XenServer

Connectivity requirements

August 15, 2024

Contributed by:

This article provides an overview of domains and common ports that are used by XenServer components and must be considered as part of the networking architecture, especially if communication traffic traverses network components such as firewalls or proxy servers where ports must be opened or domains added to an allow list to ensure communication flow.

External domains accessed by XenServer product components

Depending on your deployment and requirements, configure your firewall to enable these XenServer components to access the listed domains.

XenServer hosts

Your XenServer hosts access the following domains:

Domain	Port	Direction	Details
`repo.ops.xenserver.com`	443	Outbound	The XenServer pool coordinator downloads available updates for XenServer 8 from this location. For more information, see Updates.
`repo-src.ops.xenserver.com`	443	Outbound	The XenServer pool coordinator downloads the source files for XenServer 8 updates from this location. For more information, see Updates.
`telemetry.ops.xenserver.com`	443	Outbound	The XenServer pool coordinator gathers telemetry data and uploads it regularly to this location. For more information, see Telemetry.

When configuring your XenServer pools to receive updates, you can configure a proxy server for the pool coordinator to use to download the updates. For more information, see Configure updates for your pool.

XenCenter

The XenCenter management console accesses the following domains:

Domain	Port	Direction	Details
`updates.ops.xenserver.com`	443	Outbound	XenCenter polls information on this site to see whether updates are available for XenCenter and for XenServer 8 hosts. For more information, see Update your XenServer hosts
`citrix.com` and subdomains	443	Outbound	If you use XenCenter to administer Citrix Hypervisor 8.2 Cumulative Update 1 hosts and pool, XenCenter accesses subdomains on the `citrix.com` domain to download hotfixes. For more information, see Update your Citrix Hypervisor hosts
`storage.googleapis.com`	443	Outbound	If you use XenCenter to administer Citrix Hypervisor 8.2 Cumulative Update 1 hosts and pool, XenCenter accesses this domain to download hotfixes. For more information, see Update your Citrix Hypervisor hosts

You can configure a proxy server that XenCenter goes through to check for and download updates. For more information, see Proxy server.

Windows VMs

If you have set up your Windows VMs to receive updates to the XenServer VM Tools management agent, your Windows VM accesses the following domains:

Domain	Port	Direction	Details
`pvupdates.vmd.citrix.com`	443	Outbound	The XenServer VM Tools for Windows poll information on this site to see whether updates are available for the management agent.
`downloadns.citrix.com.edgesuite.net`	443	Outbound	The XenServer VM Tools for Windows download the installer files for the management agent from this location.

If you don’t want your Windows VM to access these domains, you can redirect management agent updates to an internal web server. For more information, see Redirect the Management Agent updates.

Communication ports used by XenServer product components

The ports listed in the following table are the common ports that are used by XenServer components. Not all ports need to be open, depending on your deployment and requirements.

Source	Destination	Type	Port	Details
XenServer hosts	XenServer hosts	TCP	80, 443	Intra-host communication between members of a resource pool using the management API
	Citrix License Server	TCP	27000	Handles initial connection for license requests
		TCP	7279	Check-in/check-out of licenses
	NTP Service	TCP, UDP	123	Time Synchronization
	DNS Service	TCP, UDP	53	DNS Lookups
	Domain Controller	TCP, UDP	389	LDAP (for Active Directory user authentication)
		TCP	636	LDAP over SSL (LDAPS)
	FileServer (with SMB storage)	TCP, UDP	139	ISOStore:NetBIOSSessionService
		TCP, UDP	445	ISOStore:Microsoft-DS
	SAN Controller	TCP	3260	iSCSI Storage
	NAS Head/File Server	TCP	2049	NFSv4 Storage
		TCP, UDP	2049	NFSv3 Storage. TCP is the default
		TCP, UDP	111	NFSv3 Storage - connection to rpcbind
		TCP, UDP	Dynamic	NFSv3 Storage - a dynamic set of ports chosen by the filer
	Syslog	UDP	514	Sends data to a central location for collation
	Clustering	TCP	8892, 8896, 21064	Communication between all pool members in a clustered pool
		UDP	5404, 5405
	Workload Balancing virtual appliance	TCP	8012	By default, the Workload Balancing server uses 8012. However, if you specify a different port during Workload Balancing set up, ensure that communication is allowed on that port.
XenCenter	XenServer hosts	TCP	22	SSH
		TCP	443	Management using the management API
	Virtual Machine	TCP	5900	VNC for Linux VMs
		TCP	3389	RDP for Windows VMs
Workload Balancing virtual appliance	XenServer hosts	TCP	443	XenServer hosts use port 443 for Workload Balancing to gather metric data.
Other clients	XenServer hosts	TCP	80, 443	Any client that uses the management API to communicate with XenServer hosts

XenServer interoperates with various Citrix products. For more information about the ports these products use, see Communication ports used by Citrix.

Note:

To improve security, you can close TCP port 80 on the management interface of XenServer hosts. For more information about how to close port 80, see Restrict use of port 80.

If FQDN is used instead of IP as a resource, then make sure it is resolvable.

Active Directory integration

If you use Active Directory in your environment, ensure that the following firewall ports are open for outbound traffic for XenServer to access the domain controllers.

Port	Protocol	Use
53	UDP/TCP	DNS
88	UDP/TCP	Kerberos 5
123	UDP	NTP
137	UDP	NetBIOS Name Service
139	TCP	NetBIOS Session (SMB)
389	UDP/TCP	LDAP
445	TCP	SMB over TCP
464	UDP/TCP	Machine password changes
636	UDP/TCP	LDAP over SSL
3268	TCP	Global Catalog Search

For more information, see Active Directory integration

Citrix Provisioning Services

If you use Citrix Provisioning Services in your environment, ensure that the following firewall ports can be accessed:

Port	Protocol	Use
6901, 6902, 6905	UDP	Provisioning server outbound communication (packets destined for the target device)
6910	UDP	Target device logon with Citrix Provisioning Services
6901	UDP	Configurable target device port. The default port is 6901.
6910–6930	UDP	Configurable server port range. The default range is 6910–6930.

For more information, see Citrix Provisioning Services and Communication ports used by Citrix.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Connectivity requirements

August 15, 2024

Contributed by:

August 15, 2024

Contributed by:

Connectivity requirements

External domains accessed by XenServer product components

XenServer hosts

XenCenter

Windows VMs

Communication ports used by XenServer product components

Active Directory integration

Citrix Provisioning Services

In this article