To successfully connect to Horizon Cloud Service, allow the ports listed in the table below across the IPsec VPN, Dedicated Connection, MPLS, Network Exchange, or existing rack.
| Source | Destination | Ports in Use | Description |
|---|---|---|---|
| Horizon Cloud Service | Your Active Directory infrastructure | TCP/389 UDP/389 |
Authenticates users to the Horizon Client VMware Horizon Cloud Service User Portal and the VMware Horizon Cloud Service Administration Console using LDAP or LDAP SASL GSSAPI for secure authentication. The configured user groups and their members are cached in the tenant infrastructure for performance purposes. |
| Horizon Cloud Service | Your Active Directory infrastructure | TCP/3268 | Performs Active Directory Global Catalog lookup and searches |
| Horizon Cloud Service | Your Active Directory infrastructure | TCP/88 UDP/88 |
Used for Kerberos authentication |
| Horizon Cloud Service | Your DNS | TCP/53 UDP/53 |
Used for DNS |
| Horizon Cloud Service | Your DHCP or DHCP relay server | UDP/67 UDP/68 |
Used for DHCP and DHCP relay |
| Horizon Cloud Service | RSA authentication manager | UDP/5500 | Communicates with the RSA authentication manager when the tenant is using SecurID. The authentication manager can be located in a different data center from the tenant appliances. A high-availability authentication manager used for failover can also be located remotely. |
| Horizon Cloud Service | Your RADIUS server | UDP/1812 UDP/1813 |
Communicates with RADIUS-based authentication when the tenant is using RADIUS |
| Your Site and Endpoint Device | Horizon Cloud Service | TCP/8443 UDP/8443 |
Used for Blast Extreme |
| Your Site and Endpoint Device | Horizon Cloud Service | TCP/443 UDP/443 |
Used for Blast Extreme |
| Your Site and Endpoint Device | Horizon Cloud Service | TCP/4172 UDP/4172 |
Used for PCoIP |
| Your Site and Endpoint Device | Horizon Cloud Service | TCP/80 TCP/443 |
Accesses the VMware Horizon Cloud Service User Portal and the VMware Horizon Cloud Service Administration Console. Also used by the native Horizon Client to initially connect to Horizon Cloud Service resources. If remote access is enabled, the User Portal must be publicly available. Port 80 redirects to port 443. |
| Your Site and Endpoint Device | Horizon Cloud Service | TCP/443 | Used for portal access within the Administration Console |
