Parallel and serial ports are interfaces for connecting peripherals to the virtual machine. The virtual serial port can connect to a physical serial port or to a file on the host computer.

You can also use it to establish a direct connection between two virtual machines or a connection between a virtual machine and an application on the host computer. You can add parallel and serial ports and change the parallel and serial port configuration. Hardware version 11 and later versions allow you to configure virtual machines in such a way that serial and parallel ports are absent from the virtual chipset altogether.

Starting with vSphere 8.0, you cannot add, remove, and configure parallel ports. For information, see https://kb.vmware.com/s/article/78978.

Using Serial Ports with vSphere Virtual Machines

You can set up virtual serial port connections for vSphere virtual machines in several ways. The connection method that you select depends on the task that you need to accomplish.

You can set up virtual serial ports to send data in the following ways.

Physical serial port on the host
Sets the virtual machine to use a physical serial port on the host computer. This method lets you use an external modem or a hand-held device in a virtual machine.
Output to file
Sends output from the virtual serial port to a file on the host computer. This method lets you capture the data that a program running in the virtual machine sends to the virtual serial port.
Connect to a named pipe
Sets a direct connection between two virtual machines or a connection between a virtual machine and an application on the host computer. With this method, two virtual machines or a virtual machine and a process on the host can communicate as if they were physical machines connected by a serial cable. For example, use this option for remote debugging of a virtual machine.
Connect over the network
Enables a serial connection to and from a virtual machine's serial port over the network. The Virtual Serial Port Concentrator (vSPC) aggregates traffic from multiple serial ports onto one management console. vSPC behavior is similar to physical serial port concentrators. Using a vSPC also allows network connections to a virtual machine's serial ports to migrate seamlessly when you use vMotion to migrate the virtual machine. For requirements and steps to configure the Avocent ACS v6000 virtual serial port concentrator, see http://kb.vmware.com/kb/1022303.

Server and Client Connections for Named Pipe and Network Serial Ports

You can select a client or server connection for serial ports. Your selection determines whether the system waits for a connection or initiates it. Typically, to control a virtual machine over a serial port, you select a server connection. This selection lets you control the connections, which is useful if you connect to the virtual machine only occasionally. To use a serial port for logging, select a client connection. This selection lets the virtual machine connect to the logging server when the virtual machine starts and to disconnect when it stops.

Supported Serial Ports

When you use a physical serial port for serial port passthrough from an ESXi host to a virtual machine, serial ports that are integrated into the motherboard are supported. A virtual machine can use up to 32 serial ports.

Unsupported Serial Ports

When you use a physical serial port for serial port passthrough from an ESXi host to a virtual machine, the serial ports connected through USB are not supported for serial port passthrough. They might be supported by USB passthrough from an ESXi host to a virtual machine. See USB Configuration from an ESXi Host to a Virtual Machine.

In addition, you cannot use Migration with VMotion when you use a physical serial port for serial passthrough.

Adding a Firewall Rule Set for Serial Port Network Connections

If you add or configure a serial port that is backed by a remote network connection, ESXi firewall settings can prevent transmissions.

Before you connect network-backed virtual serial ports, you must add one of the following firewall rule sets to prevent the firewall from blocking communication:

  • VM serial port connected to vSPC. Use to connect the serial port output through a network with the Use virtual serial port concentrator option enabled to allow only outgoing communication from the host.
  • VM serial port connected over network. Use to connect the serial port output through a network without the virtual serial port concentrator.
Important: Do not change the allowed IP list for either rule set. Updates to the IP list can affect other network services that might be blocked by the firewall.

For details about allowing access to an ESXi service through the firewall, see the vSphere Security documentation.

Configure Virtual Machine Communication Interface Firewall

You can configure the virtual machine Communication Interface firewall (VMCI) to restrict virtual machines accessing the hypervisor-based services and VMCI-based services.

You can restrict VMCI usage to a subset of VMCI-based services on each virtual machine. For example, you can allow certain virtual machines to access VMCI services and deny access to others for security reasons.

Currently, VMCI devices support guest to host communication. A virtual machine can communicate with VMCI services through the following means:
  • ESXi hypervisor
  • Services installed on the host operating system in the form of a vmkernel module
  • Applications installed by a verified vSphere Installation Bundle

Change the Serial Port Configuration

You can connect the virtual serial port to a physical serial port or to a file on the host computer. You can also use a host-side named pipe to set up a direct connection between two virtual machines or a connection between a virtual machine and an application on the host computer. In addition, you can use a port or vSPC URI to connect a serial port over the network. You can add up to 32 serial ports to a virtual machine.

Virtual machines can be in a powered-on state during configuration.

Prerequisites

  • Required privileges:
    • Virtual machine.Change Configuration.Modify device settings on the virtual machine.
    • Virtual machine.Interaction.Device connection on the virtual machine to change the device connection status.

Procedure

  1. Right-click a virtual machine in the inventory and select Edit Settings.
  2. On the Virtual Hardware tab, expand Serial port, and select a connection type.
    Option Action
    Use physical serial port Select this option to have the virtual machine use a physical serial port on the host computer. Select the serial port from the drop-down menu.
    Use output file Select this option to send output from the virtual serial port to a file on the host computer. Browse to select an output file to connect the serial port to.
    Use named pipe Select this option to set a direct connection between two virtual machines or a connection between a virtual machine and an application on the host computer.
    1. Type a name for the pipe in the Pipe Name field.
    2. Select the Near end and Far end of the pipe from the drop-down menus.
    Use Network Select Use network to connect through a remote network.
    1. Select the network backing.
      • Select Server to have the virtual machine monitor incoming connections from other hosts.
      • Select Client to have the virtual machine initiate a connection to another host.
    2. Enter a Port URI.

      The URI is the remote end of the serial port to which the virtual machine's serial port should connect.

    3. If vSPC is used as an intermediate step to access all virtual machines through a single IP address, select Use Virtual Serial Port Concentrator and enter the vSPC URI location.
    Printer Select Printer to connect to a remote printer.
  3. (Optional) Select Yield CPU on poll.
    Select this option only for guest operating systems that use serial ports in polled mode. This option prevents the guest from consuming excessive CPUs.
  4. (Optional) Select Connect at power on to connect the serial port when the virtual machine powers on.
  5. Click OK.

Example: Establishing Serial Port Network Connections to a Client or Server Without Authentication Parameters

If you do not use vSPC and you configure your virtual machine with a serial port connected as a server with a telnet://:12345 URI, you can connect to your virtual machine's serial port from your Linux or Windows operating system. 
telnet yourESXiServerIPAddress 12345
Similarly, if you run the Telnet Server on your Linux system on port 23 ( telnet://yourLinuxBox:23), you configure the virtual machine as a client URI. 
telnet://yourLinuxBox:23
The virtual machine initiates the connection to your Linux system on port 23.

Authentication Parameters for Virtual Serial Port Network Connections

When you establish serial port connections over the network, you can use authentication parameters to secure the network. These parameters can support an encrypted connection with a remote system using SSL over Telnet or Telnets, or an encrypted connection with a concentrator using SSL over Telnet or Telnets.

URI Forms

If you do not use virtual serial port network connection (vSPC) and you configure your virtual machine with a serial port connected as a server with a telnet://:12345 URI, you can connect to your virtual machine's serial port from your Linux or Windows operating system. You use one of the following formats:

  • Telnet over TCP. 
    telnet://host:port

    The virtual machine and remote system can negotiate and use SSL if the remote system supports the Telnet authentication option. If not, the connection uses unencrypted text (plain text).

  • Telnets over SSL over TCP. 
    telnets://host:port

    SSL negotiation begins immediately, and you cannot use the Telnet authentication option.

Authentication Parameters

For an encrypted connection, the URI includes a set of authentication parameters. Enter the parameters as key words or key/value pairs. You can enter authentication parameters for secure Telnet ( telnets), or for Telnet ( telnet) as shown in the following syntax: 
telnet://host:port #key[=value] [&key[=value] ...]

The first parameter must have a number sign (#) prefix. Additional parameters must have an ampersand (&) prefix. The following parameters are supported.

thumbprint= value
Specifies a certificate thumbprint against which the peer certificate thumbprint is compared. When you specify a thumbprint, certificate verification is enabled.
peerName= value
Specifies the peer name that is used to validate the peer certificate. When you specify a peer name, certificate verification is enabled.
verify
Forces certificate verification. The virtual machine will verify that the peer certificate subject matches the specified peerName and that it was signed by a certificate authority known to the ESXi host. Verification is enabled if you specify a thumbprint or peerName
cipherList= value
Specifies a list of SSL ciphers. The ciphers are specified as a list separated by colons, spaces, or commas.

Establishing Serial Port Network Connections to a Client or Server

Simple Server Connection
To connect to a virtual machine's serial port from a Linux or Windows operating system if you do not use vSPC, configure the virtual machine with a serial port connected as a server with a telnet://:12345 URI. To access a virtual serial port from a client, use telnet yourESXiServerIPAddress 12345.
Secure Server Connection
To enforce an encrypted connection to the virtual machine's serial port from a Linux operating system, you can configure Telnet to enforce encryption by configuring the virtual machine with a serial port connected as a server with a telnet://:12345#verify URI.
To access a virtual serial port from a client, use telnet-ssl yourESXServerName 12345. This connection will fail if the Telnet program you are using does not support SSL encryption.
Simple Client Connection

If you are running a Telnet server on your system and you want the virtual machine to automatically connect to it, you can configure the virtual machine as a client using telnet://yourLinuxBox:23.

The Virtual machine keeps initiating the Telnet connection to port 23 on yourLinuxBox.

Secure Client Connection

Additional URI options allow you to enforce a specific server certificate and restrict the ciphers being used. Virtual machines with a serial port configured as a client with telnet://ipOfYourLinuxBox:23#cipherList=DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA&peerName=myLinuxBoxName.withDomain will connect to ipOfYourLinuxBox only if the system supports one of two listed ciphers, and if it presents a trusted certificate issued to myLinuxBoxName.withDomain. Replace .withDomain with the full domain name, for example, example.org.

Add a Serial Port to a Virtual Machine

You can connect the virtual serial port to a physical serial port or to a file on the host computer. You can also use a host-side named pipe to set up a direct connection between two virtual machines or a connection between a virtual machine and an application on the host computer. In addition, you can use a port or vSPC URI to connect a serial port over the network. A virtual machine can use up to 32 serial ports.

Important: With virtual hardware version 11 and later, if you configure a virtual machine without serial ports, they are entirely removed from the virtual chipset and they are not visible to the virtual machine OS.

Prerequisites

Procedure

  1. Right-click a virtual machine in the inventory and select Edit Settings.
  2. On the Virtual Hardware tab, click the Add New Device button.
  3. Select Serial Port from the drop-down menu.
    The new serial port appears at the bottom of the device list.
  4. From the New Serial port drop-down menu, select a connection type.
    Option Action
    Use output file Select this option to send output from the virtual serial port to a file on the host computer. To select an output file to connect to the serial port, click Browse .
    Use physical serial port Select this option to have the virtual machine use a physical serial port on the host computer. Select the serial port from the drop-down menu.
    Use named pipe Select this option to set a direct connection between two virtual machines or a connection between a virtual machine and an application on the host computer.
    1. Enter a name for the pipe in the Pipe Name field.
    2. Select the Near end and Far end of the pipe from the drop-down menus.
    Use Network To connect through a remote network, select Use network.
    1. Select the network backing.
      • To have the virtual machine monitor incoming connections from other hosts, select Server.
      • To have the virtual machine initiate a connection to another host, select Client.
    2. Enter a Port URI.

      The URI is the remote end of the serial port to which the virtual machine's serial port should connect.

    3. If vSPC is used as an intermediate step to access all virtual machines through a single IP address, select Use Virtual Serial Port Concentrator and enter the vSPC URI location.
  5. (Optional) Select Yield CPU on poll.
    Select this option only for guest operating systems that use serial ports in polled mode. This option prevents the guest from consuming excessive CPUs.
  6. Click OK.

Example: Establishing Serial Port Network Connections to a Client or Server Without Authentication Parameters

If you do not use vSPC and you configure your virtual machine with a serial port connected as a server with a telnet://:12345 URI, you can connect to your virtual machine's serial port from your Linux or Windows operating system. 
telnet yourESXiServerIPAddress 12345
Similarly, if you run the Telnet Server on your Linux system on port 23 ( telnet://yourLinuxBox:23), you configure the virtual machine as a client URI. 
telnet://yourLinuxBox:23
The virtual machine initiates the connection to your Linux system on port 23.