XenServer

Connectivity requirements

This article provides an overview of domains and common ports that are used by XenServer components and must be considered as part of the networking architecture, especially if communication traffic traverses network components such as firewalls or proxy servers where ports must be opened or domains added to an allow list to ensure communication flow.

External domains accessed by XenServer product components

Depending on your deployment and requirements, configure your firewall to enable these XenServer components to access the listed domains.

XenServer hosts

Your XenServer hosts access the following domains:

Domain Port Direction Details
repo.ops.xenserver.com 443 Outbound The XenServer pool coordinator downloads available updates for XenServer 8 from this location. For more information, see Updates.
repo-src.ops.xenserver.com 443 Outbound The XenServer pool coordinator downloads the source files for XenServer 8 updates from this location. For more information, see Updates.
telemetry.ops.xenserver.com 443 Outbound The XenServer pool coordinator gathers telemetry data and uploads it regularly to this location. For more information, see Telemetry.

When configuring your XenServer pools to receive updates, you can configure a proxy server for the pool coordinator to use to download the updates. For more information, see Configure updates for your pool.

XenCenter

The XenCenter management console accesses the following domains:

Domain Port Direction Details
updates.ops.xenserver.com 443 Outbound XenCenter polls information on this site to see whether updates are available for XenCenter and for XenServer 8 hosts. For more information, see Update your XenServer hosts
citrix.com and subdomains 443 Outbound If you use XenCenter to administer Citrix Hypervisor 8.2 Cumulative Update 1 hosts and pool, XenCenter accesses subdomains on the citrix.com domain to download hotfixes. For more information, see Update your Citrix Hypervisor hosts
storage.googleapis.com 443 Outbound If you use XenCenter to administer Citrix Hypervisor 8.2 Cumulative Update 1 hosts and pool, XenCenter accesses this domain to download hotfixes. For more information, see Update your Citrix Hypervisor hosts

You can configure a proxy server that XenCenter goes through to check for and download updates. For more information, see Proxy server.

Windows VMs

If you have set up your Windows VMs to receive updates to the XenServer VM Tools management agent, your Windows VM accesses the following domains:

Domain Port Direction Details
pvupdates.vmd.citrix.com 443 Outbound The XenServer VM Tools for Windows poll information on this site to see whether updates are available for the management agent.
downloadns.citrix.com.edgesuite.net 443 Outbound The XenServer VM Tools for Windows download the installer files for the management agent from this location.

If you don’t want your Windows VM to access these domains, you can redirect management agent updates to an internal web server. For more information, see Redirect the Management Agent updates.

Communication ports used by XenServer product components

The ports listed in the following table are the common ports that are used by XenServer components. Not all ports need to be open, depending on your deployment and requirements.

Source Destination Type Port Details
XenServer hosts XenServer hosts TCP 80, 443 Intra-host communication between members of a resource pool using the management API
    UDP 694 High availability (non-clustering) network heartbeat
  Citrix License Server TCP 27000 Handles initial connection for license requests
    TCP 7279 Check-in/check-out of licenses
  NTP Service TCP, UDP 123 Time Synchronization
  DNS Service TCP, UDP 53 DNS Lookups
  Domain Controller TCP, UDP 389 LDAP (for Active Directory user authentication)
    TCP 636 LDAP over SSL (LDAPS)
  FileServer (with SMB storage) TCP, UDP 139 ISOStore:NetBIOSSessionService
    TCP, UDP 445 ISOStore:Microsoft-DS
  SAN Controller TCP 3260 iSCSI Storage
  NAS Head/File Server TCP 2049 NFSv4 Storage
    TCP, UDP 2049 NFSv3 Storage. TCP is the default
    TCP, UDP 111 NFSv3 Storage - connection to rpcbind
    TCP, UDP Dynamic NFSv3 Storage - a dynamic set of ports chosen by the filer
  Syslog UDP 514 Sends data to a central location for collation
  Clustering TCP 8892, 8896, 21064 Communication between all pool members in a clustered pool
    UDP 5404, 5405  
  Workload Balancing virtual appliance TCP 8012 By default, the Workload Balancing server uses 8012. However, if you specify a different port during Workload Balancing set up, ensure that communication is allowed on that port.
XenCenter XenServer hosts TCP 22 SSH
    TCP 443 Management using the management API
  Virtual Machine TCP 5900 VNC for Linux VMs
    TCP 3389 RDP for Windows VMs
Workload Balancing virtual appliance XenServer hosts TCP 443 XenServer hosts use port 443 for Workload Balancing to gather metric data.
Other clients XenServer hosts TCP 80, 443 Any client that uses the management API to communicate with XenServer hosts

XenServer interoperates with various Citrix products. For more information about the ports these products use, see Communication ports used by Citrix.

Note:

  • To improve security, you can close TCP port 80 on the management interface of XenServer hosts. For more information about how to close port 80, see Restrict use of port 80.

  • If FQDN is used instead of IP as a resource, then make sure it is resolvable.

Active Directory integration

If you use Active Directory in your environment, ensure that the following firewall ports are open for outbound traffic for XenServer to access the domain controllers.

Port Protocol Use
53 UDP/TCP DNS
88 UDP/TCP Kerberos 5
123 UDP NTP
137 UDP NetBIOS Name Service
139 TCP NetBIOS Session (SMB)
389 UDP/TCP LDAP
445 TCP SMB over TCP
464 UDP/TCP Machine password changes
636 UDP/TCP LDAP over SSL
3268 TCP Global Catalog Search

For more information, see Active Directory integration

Citrix Provisioning Services

If you use Citrix Provisioning Services in your environment, ensure that the following firewall ports can be accessed:

Port Protocol Use
6901, 6902, 6905 UDP Provisioning server outbound communication (packets destined for the target device)
6910 UDP Target device logon with Citrix Provisioning Services
6901 UDP Configurable target device port. The default port is 6901.
6910–6930 UDP Configurable server port range. The default range is 6910–6930.

For more information, see Citrix Provisioning Services and Communication ports used by Citrix.

Connectivity requirements