- Print
- DarkLight
- PDF
Communication Ports for VDI & DaaS (US Region)
- Print
- DarkLight
- PDF
This article covers the communication requirements for deploying ControlUp version 9.0 for VDI & DaaS in the US + rest of the world (non-EU) region. Click on these links to see prerequisites for:
- Synthetic Monitoring (Scoutbees)
- ControlUp for Physical Endpoints & Apps
- Communication Ports for VDI & DaaS (EU Region)
9.0 Specific URLs
If you are planning to upgrade to version 9.0, consult this article, which lists additional URLs requiring whitelisting for version 9.0
Outbound Connections
The following table includes all the communication ports that you need for ControlUp to work properly. To use our integrations, you must allowlist mandatory ports and URLs, as well as mandatory outbound URLs.
When you use a proxy in your environment, you must allowlist and open the ControlUp cloud configuration servers through your proxy.
To verify connectivity from ControlUp products and components, you can use our network tester tool which checks connectivity to all required outbound URLs.
ControlUp ensures that all URLs are protected using TLS to safeguard data during transit. However, for certain URLs, you must also enable SOAP. You can find this information in the Purpose column for the relevant URLs.
From the Real-Time Agent Machine*
Source | DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|---|
Mandatory outbound URLs to use Agent Outbound Communication | |||||
ControlUp Agent | ControlUp Monitor | TCP | 443 | HTTPS | Agent to Monitor communication |
ControlUp Agent | cu-agents-cpa.controlup.com/broker-discovery | TCP | 443 | HTTPS | Broker Discovery service for agent outbound communication |
ControlUp Agent | cu-agents-cpa.controlup.com/outbound-security | TCP | 443 | HTTPS | Outbound security service for agent outbound communication |
ControlUp Agent | cu-agents-cpa-us.controlup.com/broker-discovery | TCP | 443 | HTTPS | Broker Discovery service for agent outbound communication |
ControlUp Agent | cu-agents-cpa-us.controlup.com/outbound-security | TCP | 443 | HTTPS | Outbound security service for agent outbound communication |
Optional ports, to use Remote Control in web UI | |||||
ControlUp Agent | solve-ws-proxy-us.controlup.com | TCP | 443 | HTTPS | Remote Control session from the web UI |
ControlUp Agent | IP address: 3.210.212.180 | TCP | 443 | HTTPS | Remote Control session from the web UI |
ControlUp Agent | IP address: 44.205.79.193 | TCP | 443 | HTTPS | Remote Control session from the web UI |
* These URLs are only relevant to use Agent Outbound Communication in ControlUp version 9.0
From the Real-Time Console Machine
To manage your VDI & DaaS environment from the web UI, your machine must have access to:
Source | DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|---|
Mandatory outbound URLs | |||||
Any computer | app.controlup.com | TCP | 443 | HTTPS | DEX platform |
To use the Real-Time DX desktop console (used for configuration and connecting to your virtual infrastructure), your machine must have access to:
Source | DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|---|
Mandatory outbound URLs | |||||
Console | fe1.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | fe2.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | fe3.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | fe4.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | rt-app.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | rt-app-us.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services |
Console | cu-ca-us.controlup.com | TCP | 443 | HTTPS | Real-Time DX Centralized Auditing services |
Console | cu-services-cpa.controlup.com | TCP | 443 | HTTPS | Google Analytics service, Google Kubernetes service, Events Reporter Kubernetes service, Identity Mangement service, Configuration Kubernetes service, SBA Store Kubernetes service |
Console | cu-services-cpa-us.controlup.com | TCP | 443 | HTTPS | Google Analytics service, Google Kubernetes service, Events Reporter Kubernetes service, Identity Mangement service, Configuration Kubernetes service, SBA Store Kubernetes service |
Mandatory ports | |||||
Console | ControlUp Agent | TCP | 40705 | WCF | Incoming TCP / WCF traffic from Console and Monitor cluster to ControlUp Agents |
Console | ControlUp Agent | TCP | 135 - 139 | RPC | Agent deployment from the Console and certain built-in actions such as restarting the Agent |
Console | ControlUp Monitor | TCP | 40706 | WCF | Console ⇔ Monitor and internal Monitor cluster communication |
Console | ControlUp Monitor | TCP | 135 - 139, 445, 49152-65535 | RPC / WMI / SMB | Monitor deployment and upgrades from the Console and certain built-in actions, such as restarting the Agent |
Console | Data Collector | TCP | 40705 | WCF | Console to data collector communication |
Console | Domain Controller | TCP/UDP | 389, 3268 | LDAP | LDAP communication from the Real-Time Console and ControlUp Monitors with Domain Controllers |
Optional ports, depending on what you want to monitor | |||||
Console | https://*.cloud.com https://*.citrixworkspacesapi.net https://*.xendesktop.net | TCP | 443 | HTTPS | Communication with Citrix Cloud |
Console | Citrix XenDesktop Controllers | TCP | 80/443 | HTTP/S | Communication with XenDesktop infrastructure |
Console | Citrix XenServer Pool Master/Hosts | TCP | 80/443 | HTTP/S | Communication with XenServer Infrastructure (and RRD communications) |
Console | Linux Client | TCP | 22 | SSH | Communications with Linux machines |
Console | NetScalers | TCP | 80/443 | HTTP/S | Depending on what the administrator configured |
Console | Nutanix/AHV | TCP | 9440 | Communication with Nutanix Infrastructure | |
Console | VMware Horizon Connection Server | TCP | 443 | HTTPS | Communication with Horizon infrastructure |
Console | VMware vCenter Server | TCP | 443 | HTTPS | Communication with vSphere infrastructure |
From the Real-Time Monitor Machine
Source | DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|---|
Mandatory outbound URLs | |||||
Monitor | fe1.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | fe2.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | fe3.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | fe4.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | rt-app.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | rt-app-us.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services |
Monitor | cu-ca-us.controlup.com | TCP | 443 | HTTPS | Real-Time DX Centralized Auditing services |
Monitor | monitor-receiver-azure-eastus-prod.controlup.com/v1/data Or by IP address: 20.168.200.122 | TCP | 443 | HTTPS | Real-Time DX new data pipeline for reports |
Monitor | insights-hec.controlup.com | TCP | 443 | HTTPS | HTTP Event Collector (HEC) Endpoint - telemetry data from ControlUp Monitors |
Monitor | mp.controlup.com | TCP | 443 | HTTPS / WSS | the web UI (Monitor Proxy) |
Monitor | solve.controlup.com | TCP | 443 | HTTPS | Web UI Action API Notification Service, Remote Control Feature |
Monitor | s3.amazonaws.com | TCP | 443 | HTTPS | Real-Time DX / Insights and the web UI historical data uploads |
Monitor | cu-services-cpa.controlup.com | TCP | 443 | HTTPS | Outbound security Kubernetes service, Master Broker, Action API notification service, Identity Mangement service, Configuration Kubernetes service, SBA Store Kubernetes service |
Monitor | cu-services-cpa-us.controlup.com | TCP | 443 | HTTPS | Outbound security Kubernetes service, Master Broker, Action API notification service, Identity Mangement service, Configuration Kubernetes service, SBA Store Kubernetes service |
Monitor | cu-services-cpz-us.controlup.com | TCP | 443 | HTTPS | Schema service, Monitor receiver |
Monitor | rt-app-services-us.controlup.com | TCP | 443 | HTTPS | Shadow Kubernetes service |
Mandatory ports | |||||
Monitor | ControlUp Agent | TCP | 135 - 139, 445, 49152-65535 | RPC / WMI / SMB | Agent deployment via the monitor |
Monitor | ControlUp Agent | TCP | 40705 | WCF | Monitor to agent communication |
Monitor | ControlUp Monitor | TCP | 40706 | WCF | Inter-Monitor communication |
Monitor | ControlUp Monitor | TCP | 135 - 139, 445, 49152-65535 | RPC / WMI / SMB | Monitor deployment from the console |
Monitor | Data Collector | TCP | 40705 | WCF | Monitor to data collector communication |
Monitor | Domain Controller | TCP/UDP | 389, 3268 | LDAP | LDAP communication with Domain Controllers |
Optional ports, depending on what you want to monitor | |||||
Monitor | https://*.cloud.com https://*.citrixworkspacesapi.net https://*.xendesktop.net | TCP | 443 | HTTPS | Communication with Citrix Cloud |
Monitor | Citrix XenDesktop Controllers | TCP | 80/443 | HTTP/S | Communication with XenDesktop infrastructure |
Monitor | Citrix XenServer Pool Master/Hosts | TCP | 80/443 | HTTP/S | Communication with XenServer Infrastructure (and RRD communications) |
Monitor | Linux Client | TCP | 22 | SSH | Communications with Linux machines |
Monitor | NetScalers | TCP | 80/443 | HTTP/S | Depending on what the administrator configured |
Monitor | Nutanix/AHV | TCP | 9440 | Communication with Nutanix Infrastructure | |
Monitor | SMTP Server | TCP | 25 | SMTP | Email alerts |
Monitor | VMware Horizon Connection Server | TCP | 443 | HTTPS | Communication with Horizon infrastructure |
Monitor | VMware vCenter Server | TCP | 443 | HTTPS | Communication with vSphere infrastructure |
Monitor | solve-ws-proxy-us.controlup.com* | TCP | 443 | HTTPS | Remote Control session from the web UI |
Monitor | IP address: 3.210.212.180* | TCP | 443 | HTTPS | Remote Control session from the web UI |
Monitor | IP address: 44.205.79.193* | TCP | 443 | HTTPS | Remote Control session from the web UI |
From the Real-Time Data Collector Machine
Source | DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|---|
Optional ports, depending on what you want to monitor | |||||
Data Collector | https://*.cloud.com https://*.citrixworkspacesapi.net https://*.xendesktop.net | TCP | 443 | HTTPS | Communication with Citrix Cloud |
Data Collector | https://management.azure.com | TCP | 443 | HTTPS | Communication with Microsoft Azure |
Data Collector | https://sts.amazonaws.com https://ec2.amazonaws.com | TCP | 443 | HTTPS | Communication with AWS |
Data Collector | Citrix XenDesktop Controllers | TCP | 80/443 | HTTP/S | Communication with XenDesktop infrastructure |
Data Collector | Citrix XenServer Pool Master/Hosts | TCP | 80/443 | HTTP/S | Communication with XenServer Infrastructure (and RRD communications) |
Data Collector | Linux Client | TCP | 22 | SSH | Communications with Linux machines |
Data Collector | NetScalers | TCP | 80/443 | HTTP/S | Depending on what the administrator configured |
Data Collector | Nutanix/AHV | TCP | 9440 | Communication with Nutanix Infrastructure | |
Data Collector | VMware Horizon Connection Server | TCP | 443 | HTTPS | Communication with Horizon infrastructure |
Data Collector | VMware vCenter Server | TCP | 443 | HTTPS | Communication with vSphere infrastructure |
Required Connection for Real-Time Reports from New Data Pipeline
To enable ControlUp monitors to send data to the new data pipeline for reporting, add the following URL to your allow list:
- https://monitor-receiver-azure-eastus-prod.controlup.com/v1/data
Or by IP address: 20.168.200.122
(As mentioned in the Monitor table above.)
If you use legacy reports to view historical data, add the following URLs to your allow list:
- https://cu-services-cpa-us.controlup.com
- https://cu-services-cpz-us.controlup.com
Synthetic Monitoring
ControlUp for VDI & DaaS includes proactive synthetic testing for your network infrastructure and EUC gateways. Visit Communication requirements for Scoutbees for details.