The operation of VMware Site Recovery requires certain ports to be open.

The components that make up the VMware Site Recovery service, namely vCenter Server, vSphere Web Client, Site Recovery Manager Server, the vSphere Replication appliance, and vSphere Replication servers, require different ports to be open. You must ensure that all the required network ports are open for VMware Site Recovery to function correctly.

vCenter Server and ESXi Server network port requirements for Site Recovery Manager 8.0

Site Recovery Manager requires certain ports to be open onvCenter Server, Platform Services Controller, and on ESXi Server.

Default Port

Protocol or Description

Source

Target

Description

443

HTTPS

Site Recovery Manager

vCenter Server

Default SSL Web port.

443

HTTPS

Site Recovery Manager

Platform Services Controller (PSC)

Traffic from Site Recovery Manager Server to local and remote Platform Services Controller.

443

HTTPS

Site Recovery Manager on the recovery site

Recovery site ESXi host.

Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with configured IP customization, or callout commands on recovered virtual machines.

902

TCP and UDP

Site Recovery Manager Server on the recovery site.

Recovery site ESXi host.

Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.

Site Recovery Manager Server 8.0 network ports

The Site Recovery Manager Server instances on the protected and recovery sites require certain ports to be open.

Default Port

Protocol or Description

Source

Target

Endpoints or Consumers

443

HTTPS

Site Recovery Manager

vCenter Server

Default SSL Web Port for incoming TCP traffic.

443

HTTPS

Site Recovery Manager

Platform Services Controller

Traffic from Site Recovery Manager Server to local and remote Platform Services Controller.

443

HTTPS

Site Recovery Manager on the recovery site

Recovery site ESXi host.

Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with configured IP customization, or callout commands on recovered virtual machines.

902

TCP and UDP

Site Recovery Manager Server on the recovery site.

Recovery site ESXi host.

Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.

1433

TCP

Site Recovery Manager

Microsoft SQL Server

Site Recovery Manager connectivity to Microsoft SQL Server (for Site Recovery Manager database)

1521

TCP

Site Recovery Manager

Oracle Database Server

Site Recovery Manager database connectivity to Oracle.

1526

TCP

Site Recovery Manager

Oracle Database Server

Site Recovery Manager database connectivity to Oracle.

9086

HTTPS

vSphere Web Client

Site Recovery Manager

All management traffic to Site Recovery Manager Server goes to this port. This includes traffic by external API clients for task automation and HTTPS interface for downloading the UI plug-in and icons. This port must be accessible from the vCenter Server proxy system. Used by vSphere Web Client to download the Site Recovery Manager client plug-in.

Site Pairing Port Requirements

Port

Source

Target

Description

9086

vCenter Server

Site Recovery Manager Server on target site

From the ESXi host at the protected site to the vSphere Replication appliance at the recovery site.

9086

Site Recovery Manager Server

Site Recovery Manager Server on target site

From the ESXi host at the protected site to the vSphere Replication appliance at the recovery site.

443

Site Recovery Manager

Platform Services Controller and vCenter Server

Site Recovery Manager to vCenter Server communication - local and remote.

Network ports that must be open on Site Recovery Manager and vSphere Replication Protected and Recovery sites

Site Recovery Manager and vSphere Replication require that the protected and recovery sites can communicate.

Port

Protocol or Description

Source

Target

Endpoints or Consumers

31031

Initial replication traffic

ESXi host

vSphere Replication appliance on the recovery site

From the ESXi host at the protected site to the vSphere Replication appliance at the recovery site

8043

HTTPS

Site Recovery Manager

vSphere Replication appliance on the recovery and protected sites

Management traffic between Site Recovery Manager instances and vSphere Replication appliances.

vSphere Replication 8.0 appliance network ports

Table 1.

Port

Protocol or Description

Source

Target

Endpoints or Consumers

80

TCP

vSphere Replication appliance

All local and remote PSCs in same vCenter Single Sign-On domain (only if external Platform Services Controller is used)

All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system.

80

TCP

vSphere Replication appliance

Local vCenter Server

All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system.

80

HTTP

vSphere Replication server in the vSphere Replication appliance

ESXi host (intra-site)

Used to establish the connection before initial replication starts.

443

TCP

vSphere Replication appliance

All local and remote Platform Services Controllers in same SSO domain (only if external Platform Services Controller is used)

All management traffic to the vSphere Replication appliance.

443

TCP

vSphere Replication appliance

Local and remote vCenter Server

All management traffic to the vSphere Replication appliance.

902

TCP and UDP

vSphere Replication server in the vSphere Replication appliance on secondary site

ESXi host (intra-site) on secondary site

Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts.

5480

HTTPS

Browser

vSphere Replication appliance

vSphere Replication virtual appliance management interface (VAMI) Web UI. Required only for on-premises site, not required for VMware Cloud on AWS site.

7444

TCP

vSphere Replication appliance

vCenter Server (intra-site)

7444

TCP

vCenter Server

All local and remote PSCs

8123

SOAP

vSphere Replication appliance

vSphere Replication server

Intra-site management traffic from the vSphere Replication Management server to additional vSphere Replication servers in the environment.

10443

HTTPS

vSphere Web Client on the primary site

vCenter Server Inventory Service on the target site

ThevSphere Replication UI uses the Inventory Service of the remote vCenter Server to list target datastores.

31031

Initial and ongoing replication traffic

ESXi host on source site

vSphere Replication server in the vSphere Replication appliance on the secondary site or an external vSphere Replication server on the secondary site

Initial and outgoing replication traffic from the ESXi host at the source site to the vSphere Replication appliance or vSphere Replication server at the target site.

vSphere Replication server network ports

If you deploy additional vSphere Replication servers, ensure that the subset of the ports that vSphere Replication servers require are open on those servers.

Table 2.

Port

Protocol or Description

Source

Target

Endpoints or Consumers

902

TCP and UDP

vSphere Replication server in the vSphere Replication appliance on secondary site

ESXi host (intra-site) on secondary site

Traffic (specifically the NFC service to the destination ESXi servers) between the vSphere Replication server and the ESXihosts on the same site.

5480

VAMI Web UI for additional vSphere Replication servers

Browser

vSphere Replication server

Administrator's web browser. Required only for on-premises site, not required for VMware Cloud on AWS site.

8123

SOAP

vSphere Replication Management server

vSphere Replication server

Intra-site management traffic from the vSphere Replication appliance or vSphere Replication Management server to the vSphere Replication servers.

31031

Initial and ongoing replication traffic

ESXi host on source site

vSphere Replication server

From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.