VMware ESX Manual

A SERVICE OF

next previous

VMware, Inc. 77

Chapter 6 Installing VMware Infrastructure Management

Duringnormaloperations,VirtualCenterislisteningfordatafromitsmanagedhosts

andclientsondesignatedports.Additionally,themanagedhostsarelisteningfordata

fromVirtualCenterondesignatedports.Ifafirewallexistsbetweenanyofthese

elements,aholemustbecreatedtoallowdatatransfertothesedesignated

ports.

Thefollowingsectionsdescribehowtofacilitatethiscommunication.Forinformation

onSDKcommunications,seetheVMwareSDKdocumentation.Foramorethorough

discussionoffirewallconfiguration,seetheServerConfigurationGuide.

Connecting to Your VirtualCenter Server Through a Firewall

ThedefaultportsthattheVirtualCenter Serverusestolistenforconnectionsfromthe

VI Clientareports80,443,and902.TheVirtualCenter Serveralsousesport443tolisten

fordatatransferfromtheVIWebAccessClientandotherSDKclients.

IfyouhaveafirewallbetweenyourVirtualCenter Serverandits

clients,youmust

configureameansfortheVirtualCenter Servertoreceivedatafromthem.

ToenabletheVirtualCenter ServertoreceivedatafromtheVI Client,openports80,

443,and902inthefirewalltoallowdatatransferfromtheVI Clienttothe

VirtualCenter Server.ToenabletheVirtualCenter Servertoreceivedatafrom

theVI

WebAccessClient,openport443inthefirewall.Consultyourfirewallsystem

administratorforadditionalinformationonconfiguringportsinafirewall.

IfyouwanttheVirtualCenter ServertouseadifferentporttoreceiveVI Clientdata,see

BasicSystemAdministration.

TotunneltheVI Clientdatathroughthefirewall

tothereceivingportonthe

VirtualCenter Server,seeBasicSystemAdministration.VMwaredoesnotrecommended

thismethodbecauseitdisablestheVirtualCenterconsolefunction.

Connecting to Your Managed Hosts Through a Firewall

Port902isthedefaultportthatVirtualCenterusestosenddatatothemanagedhosts.

IfyouhaveafirewallbetweenyourVirtualCenter ServerandVirtualCentermanaged

host,youmustconfigureameansfortheVirtualCenter Servertosenddatatothe

VirtualCentermanagedhost.

Ifyouhaveafirewallbetweentwo

VirtualCentermanagedhostsandyouwantto

performanysourceortargetactivities,suchasmigrationorcloning,youmust

configureameansforthemanagedhoststoreceivedata.

ManagedhostsalsosendaregularheartbeatoverUDPport902tothe

VirtualCenter Server.Thisportmustnotbeblocked

byfirewalls.