Home > tips, vdi, virtualization > Modifying VMware View Network Ports

Modifying VMware View Network Ports

July 29th, 2010 Andre Leibovici Leave a comment Go to comments

In some circumstances where firewalls devices are blocking VMware View traffic, or when other network service is already making use of the VMware View default network ports you may be required to change the ports in use. Another reason for a View port change would be when an organisation have standard procedures to change default application’s port for security reasons.

Before starting, a quick note – Teradici has registered port 4172 with IANA and this is the official PCoIP port moving forward. So, from 50002 to 4172 (both TCP/UDP).

Modifying PCoIP Ports

PCoIP ports can be changed using the PCOIP.ADM templates provided with VMware View Connection Server or via a registry change at GuestOS level. If you need more information  please refer to View Administrator Guide.

Please note that ADM templates are technically not officially supported by VMware.

Modifying View Connection and Security Server Ports

VMware View 4.0 and 4.0.1 run on Apache Tomcat/6.0.20 and the default HTTP/HTTPS ports configured are as per default 80/443.

The HTTP/HTTPS listener is part of the sslgateway component, which also supports SSL tunnelling. To configure the listening port, create or edit the file %programfiles%\vmware\vmware view\server\sslgateway\conf\locked.properties

The “locked.properties” file needs to be created or copied to each connection or security server in your organisation. The contents of the file should reflect the following:
clientProtocol=https
clientHost=fqdn
clientPort=443
serverPort=80
serverProtocol=http

  • clientProtocol=https—Indicates that the client will use HTTPS.
  • clientHost=view-ext.ese.com—Indicates that the client will connect on the tunnel phase (second phase) to the DNS name that resolves to server.
  • clientPort=443—Indicates the port the client will use to connect. This entry seems redundant because the clientProtocol field is already there, but the VMware documentation states that if this entry is not defined, the client will use whatever is defined in the serverProtocol field, which will be 80.
  • serverPort=80—Indicates the port that will be used to connect to the Connection Server.
  • serverProtocol=http—This entry is not needed because HTTP is the default, but is included here for clarity.

Add or edit “serverPort=xx”, where xx is the port number you’d like to use.

You will need to stop and restart the View Connection Server service (or reboot) in order to switch the listening port. And don’t forget to change any firewall rules appropriately.

Next you should look in the debug log for a line like this: “Server listening port: xx”, where xx is the currently configured listening port. Finally if you want HTTP address to be automatically redirected to HTTPS you need to add “httpRedirectURL=https://server:8181″ in the same file.

Modifying View Connection Ephemeral Ports

An ephemeral port is a short?lived endpoint that is created by the operating system when a program requests any available user port. The operating system selects the port number from a predefined range, typically between 1024 and 65535, and releases the port after the related TCP connection terminates.

You might want to increase the number of ephemeral ports if your View Manager deployment is likely to use more than 800 concurrent client connections; another reason to modify ephemeral ports would be to change the range restriction for a multi-site distributed environments where firewalls rules would have to be applied or revoked.

By default, you can create a maximum of approximately 4,000 ephemeral ports that run
concurrently on Windows Server 2003 but the VMware View Admin Guide 4.0 covers the subject in more detail and provides a formula to calculate the number of ephemeral ports.

To modify ephemeral ports you must open the registry and change on each of the VMware Connection or Security servers available in your environment.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value Name: MaxUserPort
Value Type: DWORD
Value data: 1024 + <calculated number of ephemeral ports>
Valid Range: 5000-65534 (decimal)

Similar Posts:

  • Share/Bookmark
Categories: tips, vdi, virtualization
  1. No comments yet.
  1. No trackbacks yet.
Get Adobe Flash playerPlugin by wpburn.com wordpress themes