Network Port Diagram - Horizon View Reference Sheet

Updated October 2013

Source: VMware KB 2061913

Network Port Diagram VMware Horizon View

Version: 1.0
Naming Convention Example

Opened Ports

4172 / PCoIP (16, 20, 21, 22)

Horizon View
Client with
Local Mode

HTML Blast
Client

(59)

Protocol

Ref. #

Legend

443 / HTTPS (14, 15)

3389 / RDP (17)

Unidirectional Communication

32111 / USB Redirection (19)

Bi-directional Communication
3389 / TCP (17)

80 / TCP (13)

443 / TCP (14)

443 / TCP (14)

80 / TCP (13)

9427 / TCP

(18)

32111 / TCP (19)

Horizon View Security Server

FIREWALL

9427 / TCP

443 / TCP (15)

8443 / TCP (45)

DMZ

Port #

4172 / UDP, TCP (11)

80 / HTTP (13)

Opened Ports

443 / HTTPS (14)

500 / IPSec (3)

80 / HTTP (13)

4500 / NAT-T ISAKMP (6)

4172 / PCoIP (2)

FIREWALL
4172 / UDP, TCP (1,10)

3389 / TCP (7)

Transfer
Server

22443 / TCP (44)

500 / UDP (3)

4500 / UDP (6)

4001 / TCP (4)

8009 / TCP (5)

HTML Blast
Client

(8)

32111 / TCP (9)

80 / TCP (34)

443 / TCP (35)

Horizon View
Client

View Agent 5.2 or Later

Opened Ports
4172 / PCoIP (10, 11, 12, 20, 21, 25, 29)
3389 / RDP (7, 17, 28)
9427 / MMR (8, 18, 30)

22443 / TCP (44)

4001 / TCP

32111 / USB Redirection (9, 19, 31)

(41)

443 / TCP (15)

8443 / TCP (45)

80 / TCP (13)

(18)

443 / TCP (14)

9427 / TCP

4172 / UDP, TCP (16,22)

INTERNAL

902 / TCP,UDP

Horizon View Client

4172 / UDP, TCP (22,16)

EXTERNAL

Source: VMware KB 2061913

ESXi

Horizon View Connection Server

Opened Ports
4001 / JMS (4,32,41)

32111 / TCP (30)

(31)

443 / TCP (24)

80 / TCP (23)

443 / TCP (24)

80 / TCP (23)

4172 / PCoIP (16,26)

9427 / TCP

443 / HTTPS (15)

3389 / TCP (28)

For more information on

the ports betweern
ESXi and vCenter see
the Knowledge Base
article (2054806)

80 / HTTP (13)

4172 / UDP, TCP (25)

4100 / JMSIR (27)

389 / TCP

vCenter

(46)

Horizon View Connection Server

Composer

902 / TCP (33)

Opened Ports
4001 / JMS (4,32,41)
4100 / JMSIR (27)

4100 / TCP

(27)

80 / HTTP (13)
443 / HTTPS (15)

Active Directory
Domain Controller

4172 / PCoIP (16,26)

389 / TCP

(46)

4001 / TCP (32)

22443 / TCP (44)
32111 / TCP (30)
4172 / UDP, TCP (25)
9472/ TCP (31)
SUPPORT READINESS
TRAINING

3389 / TCP (44)

This document was created using the official VMware icon and diagram library. Copyright 2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware does not endorse or make any representations about third party information
included in this document, nor does the inclusion of any VMware icon or diagram in this document imply such an endorsement. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. Product names, logos and trademarks of other companies which are used in this document remain the property of those other companies.

Reference for Port Diagram

Ref #

Source

Port

Target

Port

Protocol

Description

Security server

View Agent

4172

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Security server

4172

View Client

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

Security server

500

View Connection
Server

500

UDP

IPsec negotiation traffic.

Security server

View Connection
Server

4001

TCP

JMS traffic.

Security server

View Connection
Server

8009

TCP

AJP13-forwarded Web traffic, if not using IPsec or not using NAT.

Security server

4500

View Connection
Server

4500

UDP

AJP13-forwarded Web traffic, when using IPsec through a NAT

device.

Security server

View Agent

3389

TCP

Microsoft RDP traffic to View desktops.

Security server

View Agent

9427

TCP

Wyse MMR redirection.

Security server

View Agent

32111

TCP

USB redirection.

10

Security server

View Agent

4172

TCP

PCoIP (HTTPS) if PCoIP Secure Gateway is used.

11

View Agent

4172

View Client

UDP

PCoIP, if PCoIP Secure Gateway is not used.

12

View Agent

4172

View Connection
Server or security
server

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

13

View Client

View Connection
Server or security
server

80

TCP

SSL (HTTPS access) is enabled by default for client connections,

but port 80 (HTTP access) can be used in certain cases. SeeNotes
and Caveats for TCP and UDP Ports Used by View.

14

View Client

View security server 443

TCP

HTTPS access. Port 443 is enabled by default for client

connections. Port 443 can be changed.
Connection attempts over HTTP to port 80 are redirected to port
443 by default, but port 80 can service client connections if SSL
is off-loaded to an intermediate device. You can reconfigure the
redirection rule if the HTTPS port was changed. SeeChange the
Port Number for HTTP Redirection.

15

View Client

View Connection
Server

443

TCP

HTTPS access. Port 443 is enabled by default for client

connections. Port 443 can be changed.
Client connection attempts to port 80 are redirected to port 443
by default, but port 80 can service client connections if SSL is offloaded to an intermediate device. Connection attempts to port 80
to reach View Administrator are not redirected. You must connect
over HTTPS to reach View Administrator.
You can prevent HTTP redirection and force clients to use HTTPS.
SeePrevent HTTP Redirection for Client Connections.

Ref #

Source

Port

Target

Port

Protocol

Description

16

View Client

View Connection
Server or security
server

4172

TCP

PCoIP (HTTPS) if PCoIP Secure Gateway is used.

17

View Client

View Agent

3389

TCP

Microsoft RDP traffic to View desktops if direct connections are

used instead of tunnel connections.

18

View Client

View Agent

9427

TCP

Wyse MMR redirection if direct connections are used instead of

tunnel connections.

19

View Client

View Agent

32111

TCP

USB redirection if direct connections are used instead of tunnel

connections.

20

View Client

View Agent

4172

TCP

PCoIP (HTTPS) if PCoIP Secure Gateway is not used.

21

View Client

View Agent

4172

UDP

PCoIP, if PCoIP Secure Gateway is not used.

22

View Client

View Connection
Server or security
server

4172

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway is used.

23

View Connection
Server

vCenter Server or
View Composer

80

TCP

SOAP messages if SSL is disabled for access to vCenter Servers or

View Composer.

24

View Connection
Server

vCenter Server or
View Composer

443

TCP

SOAP messages if SSL is enabled for access to vCenter Servers or

View Composer.

25

View Connection
Server

View Agent

4172

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway via the View

Connection Server is used.

26

View Connection
Server

4172

View Client

UDP

PCoIP (not SALSA20) if PCoIP Secure Gateway via the View

Connection Server is used.

27

View Connection
Server

View Connection
Server

4100

TCP

JMS inter-router traffic.

28

View Connection
Server

View Agent

3389

TCP

Microsoft RDP traffic to View desktops if tunnel connections via

the View Connection Server are used.

29

View Connection
Server

View Agent

4172

TCP

PCoIP (HTTPS) if PCoIP Secure Gateway via the View Connection

Server is used.

30

View Connection
Server

View Agent

9427

TCP

Wyse MMR redirection if tunnel connections via the View

Connection Server are used.

31

View Connection
Server

View Agent

32111

TCP

USB redirection if tunnel connections via the View Connection

Server are used.

32

View Agent

View Connection
Server instances

4001

TCP

JMS traffic.

33

View Composer
service

ESXi host

902

TCP

Used when View Composer customizes linked-clone disks,

including View Composer internal disks and, if they are specified,
persistent disks and system disposable disks.

34

Security server

View Transfer Server 80

TCP

Local desktop check-out, check-in, and replication if tunnel

connections are used and SSL is disabled for local mode
operations.

Ref #

Source

Port

Target

35

Security server

36

View Client with

Local Mode

37

Port

Protocol

Description

View Transfer Server 443

TCP

Local desktop check-out, check-in, and replication if tunnel

connections are used and SSL is enabled for local mode
operations.

View Transfer Server 80

TCP

Local desktop check-out, check-in, and replication if direct

connections are used instead of tunnel connections, and SSL is
disabled for local mode operations.

View Client with

Local Mode

View Transfer Server 443

TCP

Local desktop check-out, check-in, and replication if direct

connections are used instead of tunnel connections, and SSL is
enabled for local mode operations.

38

View Connection
Server

ESXi host

TCP

Local desktop check-out, check-in, and replication.

39

View Connection
Server

View Transfer Server 80

TCP

Local desktop check-out, check-in, and replication if tunnel

connections via the View Connection Server are used and SSL is
disabled for local mode operations.

40

View Connection
Server

View Transfer Server 443

TCP

Local desktop check-out, check-in, and replication if tunnel

connections via the View Connection Server are used and SSL is
enabled for local mode operations.

41

View Transfer Server *

View Connection
Server

4001

TCP

JMS traffic to support local mode.

42

View Transfer Server *

ESXi host

902

TCP

Publishing View Composer packages for local mode.

43

View Transfer Server *

Server that hosts

the Transfer Server
repository network
share

445

UDP

Configuring and publishing View Composer packages to the

Transfer Server repository network share.

44

Blast Client

22443

Connection Server/ *
Security Server

TCP

If you use VMware Horizon View HTML Access connect to View

desktops on HTTPS port 22443 to communicate with the Blast
agent.

45

Blast Client

Connection Server/ 8443

Security Server

TCP

If you use VMware Horizon View HTML Access, the external Web
client connects to a security server or connection server on HTTPS
port 8443 to communicate with View desktops.

46

Connection Server

Active Directory/
Connection Server

389

TCP

This is used for replication with the Active Directory and/or other
Connection Servers.

47

Source Connection
Server

View Agent

22443

TCP

If you use VMware Horizon View HTML Access, connection servers and security servers connect to View desktops on HTTPS port
22443 to communicate with the Blast agent.

902