Академический Документы
Профессиональный Документы
Культура Документы
Overview
Introduction
This document provides an overview of ports that are used by Citrix components and must be considered as part of Virtual Computing architecture, especially if communication traffic traverses network components such as firewalls or proxy servers, where ports must be opened to ensure communication flow.
References
The assignments are listed by the Internet Assigned Numbers Authority (IANA), updated regularly, and revised when new information is available and new assignments are made. The specific location of the port numbers list is available at the following Web site: http://www.iana.org/assignments/port-numbers. Microsoft Article Network Ports Used by Key Microsoft Server Products. Microsoft Article ID 832017 Service overview and network port requirements for the Windows Server system.
Page
Ports
Component Citrix License Server License Manager Daemon Citrix Vendor Daemon License Management Console Citrix Receiver ICA / HDX Session Reliability IMA Management Console Application / Desktop Request STA XenApp Offline Plug-in SMB HTTP/S Power & Capacity Management Agent Database TCP TCP TCP XenDesktop Virtualization Infrastructure Citrix XenServer Microsoft Hyper-V VMware vSphere Broker Active Directory Identity Service Configuration Service Host Service Machine Creation Service TCP TCP TCP TCP TCP TCP TCP TCP 80/443 8100 443 80/443 80 80 80 80 Communication with XenServer infrastructure SCVMM Administrator Console VMware Web Services communication Used by process BrokerService.exe for WCF communications to VDA, SDK, XML Service Used by Citrix.ADIdentity.SdkWcfEndpoint.exe Used by Citrix.Configuration.SdkWcfEndpoint.exe Used by Citrix.Host.SdkWcfEndpoint.exe Used by Citrix.MachineCreation.SdkWcfEndpoint.exe 445 80/443 11168 1433 1434 Communication with Application Hub (File Server / Share) Communication with Application Hub (Web Server / File Server / Share) Communication with Concentrator Microsoft SQL Server Microsoft SQL Server. Note: Named instance connection requires UDP 1434 TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP 27000 7279 8082 80/443 1494 2598 2512 2513 80/8080/443 80/8080/443 Handles initial point of contact for license requests (Lmadmin.exe) Check-in/check-out of Citrix licenses (Citrix.exe) Web-based administration console (Lmadmin.exe) Communication with Merchandising Server Access to applications and virtual desktops Access to applications and virtual desktops Independent Management Architecture (IMA) Citrix Management Consoles XML Service Secure Ticketing Authority (embedded into XML Service) Type Port Details
Page
Component Machine Identity Service License Configuration Service Desktop Director Virtual Desktop Agent 5
Port 80 80 80/443 80 135 3389 16500 16509 80 5985 8080 80 1433 1434
Details Used by Citrix.MachineIdentity.SdkWcfEndpoint.exe Used by Citrix.LicensingConfig.SdkWcfEndpoint.exe Communication between Desktop Delivery Controller and Virtual Desktop Agent Communication between Desktop Director and Virtual Desktop Agent for Remote Assistance Used port range for HDX Audio Communication between Desktop Director and Virtual Desktop Agent for WinRM 1.1 Communication between Desktop Director and Virtual Desktop Agent for WinRM 2.0 Communication between Desktop Delivery Controller and Virtual Desktop Agent Used by process WorkstationAgent.exe for communicating with Broker Microsoft SQL Server Microsoft SQL Server. Note: Named instance connection requires UDP 1434 SSH Management using XenAPI VNC for Linux Guests RDP for Windows Guests SSH Management using XenAPI NTP DNS Active Directory ISO Store: NetBIOS Session Service ISO Store: Microsoft-DS iSCSI Storage NFS Storage SOAP over HTTP StorageLink Gateway traffic End device communication with Lab Manager Server User interface RDP for Windows Guests
XenServer XenCenter TCP TCP TCP TCP Resource Pool Infrastructure TCP TCP TCP/UDP TCP/UDP TCP TCP/UDP TCP/UDP Storage TCP TCP TCP Lab Manager End-Device to Lab Manager Server User Interface End-Device to Virtual TCP TCP 8443 3389 22 443 5900 3389 22 443 123 53 389 139 445 3260 2049 21605
Page
Port 5900 5900 5999 2179 35110 35112 8443 389 636 9443 3389 5900 5900 5999 2179 35110 35112 9443 389 636 21605 1433
Details VNC for Linux Guests Connections for XenServer Connections for Microsoft Hyper-V Server Discovery ports for VMAgent Secure (HTTPS) Server Discovery ports for VMAgent LDAP LDAP over SSL (LDAPS) End device communication with StageManager Server User interface RDP for Windows Guests VNC for Linux Guests Connections for XenServer Connections for Microsoft Hyper-V Server Discovery ports for VMAgent/GuestAgent Secure (HTTPS) Server Discovery ports for VMAgent/GuestAgent LDAP LDAP over SSL (LDAPS) Communication of StorageLink Manager to StorageLink Service Microsoft SQL Server
Lab Manager Server to Active Directory StageManager End-Device to StageManager Server User Interface End-Device to Virtual Machines End-Device to Virtualization Host VMAgent to StageManager Server
StageManager Server to Active Directory StorageLink StorageLink Service Database Administration SSH HTTP/S Java Authentication LDAP
NetScaler / Access Gateway Enterprise Edition TCP TCP TCP TCP TCP/UDP TCP/UDP TCP RADIUS DNS TCP/UDP TCP/UDP 22 80/443 3008 3010 389 636 3268 1812 53 CLI Administration (encrypted) GUI Administration GUI Administration (encrypted ) GUI (no encryption) LDAP connection LDAP SSL connection LDAP connection to Global Catalog RADIUS connection DNS name resolution
Page
Details Exchange of Hello packets for communicating UP/DOWN status (heartbeat) Secure High Availability configuration synchronization Secure command propagation and MEP High Availability configuration synchronization plus web-logging and audit server logging Command propagation and MEP For opening TCP communication between client and the server
Command Center
TCP TCP
Ports are used to refresh, update, and query objects pertaining to Discovery (Maps/Devices, etc.)/Fault Management/Administration/ Configuration Management modules Used specifically by Configuration Management TCP 9094 module while executing/scheduling tasks Used when you execute the Invoke NSCLI option. TCP 1099/6010 Under Device, right click under Map Between Command Center Server and NetScaler. The ping is the SNMP ping. Connect SSH/SFTP to the NetScaler device from TCP 22 Command Center Server SNMP Polling to NetScalers and TRAPs from UDP 161/162 NetScaler to Command Center Note: If you use an HTML client, then only 8443 port needs to be open between client and Command Center server. Citrix recommends using an HTML client as much as possible. IPSec Encapsulating Security Protocol (ESP) traffic Cloud Bridge TCP 50 TCP UDP Access Gateway 5.0 Client Connections Citrix Access Controller Administration Appliance Controller Authentication LDAP RADIUS DNS Appliance Failover TCP TCP/UDP TCP/UDP TCP 389 1812 53 694 LDAP connection RADIUS connection DNS name resolution Communication between Access Gateway appliances TCP TCP 443 2513 Administration Website IMA-based communication TCP TCP 443 80/443/9002 TCP Port used for connecting to an Access Gateway Deployment Communication between Access Gateway and Access Control Server 51 500 IPSec Authentication Header (AH) traffic Internet Key Exchange (IKE/ISAKMP) negotiation
Page
Details TCP Port used for connecting to an Access Gateway Deployment Communication between Access Gateway Standard and Advanced Access Control Server Administration Website Administrative Desktop (until 4.5) AAC IMA-based communication LDAP connection RADIUS connection DNS name resolution
AAC Authentication LDAP RADIUS DNS Branch Repeater Administration Appliance to Appliance Client to Appliance EdgeSight Agent
80/443 3389 N/A 443 80/443 9036 9035 1433 8443 5060 443 389 N/A 443
Citrix Repeater Console RDP connection to server console (Windows) Pass through of native application ports Client to Appliance communication Communication with EdgeSight Server for payloads and alerts EdgeSight Agent internal communication (clientside database) Communication with RSCorSvc on EdgeSight Agent Microsoft SQL Server PSync
Web Console Database EasyCall EasyCall Client EasyCall Gateway Admin Console LDAP PBX Password Manager Password Manager Service Credential Store on Network File Share
EasyCall Gateway communicates with the SIP trunk over port 5060
Administration of EasyCall Active Directory/LDAP The PBX port depends on the vendor and varies. Communication with Management Console and Password Manager Agent (non-IMA) CIFS NetBIOS
TCP/UDP TCP/UDP
Page
Port 389 636 3268 3269 524 Broadcast 67 68 69 54321 54322 389 1433 6901 6910 6930 6905 - 6909 6910 10802 10803 80/443 1433
Details LDAP connection LDAP SSL connection LDAP connection to Global Catalog LDAP SSL connection to Global Catalog ZENworks communication Target devices PXE booting from network DHCP Option for TFTP Server Name (Bootstrap Protocol Server) DHCP Option for Bootfile Name (Bootstrap Protocol Client) Trivial File Transfer SOAP Service Communication with Active Directory services Microsoft SQL Server Default port for Target Devices. Provisioning services Streaming Service Inter-server communication Target Device logon at Provisioning services Target Device communication with its Write Cache
TFTP Console Active Directory Database Target Devices Streaming Services Server Communication Boot Login Write Cache SmartAuditor Components (Agent / Player) Database Microsoft Message Queuing (MSMQ)
TCP/UDP TCP
SmartAuditor components connecting to SmartAuditor Broker Microsoft SQL Server Provides reliable transport of data from SmartAuditor Agent to SmartAuditor Server using an MSMQ private message queue named CitrixSmAudData
MSMQ MSMQ-DCs MSMQ-RPC MSMQ-RPC MSMQ-Mgmt MSMQ-Ping RPC Secured connections Connection to remote runtime
TCP TCP
Page
Details Microsoft SQL Server Contacting GoToMeeting service broker using the Endpoint Gateway (EGW)
Page
Revision
1.0
Change Description
Initial document
Updated By
Michael Palesch Thomas Berger Tarkan Koolu John Scoles John Scoles Tarkan Koolu John Scoles Tarkan Koolu John Scoles Steve Weizman
Date
August 28, 2009
Update Update Update Added 1434 to XenApp and XenDesktop Updates to URLs, XenDesktop, and NetScaler sections Changed VDA 5 HDX port type to UDP Changed Pwr Cap Mgmt port, added Command Center
June, 2010 November, 2010 November, 2010 November, 2010 July, 2011 September, 2011 October, 2011
Page 10