The VMWare vSphere client, used to control and manage VMWare ESXi servers and vCloud clusters, uses the following ports to connect to the vSphere server:
- Port 443: Main communication between the client and the server
- Port 902: Display of the remote Virtual Machine console (remote video, keyboard & mouse)
- Port 903: Remote control of the the Virtual Machine console
This is the minimum amount of ports you need open to get reasonable access to the vSphere client.
These following ports are optional:
- Port 80: Web access to vSphere, including client install download
- Port 9443: Web Client (if installed)
An example of a remote access method is tunnelling into your vSphere server via SSH. You could also open up these ports to a different network. Due to the security risks, I advice you to not open these ports up to the public internet. Sure, a lot of it’s encrypted but do you really want to take that risk when there’s better alternatives?
A full listing of ALL ports used by vSphere and other related services are on the VMWare Knowledge Base website.