktops, the new JMS enhanced security mode (JMS SSL), App Volumes, and RDSH hosts, to name just a few.

I have also taken the opportunity to separate tunneled connections (such as PCoIP Secure Gateway and Blast Secure Gateway) at the top of the diagram, from direct connections at the bottom.

The VMware Horizon 6 Network Ports diagram is a high-resolution PDF, 20 inches by 16 inches, suitable for printing at 200%! Feel free to use it as a wall poster!

Key Firewall Considerations for VMware Horizon 6

Following are key port numbers from the Horizon 6 Network Ports diagram:

  • TCP / UDP 4173: PCoIP port used internally on RDSH hosts

(See Setting Up Desktop and Application Pools in View, in the View PCoIP General Session Variables table, the settings Configure the TCP port to which the PCoIP host binds and listens and Configure the UDP port to which the PCoIP host binds and listens.)

  • TCP 4002: JMS enhanced security mode (SSL)
  • TCP 5443: WebSocket port for Linux virtual desktop direct connections. Horizon Client 3.4 or later is recommended.
  • TCP 8443: WebSocket port for Linux virtual desktop connections by way of Blast Secure Gateway. Horizon Client 3.4 or later is recommended.
  • TCP 8472: View interpod API (VIPA, Cloud Pod Architecture)
  • TCP 22389: Global ADLDS (Cloud Pod Architecture)
  • HTTPS (443): Horizon Client access, authentication, and RDP tunnel (HTTPS Secure Gateway)*
  • HTTPS (8443): Used for HTML Access. Note: HTML Access for Linux virtual desktops is not officially supported, although most browsers do work.
  • HTTPS (22443): HTML Access to Windows virtual desktops
  • TCP 9427: Used by Windows multimedia redirection (MMR) and Client Drive Redirection (CDR)
  • TCP 32111: USB redirection
  • ESP (Protocol 50): Used for View security server and View Connection Server IPsec communication. (Requires Windows Firewall with Advanced Security to be enabled.)
  • UDP 500: IPsec negotiation for View security server and View Connection Server communication and pairing

*I would also like to point out that if you enable HTTP(S) Secure Gateway, then MMR, CDR, and USB redirection channels will use HTTPS.

Download the Horizon 6 Network Ports diagram as a handy reference tool. For a full list of network ports, refer to the latest Horizon 6 documentation.