Citrix Hypervisor

Connectivity requirements

This article provides an overview of domains and common ports that are used by XenServer components and must be considered as part of the networking architecture, especially if communication traffic traverses network components such as firewalls or proxy servers where ports must be opened or domains added to an allow list to ensure communication flow.

External domains accessed by XenServer product components

Depending on your deployment and requirements, configure your firewall to enable these XenServer components to access the listed domains.

XenCenter

The XenCenter management console accesses the following domains:

Domain Port Direction Details
updates.ops.xenserver.com 443 Outbound XenCenter polls information on this site to see whether updates are available for XenCenter. For more information, see Update your XenServer hosts
citrix.com and subdomains 443 Outbound XenCenter accesses subdomains on the citrix.com domain to download hotfixes. For more information, see Update your Citrix Hypervisor hosts
storage.googleapis.com 443 Outbound XenCenter accesses this domain to download hotfixes. For more information, see Update your Citrix Hypervisor hosts

Windows VMs

If you have set up your Windows VMs to receive updates to the XenServer VM Tools management agent, your Windows VM accesses the following domains:

Domain Port Direction Details
pvupdates.vmd.citrix.com 443 Outbound The XenServer VM Tools for Windows poll information on this site to see whether updates are available for the management agent.
downloadns.citrix.com.edgesuite.net 443 Outbound The XenServer VM Tools for Windows download the installer files for the management agent from this location.

If you don’t want your Windows VM to access these domains, you can redirect management agent updates to an internal web server. For more information, see Redirect the Management Agent updates.

Communication Ports used by Citrix Hypervisor

This article provides an overview of common ports that are used by Citrix Hypervisor components and must be considered as part of networking architecture, especially if communication traffic traverses network components such as firewalls or proxy servers where ports must be opened to ensure communication flow.

Not all ports need to be open, depending on your deployment and requirements.

Source Destination Type Port Details
Citrix Hypervisor Citrix Hypervisor TCP 80, 443 Intra-host communication between members of a resource pool using the management API
    UDP 694 High availability (non-clustering) network heartbeat
  Citrix License Server TCP 27000 Handles initial connection for license requests
    TCP 7279 Check-in/check-out of licenses
  NTP Service TCP, UDP 123 Time Synchronization
  DNS Service TCP, UDP 53 DNS Lookups
  Domain Controller TCP, UDP 389 LDAP (for Active Directory user authentication)
    TCP 636 LDAP over SSL (LDAPS)
  FileServer (with SMB storage) TCP, UDP 139 ISOStore:NetBIOSSessionService
    TCP, UDP 445 ISOStore:Microsoft-DS
  SAN Controller TCP 3260 iSCSI Storage
  NAS Head/File Server TCP 2049 NFSv4 Storage
    TCP, UDP 2049 NFSv3 Storage. TCP is the default
    TCP, UDP 111 NFSv3 Storage - connection to rpcbind
    TCP, UDP Dynamic NFSv3 Storage - a dynamic set of ports chosen by the filer
  Syslog UDP 514 Sends data to a central location for collation
  Clustering TCP 8892, 8896, 21064 Communication between all pool members in a clustered pool
    UDP 5404, 5405  
  Workload Balancing virtual appliance TCP 8012 By default, the Workload Balancing server uses 8012. However, if you specify a different port during Workload Balancing set up, ensure that communication is allowed on that port.
XenCenter Citrix Hypervisor TCP 22 SSH
    TCP 443 Management using the management API
  Virtual Machine TCP 5900 VNC for Linux VMs
    TCP 3389 RDP for Windows VMs
Workload Balancing virtual appliance Citrix Hypervisor hosts TCP 443 Citrix Hypervisor hosts use port 443 for Workload Balancing to gather metric data.
Other clients Citrix Hypervisor TCP 80, 443 Any client that uses the management API to communicate with Citrix Hypervisor servers

Note:

  • To improve security, you can close TCP port 80 on the management interface of Citrix Hypervisor hosts. For more information about how to close port 80, see Restrict use of port 80.

  • If FQDN is used instead of IP as resource, then make sure it is resolvable.

Additional port information

Connectivity requirements