1、概述
1.1 说明
port list摘自citrix官方 kb:CTX101810
本文提供的端口,通过Citrix相关产品或组件使用到的端口而定,如果通信经过一些网络设备,如防火墙或代理服务器,端口必须打开以确保通信顺畅从而保证相关的产品或组件能正常工作。
1.2 包含的citrix产品或组件列表
CitrixCloud
NetScaler
NetScalerGateway
NetScalerSD-WAN
CommandCenter Server
NetScalerInsight Center
NetScalerMAS
StoreFront
XenMobile
PasswordManager/Single Sign-On
AppDNA7.x
CitrixOnline Products
CloudStack/CloudPlatform
CommonCitrix Communication Ports
EdgeSight
FederatedAuthentication Service
ProvisioningServices
SmartAuditor
StageManager
StorageLink
WorkflowStudio
XenAppPrior to Version 7.5
XenDesktop/XenApp7.5 and Later Versions
WorkspaceEnvironment Management (WEM)
XenServer
2、Port List
| Source | Destination | Type | Port | Details |
| User Device | StoreFront Server | TCP | 80/443 | Connecting to the Store or Receiver for Web site hosted on StoreFront server |
| StoreFront Server | Domain Controller | TCP/UDP | 389 | LDAP connection to query user-friendly name and email addresses |
| TCP/UDP | 88 | Kerberos | ||
| TCP/UDP | 464 | Native Windows authentication protocol to allow users change expired passwords | ||
| Microsoft SQL Server | TCP | 1433 | For StoreFront 1.2 and earlier. TCP port used to connecting StoreFront and SQL server to read/write application information to the subscription database. | |
| You can use SQL database as an alternative to the built-in ESE+Mesh from StoreFront 3.0.1 onwards. | ||||
| StoreFront Server | TCP | Randomly selected unreserved port per service. | Used for Peer-to-peer Services (Credential Wallet, Subscriptions Store (1 per Store). This service uses MS .Net NetPeerTcpBinding which negotiates a random port on each server between the peers. Only used for communication within the cluster. | |
| Scroll down to the end of this table for configuration of firewalls when you place StoreFront in its own network. | ||||
| TCP | 808 | Used for Subscription Replication Services. Not installed by default. Used to replicate subscriptions between associated clusters | ||
| XenDesktop Controller, XenApp Controller, XenMobile | TCP | 80/443 | For application and desktop requests. | |
| NetScaler | TCP | 8000 | For Monitoring Service used by NetScaler load balancer. | |
| NetScaler Gateway | LDAP Server | TCP | 636 | LDAP SSL connection |
| TCP | 3268 | LDAP connection to Global Catalog | ||
| TCP | 3269 | LDAP connection to Global Catalog over SSL | ||
| TCP | 389 | LDAP plain text | ||
| RADIUS Server | TCP | 80/8080/443 | Application/Desktop Request via XML Service | |
| TCP\UDP | 1813 | RADIUS Accounting | ||
| TCP\UDP | 1645/1812 | RADIUS connection | ||
| XenDesktop/XenApp Controller | TCP | 2598 | Access to applications and virtual desktops by ICA/HDX with Session Reliability | |
| Secure Ticketing Authority | TCP | 80/8080/443 | Secure Ticketing Authority (embedded into XML Service) | |
| XenDesktop–Virtual Desktop/XenApp Worker Server | TCP | 1494 | Access to applications and virtual desktops by ICA/HDX | |
| TCP | 443 | Access to applications and virtual | ||
| Desktops by ICA/HDX over SSL | ||||
| TCP | 8008 | Access to applications and virtual desktops by ICA/HDX from HTML5 Receiver | ||
| IP | 50 | IPSec Encapsulating Security Protocol (ESP) traffic | ||
| StoreFront | TCP | 443 | Callback URL to reach NetScaler Gateway virtual server from StoreFront | |
| NetScaler Gateway Plug-in | ×××/XenApp/XenDesktop | UDP | 3108/3168/3188 | For ××× tunnel with secure ICA connections -Download |
| TCP/UDP | 3148 | |||
| NetScaler Gateway | XenDesktop–Virtual Desktop/XenApp Worker Server | UDP | 3224-3324 | Access to applications and virtual desktops with Framehawk |
| Controller | Citrix XenServer Resource Pool Master | TCP | 80/443 | Communication with XenServer infrastructure |
| Microsoft SCVMM Server | TCP | 8100 | Communication with Hyper-V infrastructure | |
| VMware vCenter Server | TCP | 443 | Communication with vSphere infrastructure | |
| Microsoft SQL Server | TCP | 1433 | Microsoft SQL Server | |
| TCP | 1434 | Microsoft SQL Server. | ||
| Note: Named instance connection requires UDP 1434 | ||||
| Virtual Desktop | TCP | 80 | XenDesktop 7 and later only. Controller initiates the connection when discovering local applications or for gathering information about local processes,performance data,etc. | |
| UDP | 9 | Wakeon LAN magic pocket (optional for Microsoft Configuration Manager Wakeon LAN) | ||
| TCP | 135 | Wake-up proxy (optional for Microsoft Configuration Manager Wakeon LAN) | ||
| Microsoft System Center Configuration Manager | TCP | 135 | WMI connection to ConfigMgr for Wakeon LAN | |
| Director Server | Virtual Delivery Agent | TCP | 80 | Only XenDesktop 5.6 and earlier: Communication between Director and Virtual Delivery Agent Agent for WinRM1.1 |
| TCP | 5985 | Only XenDesktop 5.6 and earlier: Communication between Director and Virtual Delivery Agent Agent for WinRM2.0 | ||
| Desktop Director and Admin Workstation | Virtual Delivery Agent | TCP | 135 | Communication between Desktop Director and Virtual Delivery Agent Agent for Remote Assistance |
| 3389 | ||||
| TCP | 389 | LDAP | ||
| Note: For the logon step, Desktop Director does not contact the AD but does a local logon using the native Windows API– LogonUser (which might internally be contacting the AD). | ||||
| Endpoint (Receiver) | Virtual Delivery Agent | TCP | 2598 | Access to applications and virtual desktops by ICA/HDX with Session Reliability |
| TCP | 1494 | Access to applications and virtual desktops by ICA/HDX | ||
| TCP | 443 | Access to applications and virtual desktops by ICA/HDX over SSL | ||
| TCP | 8008 | Access to applications and virtual desktops by ICA/HDX from HTML5 Receiver | ||
| UDP | 16500-16509 | Port range for ICA/HDX audio | ||
| UDP | 3224-3324 | ICA/HDX Framehawk | ||
| Virtual Delivery Agent (5.x and later) | Controller | TCP | 80 | Used by process WorkstationAgent.exe for communicating with Controller |
| Virtual Delivery Agent (previous versions) | Controller | TCP | 8080 | Communication between Desktop Delivery Controller and Virtual Desktop Agent |
| Virtual Delivery Agent | Domain Controller | TCP | 3268 | Communication between Virtual Delivery Agent Agent and Microsoft Global Catalog used during the registration process in order to validate its list of configured |
| Director Server | TCP | 80/443 | Access to XenDesktop Director website | |
| Admin Workstation | Controller | TCP | 80/443 | When using a locally installed Studio Console or the SDK to directly access the Controller. The following services listen on the Controller: |
| • General brokering functionality (BrokerService.exe) | ||||
| • ActiveDirectoryIdentity Service (Citrix.ADIdentity.SdkWcfE ndpoint.exe) | ||||
| • Configuration Logging Service | ||||
| • Configuration Service (Citrix.Configuration.SdkWc fEndpoint.exe) | ||||
| • Delegated Admin Service | ||||
| • HostService (Citrix.Host.SdkWcfEndpoi nt.exe) | ||||
| • MachineCreationService (Citrix.MachineCreation.Sdk WcfEndpoint.exe) | ||||
| • MachineIdentityService (Citrix.MachineIdentity.Sdk WcfEndpoint.exe) | ||||
| • License Configuration Service (Citrix.LicensingConfig.Sdk WcfEndpoint.exe) | ||||
| Virtual DeliveryAgent | TCP/UDP | Dynamically allocated high-port | When initiating a Remote Assistance session from a Windows 7 machine to a Windows Vista/ 7 Virtual Delivery | |
| (49152-65535) | ||||
| TCP | 3389 | When initiating a Remote Assistance session from a Windows 7 machine to a WindowsXP Virtual Delivery Agent | ||
| Endpoint (Receiver) (Internal) | Virtual Delivery Agent | UDP | 3224-3324 | Access to applications and virtual desktops with Framehawk |
| all vm | AD | TCP/UDP | 389 | |
| TCP | 135 | |||
| TCP/UDP | 53 | |||
| TCP | 445 | |||
| TCP | 88 | |||
| TCP | 49152-65535 |
转载于:https://blog.51cto.com/viming/1943784
扫一扫
142
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
