Reference: Network connectivity requirements for View 4.5 and later
For successful network connectivity in VMware View Manager 4.5 and later, ensure that:
- Connection Servers, Replica Servers, and Transfer Servers use Static IPs.
- Replica Server is on the same LAN as the Connection Server. Replication over WAN is not supported.
- Ensure that these required ports allow incoming connections.
Note: All ports are TCP, unless specified otherwise.
- TCP Ports for View Connection Server and Replica Server Instances
Source Destination Port Protocol View Desktop Connection Server 4001 JMS Replica Connection Servers Connection Server 4100 JMSIR Admin Browser Connection Server 80 HTTP Admin Browser Connection Server 443 HTTPS Client 1 Connection Server 4172 PCoIP
(TCP and UDP)Client 2 Connection Server 443 HTTPS Connection Server 1 View Desktop Subnet 4172 PCoIP Connection Server 2 View Desktop Subnet 3389 RDP Connection Server Virtual Center Server 443 HTTPS Connection Server Virtual Center Server 80 HTTP Connection Server Virtual Center Server
(View Composer)18443 HTTPS
- TCP Ports for View Security Server
Source Destination Port Protocol Client Security Server 443 HTTPS Client Security Server 80 HTTP Client 1 Security Server 4172 PCoIP
(TCP and UDP)Security Server1 View Desktop Subnet 4172 PCoIP
(TCP and UDP)Security Server View Desktop Subnet 3389 RDP Security Server View Desktop 9427 MMR Security Server Connection Server 8009 AJP13 Security Server Connection Server 4001 JMS Security Server Connection Server 500 IPSec (UDP) Security Server Connection Server 4500 NAT-T ISAKMP (UDP) Connection Server Security Server 500 IPSec (UDP) Connection Server Security Server 4500 NAT-T ISAKMP (UDP) Security Server Connection Server ESP (IP Protocol 50)
Note: Port 80 is required if SSL is disabled.
- TCP Ports for View Agent
Source Destination Port Protocol Client View Desktop 3389 RDP Connection Server2 View Desktop 3389 RDP Client View Desktop 4172 PCoIP(TCP and UDP) Connection Server1 View Desktop 4172 PCoIP(TCP and UDP) Security Server1 View Desktop 4172 PCoIP(TCP and UDP) Client View Desktop 32111 USB Redirection Client View Desktop
(Physical Only)42966 HP RGS Client View Desktop 9427 MMR View Desktop Connection Server 4001 JMS
- TCP Ports for Local Mode
Source Destination Port Protocol Security Server View Transfer Server 80 HTTP Security Server View Transfer Server 443 HTTPS View Client with Local Mode View Transfer Server 80 HTTP View Client with Local Mode View Transfer Server 443 HTTPS View Connection Server ESX Host 902 Disk Transfers View Connection Server View Transfer Server 80 HTTP View Connection Server View Transfer Server 443 HTTPS View Transfer Server View Connection Server 4001 JMS View Transfer Server ESX Host 902 Disk Transfers
- UDP Ports for View Connection Server and RSA SecurID Authentication Manager
Source Destination Port Protocol View Connection Server RSA SecurID Authentication Manager 5500 2-Factor Authentication
- Firewall rules for DMZ-based Security Servers
- Front-End Firewall Rules
Source Destination Port Protocol Any External IP Security Server 80 HTTP Any External IP Security Server 443 HTTPS Any External IP Security Server1 4172 PCoIP
(TCP and UDP)
- Back-End Firewall Rules
Source Destination Port Protocol Security Server View Transfer Server 80 HTTP Security Server View Transfer Server 443 HTTPS Security Server Connection Server 8009 AJP13 Security Server Connection Server 4001 JMS Security Server View Desktop 3389 RDP Security Server 1 View Desktop 4172 PCoIP
(TCP and UDP)Security Server View Desktop 32111 USB Redirection Security Server Connection Server 500 IPSec (UDP) Security Server Connection Server 4500 NAT-T ISAKMP (UDP) Connection Server Security Server 500 IPSec (UDP) Connection Server Security Server 4500 NAT-T ISAKMP (UDP)
- Front-End Firewall Rules
- TCP ports for HTML3 access
Source Destination Port Protocol Client Connection Server 443 HTTPS Client 4 Connection Server 8443 HTML Client Security Server 443 HTTPS Client 4 Security Server 8443 HTML Connection Server 4 View Desktop 22443 HTML Security Server 4 View Desktop 22443 HTML Client 5 View Desktop 22443 HTML
- TCP ports for VMware vCenter Operations Manager for Horizon View (vCOps)
Source Destination Port Protocol View Connection Server vCOps Analytics VM 3091 Java RMI 6 View Desktop vCOps Analytics VM 3091 Java RMI 7 View Desktop vCOps Analytics VM 3092 Java RMI 7 View Connection Server vCOps Analytics VM 3093 Java RMI 6 View Connection Server vCOps Analytics VM 3094 Java RMI 7
- TCP Ports for View Connection Server and Replica Server Instances
- 1 In VMware View 4.6 and later, when using PCoIP Secure Gateway on the Connection Server or Security Server.
- 2 When RDP protocol is tunneled through the Connection Server or Security Server.
- 3 Only for View 5.2 with Feature pack 1 and later releases of View
- 4 If using Blast Secure Gateway
- 5 Not using Blast Secure Gateway
- 6 Standard encoded RMI
- 7 RMI over SSL
For large deployments, optimize the ephemeral ports and the TCB hash table size in the Windows operating system.
For more information, see the VMware Horizon View Architecture Planning section in the VMware Horizon View Architecture Planning Guide.
Notes:
- Port 902 TCP must be open between View Composer service to each ESXi host. For more information, see the View TCP and UDP Ports section in the VMware Horizon View Security Reference Guide.
- Port 443 must be opened between vCenter Server and standalone View Composer
- Port 4172 UDP must be open in both inbound and outbound directions.
- Port 4172 TCP needs to be open in an inbound direction only.
No comments:
Post a Comment