When you connect your client to ESXi hosts through vCenter Server, certain ports are required for user and administrator communication with virtual machine consoles. These ports support different client functions, interface with different layers on ESXi, and use different authentication protocols.

How you connect to the virtual machine console depends on whether you are using the vSphere Web Client or whether you are using a different client such as the vSphere SDK.

Connecting by Using the vSphere Web Client

When you are connecting with the vSphere Web Client, you always connect to the vCenter Server that manages the host, and access the virtual machine console from there.

The following ports are involved.

Port 9443 and Port 9090

The vSphere Web Client uses port 9443 for HTTPS communication with vCenter Server and port 9090 for HTTP communication with vCenter Server. Once users can accessvCenter Server, they can also access individual ESXi hosts and virtual machines.

These ports can be changed during vSphere Web Client installation.

Port 443 and Port 902

Open ports 443 and 902 in the firewall to allow data transfer to ESXi hosts from vCenter Server if you have a firewall between your vCenter Server system and the ESXi host managed by vCenter Server.

Figure 1. Port Use for vSphere Web Client Communications with an ESXi Host Managed by vCenter Server
Port use for vSphere client communications with ESXi

For additional information on configuring the ports, see the firewall system administrator.

Connecting Through vCenter Server with the vSphere Client

When you are connecting with the vSphere Client, the required ports depend on whether you connect directly to the ESXi host or you connect to a vCenter Server system.

Port 443

Port 443 connects clients such as the vSphere Web Services SDK to ESXi through the Tomcat Web service or the SDK. The host process multiplexes port 443 data to the appropriate recipient for processing.

When the vSphere SDK is connected directly to ESXi, it can use this port to support any management functions related to the host and its virtual machines. Port 443 is the port that clients such as the vSphere SDK assume is available when sending data to ESXi. VMware does not support configuring a different port for these connections.

Port 902

This is the port that vCenter Server assumes is available for receiving data from ESXi.

Port 902 connects vCenter Server to the host through the VMware Authorization Daemon (vmware-authd). This daemon multiplexes port 902 data to the appropriate recipient for processing. VMware does not support configuring a different port for this connection.

Connecting Directly with the vSphere Client

With the vSphere Client, you can connect directly to an ESXi host.

Port 902

The vSphere Client uses this port to provide a connection for guest operating system MKS activities on virtual machines. It is through this port that users interact with the guest operating systems and applications of the virtual machine. VMware does not support configuring a different port for this function.