Communication ports used by Citrix Technologies

November, 2011 Version 1.7

Overview
Introduction
This document provides an overview of ports that are used by Citrix components and must be considered as part of Virtual Computing architecture, especially if communication traffic traverses network components such as firewalls or proxy servers, where ports must be opened to ensure communication flow.

References
The assignments are listed by the Internet Assigned Numbers Authority (IANA), updated regularly, and revised when new information is available and new assignments are made. The specific location of the port numbers list is available at the following Web site: http://www.iana.org/assignments/port-numbers. Microsoft Article Network Ports Used by Key Microsoft Server Products. Microsoft Article ID 832017 Service overview and network port requirements for the Windows Server system.

Page

Ports
Component Citrix License Server License Manager Daemon Citrix Vendor Daemon License Management Console Citrix Receiver ICA / HDX Session Reliability IMA Management Console Application / Desktop Request STA XenApp Offline Plug-in SMB HTTP/S Power & Capacity Management Agent Database TCP TCP TCP XenDesktop Virtualization Infrastructure Citrix XenServer Microsoft Hyper-V VMware vSphere Broker Active Directory Identity Service Configuration Service Host Service Machine Creation Service TCP TCP TCP TCP TCP TCP TCP TCP 80/443 8100 443 80/443 80 80 80 80 Communication with XenServer infrastructure SCVMM Administrator Console VMware Web Services communication Used by process BrokerService.exe for WCF communications to VDA, SDK, XML Service Used by Citrix.ADIdentity.SdkWcfEndpoint.exe Used by Citrix.Configuration.SdkWcfEndpoint.exe Used by Citrix.Host.SdkWcfEndpoint.exe Used by Citrix.MachineCreation.SdkWcfEndpoint.exe 445 80/443 11168 1433 1434 Communication with Application Hub (File Server / Share) Communication with Application Hub (Web Server / File Server / Share) Communication with Concentrator Microsoft SQL Server Microsoft SQL Server. Note: Named instance connection requires UDP 1434 TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP 27000 7279 8082 80/443 1494 2598 2512 2513 80/8080/443 80/8080/443 Handles initial point of contact for license requests (Lmadmin.exe) Check-in/check-out of Citrix licenses (Citrix.exe) Web-based administration console (Lmadmin.exe) Communication with Merchandising Server Access to applications and virtual desktops Access to applications and virtual desktops Independent Management Architecture (IMA) Citrix Management Consoles XML Service Secure Ticketing Authority (embedded into XML Service) Type Port Details

Common Citrix Communication Ports

Page

Component Machine Identity Service License Configuration Service Desktop Director Virtual Desktop Agent 5

Type TCP TCP TCP TCP TCP UDP TCP TCP

Port 80 80 80/443 80 135 3389 16500 16509 80 5985 8080 80 1433 1434

Details Used by Citrix.MachineIdentity.SdkWcfEndpoint.exe Used by Citrix.LicensingConfig.SdkWcfEndpoint.exe Communication between Desktop Delivery Controller and Virtual Desktop Agent Communication between Desktop Director and Virtual Desktop Agent for Remote Assistance Used port range for HDX Audio Communication between Desktop Director and Virtual Desktop Agent for WinRM 1.1 Communication between Desktop Director and Virtual Desktop Agent for WinRM 2.0 Communication between Desktop Delivery Controller and Virtual Desktop Agent Used by process WorkstationAgent.exe for communicating with Broker Microsoft SQL Server Microsoft SQL Server. Note: Named instance connection requires UDP 1434 SSH Management using XenAPI VNC for Linux Guests RDP for Windows Guests SSH Management using XenAPI NTP DNS Active Directory ISO Store: NetBIOS Session Service ISO Store: Microsoft-DS iSCSI Storage NFS Storage SOAP over HTTP StorageLink Gateway traffic End device communication with Lab Manager Server User interface RDP for Windows Guests

Virtual Desktop Agent (previous versions) Citrix Desktop Service Database

TCP TCP TCP TCP

XenServer XenCenter TCP TCP TCP TCP Resource Pool Infrastructure TCP TCP TCP/UDP TCP/UDP TCP TCP/UDP TCP/UDP Storage TCP TCP TCP Lab Manager End-Device to Lab Manager Server User Interface End-Device to Virtual TCP TCP 8443 3389 22 443 5900 3389 22 443 123 53 389 139 445 3260 2049 21605

Page

Component Machines End-Device to Virtualization Host VMAgent to Lab Manager Server

Type TCP TCP TCP TCP/UDP TCP

Port 5900 5900 5999 2179 35110 35112 8443 389 636 9443 3389 5900 5900 5999 2179 35110 35112 9443 389 636 21605 1433

Details VNC for Linux Guests Connections for XenServer Connections for Microsoft Hyper-V Server Discovery ports for VMAgent Secure (HTTPS) Server Discovery ports for VMAgent LDAP LDAP over SSL (LDAPS) End device communication with StageManager Server User interface RDP for Windows Guests VNC for Linux Guests Connections for XenServer Connections for Microsoft Hyper-V Server Discovery ports for VMAgent/GuestAgent Secure (HTTPS) Server Discovery ports for VMAgent/GuestAgent LDAP LDAP over SSL (LDAPS) Communication of StorageLink Manager to StorageLink Service Microsoft SQL Server

Lab Manager Server to Active Directory StageManager End-Device to StageManager Server User Interface End-Device to Virtual Machines End-Device to Virtualization Host VMAgent to StageManager Server

TCP TCP TCP TCP TCP TCP TCP TCP/UDP TCP

StageManager Server to Active Directory StorageLink StorageLink Service Database Administration SSH HTTP/S Java Authentication LDAP

TCP TCP TCP TCP

NetScaler / Access Gateway Enterprise Edition TCP TCP TCP TCP TCP/UDP TCP/UDP TCP RADIUS DNS TCP/UDP TCP/UDP 22 80/443 3008 3010 389 636 3268 1812 53 CLI Administration (encrypted) GUI Administration GUI Administration (encrypted ) GUI (no encryption) LDAP connection LDAP SSL connection LDAP connection to Global Catalog RADIUS connection DNS name resolution

Page

Component High Availability

Type UDP TCP TCP TCP TCP

Port 3003 3008 3009 3010 3011 9091/9092/ 9094 9091/9092

Details Exchange of Hello packets for communicating UP/DOWN status (heartbeat) Secure High Availability configuration synchronization Secure command propagation and MEP High Availability configuration synchronization plus web-logging and audit server logging Command propagation and MEP For opening TCP communication between client and the server

Command Center

TCP TCP

Ports are used to refresh, update, and query objects pertaining to Discovery (Maps/Devices, etc.)/Fault Management/Administration/ Configuration Management modules Used specifically by Configuration Management TCP 9094 module while executing/scheduling tasks Used when you execute the Invoke NSCLI option. TCP 1099/6010 Under Device, right click under Map Between Command Center Server and NetScaler. The ping is the SNMP ping. Connect SSH/SFTP to the NetScaler device from TCP 22 Command Center Server SNMP Polling to NetScalers and TRAPs from UDP 161/162 NetScaler to Command Center Note: If you use an HTML client, then only 8443 port needs to be open between client and Command Center server. Citrix recommends using an HTML client as much as possible. IPSec Encapsulating Security Protocol (ESP) traffic Cloud Bridge TCP 50 TCP UDP Access Gateway 5.0 Client Connections Citrix Access Controller Administration Appliance Controller Authentication LDAP RADIUS DNS Appliance Failover TCP TCP/UDP TCP/UDP TCP 389 1812 53 694 LDAP connection RADIUS connection DNS name resolution Communication between Access Gateway appliances TCP TCP 443 2513 Administration Website IMA-based communication TCP TCP 443 80/443/9002 TCP Port used for connecting to an Access Gateway Deployment Communication between Access Gateway and Access Control Server 51 500 IPSec Authentication Header (AH) traffic Internet Key Exchange (IKE/ISAKMP) negotiation

Previous versions of Access Gateway Standard / Advanced Edition

Page

Component Client Connections Advanced Access Control (AAC) Administration Appliance

Type TCP TCP

Port 443 80/443

Details TCP Port used for connecting to an Access Gateway Deployment Communication between Access Gateway Standard and Advanced Access Control Server Administration Website Administrative Desktop (until 4.5) AAC IMA-based communication LDAP connection RADIUS connection DNS name resolution

TCP TCP TCP

9001 9002 9005 2513 389 1812 53

AAC Authentication LDAP RADIUS DNS Branch Repeater Administration Appliance to Appliance Client to Appliance EdgeSight Agent

TCP TCP TCP/UDP TCP/UDP

TCP TCP TCP TCP TCP TCP

80/443 3389 N/A 443 80/443 9036 9035 1433 8443 5060 443 389 N/A 443

Citrix Repeater Console RDP connection to server console (Windows) Pass through of native application ports Client to Appliance communication Communication with EdgeSight Server for payloads and alerts EdgeSight Agent internal communication (clientside database) Communication with RSCorSvc on EdgeSight Agent Microsoft SQL Server PSync

Web Console Database EasyCall EasyCall Client EasyCall Gateway Admin Console LDAP PBX Password Manager Password Manager Service Credential Store on Network File Share

TCP TCP TCP TCP TCP TCP TCP TCP

EasyCall Gateway communicates with the SIP trunk over port 5060
Administration of EasyCall Active Directory/LDAP The PBX port depends on the vendor and varies. Communication with Management Console and Password Manager Agent (non-IMA) CIFS NetBIOS

TCP/UDP TCP/UDP

445 135 - 139

Page

Component Active Directory

Type TCP/UDP TCP/UDP TCP TCP

Port 389 636 3268 3269 524 Broadcast 67 68 69 54321 54322 389 1433 6901 6910 6930 6905 - 6909 6910 10802 10803 80/443 1433

Details LDAP connection LDAP SSL connection LDAP connection to Global Catalog LDAP SSL connection to Global Catalog ZENworks communication Target devices PXE booting from network DHCP Option for TFTP Server Name (Bootstrap Protocol Server) DHCP Option for Bootfile Name (Bootstrap Protocol Client) Trivial File Transfer SOAP Service Communication with Active Directory services Microsoft SQL Server Default port for Target Devices. Provisioning services Streaming Service Inter-server communication Target Device logon at Provisioning services Target Device communication with its Write Cache

Novell File Share Provisioning services PXE DHCP

TCP/UDP UDP UDP

TFTP Console Active Directory Database Target Devices Streaming Services Server Communication Boot Login Write Cache SmartAuditor Components (Agent / Player) Database Microsoft Message Queuing (MSMQ)

UDP TCP TCP TCP UDP UDP UDP UDP UDP

TCP/UDP TCP

SmartAuditor components connecting to SmartAuditor Broker Microsoft SQL Server Provides reliable transport of data from SmartAuditor Agent to SmartAuditor Server using an MSMQ private message queue named CitrixSmAudData

MSMQ Service (default)

TCP/UDP TCP TCP TCP TCP UDP TCP

1801 2101 2103 2105 2107 3527 135 80/443 8010

MSMQ MSMQ-DCs MSMQ-RPC MSMQ-RPC MSMQ-Mgmt MSMQ-Ping RPC Secured connections Connection to remote runtime

MSMQ Service HTTP/S Workflow Studio Console

TCP TCP

Page

Component Database Citrix Online Products GoToMeeting GoToWebinar GoToMyPC GoToAssist

Type TCP TCP

Port 1433 80/443/8200

Details Microsoft SQL Server Contacting GoToMeeting service broker using the Endpoint Gateway (EGW)

Page

Revision
1.0

Change Description
Initial document

Updated By
Michael Palesch Thomas Berger Tarkan Koolu John Scoles John Scoles Tarkan Koolu John Scoles Tarkan Koolu John Scoles Steve Weizman

Date
August 28, 2009

1.1 1.2 1.3 1.4 1.5 1.6 1.7

Update Update Update Added 1434 to XenApp and XenDesktop Updates to URLs, XenDesktop, and NetScaler sections Changed VDA 5 HDX port type to UDP Changed Pwr Cap Mgmt port, added Command Center

June, 2010 November, 2010 November, 2010 November, 2010 July, 2011 September, 2011 October, 2011

Page 10