XenServer

Communication ports used by XenServer

June 22, 2023

Contributed by:

This article provides an overview of common ports that are used by XenServer components and must be considered as part of networking architecture, especially if communication traffic traverses network components such as firewalls or proxy servers where ports must be opened to ensure communication flow.

Not all ports need to be open, depending on your deployment and requirements.

Source	Destination	Type	Port	Details
XenServer	XenServer	TCP	80, 443	Intra-host communication between members of a resource pool using the management API
	Citrix License Server	TCP	27000	Handles initial connection for license requests
		TCP	7279	Check-in/check-out of licenses
	NTP Service	TCP, UDP	123	Time Synchronization
	DNS Service	TCP, UDP	53	DNS Lookups
	Domain Controller	TCP, UDP	389	LDAP (for Active Directory user authentication)
		TCP	636	LDAP over SSL (LDAPS)
	FileServer (with SMB storage)	TCP, UDP	139	ISOStore:NetBIOSSessionService
		TCP, UDP	445	ISOStore:Microsoft-DS
	SAN Controller	TCP	3260	iSCSI Storage
	NAS Head/File Server	TCP	2049	NFSv4 Storage
		TCP, UDP	2049	NFSv3 Storage. TCP is the default
		TCP, UDP	111	NFSv3 Storage - connection to rpcbind
		TCP, UDP	Dynamic	NFSv3 Storage - a dynamic set of ports chosen by the filer
	Syslog	UDP	514	Sends data to a central location for collation
	Clustering	TCP	8892, 21064	Communication between all pool members in a clustered pool
		UDP	5404, 5405
XenCenter	XenServer	TCP	22	SSH
		TCP	443	Management using the management API
	Virtual Machine	TCP	5900	VNC for Linux VMs
		TCP	3389	RDP for Windows VMs
Other clients	XenServer	TCP	80, 443	Any client that uses the management API to communicate with XenServer hosts

Note:

To improve security, you can close TCP port 80 on the management interface of XenServer hosts. By default, port 80 is still open. If you close it, any external clients that use the management API must use HTTPS over port 443 (instead of HTTP over port 80) to connect to XenServer. However, before closing port 80, check whether all your API clients (Citrix Virtual Apps and Desktops in particular) can use HTTPS over port 443.

If FQDN is used instead of IP as resource, then make sure it is resolvable.

Additional port information

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Communication ports used by XenServer

June 22, 2023

Contributed by:

June 22, 2023

Contributed by:

Communication ports used by XenServer

Additional port information

In this article