Connectivity requirements
This article provides an overview of domains and common ports that are used by XenServer components and must be considered as part of the networking architecture, especially if communication traffic traverses network components such as firewalls or proxy servers where ports must be opened or domains added to an allow list to ensure communication flow.
External domains accessed by XenServer product components
Depending on your deployment and requirements, configure your firewall to enable these XenServer components to access the listed domains.
XenCenter
The XenCenter management console accesses the following domains:
Domain | Port | Direction | Details |
---|---|---|---|
updates.ops.xenserver.com |
443 | Outbound | XenCenter polls information on this site to see whether updates are available for XenCenter. For more information, see Update your XenServer hosts |
citrix.com and subdomains |
443 | Outbound | XenCenter accesses subdomains on the citrix.com domain to download hotfixes. For more information, see Update your Citrix Hypervisor hosts
|
storage.googleapis.com |
443 | Outbound | XenCenter accesses this domain to download hotfixes. For more information, see Update your Citrix Hypervisor hosts |
Windows VMs
If you have set up your Windows VMs to receive updates to the XenServer VM Tools management agent, your Windows VM accesses the following domains:
Domain | Port | Direction | Details |
---|---|---|---|
pvupdates.vmd.citrix.com |
443 | Outbound | The XenServer VM Tools for Windows poll information on this site to see whether updates are available for the management agent. |
downloadns.citrix.com.edgesuite.net |
443 | Outbound | The XenServer VM Tools for Windows download the installer files for the management agent from this location. |
If you don’t want your Windows VM to access these domains, you can redirect management agent updates to an internal web server. For more information, see Redirect the Management Agent updates.
Communication Ports used by Citrix Hypervisor
This article provides an overview of common ports that are used by Citrix Hypervisor components and must be considered as part of networking architecture, especially if communication traffic traverses network components such as firewalls or proxy servers where ports must be opened to ensure communication flow.
Not all ports need to be open, depending on your deployment and requirements.
Source | Destination | Type | Port | Details |
---|---|---|---|---|
Citrix Hypervisor | Citrix Hypervisor | TCP | 80, 443 | Intra-host communication between members of a resource pool using the management API |
UDP | 694 | High availability (non-clustering) network heartbeat | ||
Citrix License Server | TCP | 27000 | Handles initial connection for license requests | |
TCP | 7279 | Check-in/check-out of licenses | ||
NTP Service | TCP, UDP | 123 | Time Synchronization | |
DNS Service | TCP, UDP | 53 | DNS Lookups | |
Domain Controller | TCP, UDP | 389 | LDAP (for Active Directory user authentication) | |
TCP | 636 | LDAP over SSL (LDAPS) | ||
FileServer (with SMB storage) | TCP, UDP | 139 | ISOStore:NetBIOSSessionService | |
TCP, UDP | 445 | ISOStore:Microsoft-DS | ||
SAN Controller | TCP | 3260 | iSCSI Storage | |
NAS Head/File Server | TCP | 2049 | NFSv4 Storage | |
TCP, UDP | 2049 | NFSv3 Storage. TCP is the default | ||
TCP, UDP | 111 | NFSv3 Storage - connection to rpcbind | ||
TCP, UDP | Dynamic | NFSv3 Storage - a dynamic set of ports chosen by the filer | ||
Syslog | UDP | 514 | Sends data to a central location for collation | |
Clustering | TCP | 8892, 8896, 21064 | Communication between all pool members in a clustered pool | |
UDP | 5404, 5405 | |||
Workload Balancing virtual appliance | TCP | 8012 | By default, the Workload Balancing server uses 8012. However, if you specify a different port during Workload Balancing set up, ensure that communication is allowed on that port. | |
XenCenter | Citrix Hypervisor | TCP | 22 | SSH |
TCP | 443 | Management using the management API | ||
Virtual Machine | TCP | 5900 | VNC for Linux VMs | |
TCP | 3389 | RDP for Windows VMs | ||
Workload Balancing virtual appliance | Citrix Hypervisor hosts | TCP | 443 | Citrix Hypervisor hosts use port 443 for Workload Balancing to gather metric data. |
Other clients | Citrix Hypervisor | TCP | 80, 443 | Any client that uses the management API to communicate with Citrix Hypervisor servers |
Note:
To improve security, you can close TCP port 80 on the management interface of Citrix Hypervisor hosts. For more information about how to close port 80, see Restrict use of port 80.
If FQDN is used instead of IP as resource, then make sure it is resolvable.