To successfully connect to Horizon Cloud Service, allow the ports listed in the table below across the IPsec VPN, Dedicated Connection, MPLS, Network Exchange, or existing rack.

Source Destination Ports in Use Description
Horizon Cloud Service Your Active Directory infrastructure

TCP/389

UDP/389

Authenticates users to the Horizon Client VMware Horizon Cloud Service User Portal and the VMware Horizon Cloud Service Administration Console using LDAP or LDAP SASL GSSAPI for secure authentication. The configured user groups and their members are cached in the tenant infrastructure for performance purposes.
Horizon Cloud Service Your Active Directory infrastructure TCP/3268 Performs Active Directory Global Catalog lookup and searches
Horizon Cloud Service Your Active Directory infrastructure

TCP/88

UDP/88

Used for Kerberos authentication
Horizon Cloud Service Your DNS

TCP/53

UDP/53

Used for DNS
Horizon Cloud Service Your DHCP or DHCP relay server

UDP/67

UDP/68

Used for DHCP and DHCP relay
Horizon Cloud Service RSA authentication manager UDP/5500 Communicates with the RSA authentication manager when the tenant is using SecurID. The authentication manager can be located in a different data center from the tenant appliances. A high-availability authentication manager used for failover can also be located remotely.
Horizon Cloud Service Your RADIUS server

UDP/1812

UDP/1813

Communicates with RADIUS-based authentication when the tenant is using RADIUS
Your Site and Endpoint Device Horizon Cloud Service

TCP/8443

UDP/8443

Used for Blast Extreme
Your Site and Endpoint Device Horizon Cloud Service

TCP/443

UDP/443

Used for Blast Extreme
Your Site and Endpoint Device Horizon Cloud Service

TCP/4172

UDP/4172

Used for PCoIP
Your Site and Endpoint Device Horizon Cloud Service

TCP/80

TCP/443

Accesses the VMware Horizon Cloud Service User Portal and the VMware Horizon Cloud Service Administration Console. Also used by the native Horizon Client to initially connect to Horizon Cloud Service resources. If remote access is enabled, the User Portal must be publicly available. Port 80 redirects to port 443.
Your Site and Endpoint Device Horizon Cloud Service TCP/443 Used for portal access within the Administration Console