Communication Ports Used By ControlUp: Hybrid Cloud
    • Dark
      Light
    • PDF

    Communication Ports Used By ControlUp: Hybrid Cloud

    • Dark
      Light
    • PDF

    Article Summary

    Architecture_v2023.png

    US + Rest of the World (non-EU)

    The following article lists all the communication ports required for US + rest of the world (non-EU) customers only to use ControlUp. For the ports required for EU customers only, see Communication Ports Used By ControlUp: Hybrid Cloud (EU Customers).

    Outbound Connections

    The following table includes all the communication ports that you need for ControlUp to work properly. Our integrations require you to allowlist certain ports and URLs when using them, as well as mandatory outbound URLs.

    When you use a proxy in your environment, make sure to allowlist and open the ControlUp cloud configuration servers through your proxy.

    Network Tester Tool

    To verify connectivity from ControlUp products and components, you can use our network tester tool which checks connectivity to all required outbound URLs.

    Web Application Firewall

    ControlUp ensures that all URLs are protected using TLS to safeguard data during transit. However, for certain URLs, you must also enable SOAP. You can find this information in the Purpose column for the relevant URLs.

    From the Console Machine

    SourceDNSTypePortProtocolPurpose
    Mandatory outbound URLs
    Consolefe1.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe2.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe3.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe4.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolert-app.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolert.controlup.comTCP443HTTPSReal-Time DX login services
    Consolert-app-us.controlup.comTCP443HTTPSReal-Time DX login services
    Consolecu-ca-us.controlup.comTCP443HTTPSReal-Time DX Centralized Auditing services
    Mandatory ports
    ConsoleControlUp AgentTCP40705WCFIncoming TCP / WCF traffic from Console and Monitor cluster to ControlUp Agents
    ConsoleControlUp MonitorTCP40706WCFConsole ⇔ Monitor and internal Monitor cluster communication
    ConsoleControlUp MonitorTCP135 - 139, 445, 49152-65535RPC / WMI / SMBMonitor deployment and upgrades from the Console and certain built-in actions, such as restarting the Agent
    ConsoleData CollectorTCP40705WCFConsole to data collector communication
    ConsoleDomain ControllerTCP/UDP389LDAPLDAP communication from the Real-Time Console and ControlUp Monitors with Domain Controllers
    Optional ports, depending on what you want to monitor
    Consolehttps://*.cloud.com
    https://*.citrixworkspacesapi.net
    https://*.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    ConsoleCitrix XenDesktop ControllersTCP80/443HTTP/SCommunication with XenDesktop infrastructure
    ConsoleCitrix XenServer Pool Master/HostsTCP80/443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    ConsoleLinux ClientTCP22SSHCommunications with Linux machines
    ConsoleNetScalersTCP80/443HTTP/SDepending on what the administrator configured
    ConsoleNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    ConsoleVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon infrastructure
    ConsoleVMware vCenter ServerTCP443HTTPSCommunication with vSphere infrastructure

    From the Monitor Machine

    SourceDNSTypePortProtocolPurpose
    Mandatory outbound URLs
    Monitorfe1.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe2.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe3.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe4.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorrt-app.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorrt.controlup.comTCP443HTTPSReal-Time DX login services
    Monitorrt-app-us.controlup.comTCP443HTTPSReal-Time DX login services
    Monitorcu-ca-us.controlup.comTCP443HTTPSReal-Time DX Centralized Auditing services
    Monitormonitor-receiver-azure-eastus-prod.controlup.com/v1/data

    Or by IP address: 20.168.200.122
    TCP443HTTPSReal-Time DX new data pipeline for reports
    Monitorinsights-hec.controlup.comTCP443HTTPSHTTP Event Collector (HEC) Endpoint - telemetry data from ControlUp Monitors
    Monitormp.controlup.comTCP443HTTPSSolve
    Monitorsolve.controlup.comTCP443HTTPSRequired to use Solve actions
    Monitors3.amazonaws.comTCP443HTTPSReal-Time DX / Insights and Solve historical data uploads
    Mandatory ports
    MonitorControlUp AgentTCP135 - 139, 445, 49152-65535RPC / WMI / SMBAgent deployment via the monitor
    MonitorControlUp AgentTCP40705WCFMonitor to agent communication
    MonitorControlUp MonitorTCP40706WCFInter-Monitor communication
    MonitorControlUp MonitorTCP135 - 139, 445, 49152-65535RPC / WMI / SMBMonitor deployment from the console
    MonitorData CollectorTCP40705WCFMonitor to data collector communication
    MonitorDomain ControllerTCP/UDP389LDAPLDAP communication with Domain Controllers
    Optional ports, depending on what you want to monitor
    Monitorhttps://*.cloud.com
    https://*.citrixworkspacesapi.net
    https://*.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    MonitorCitrix XenDesktop ControllersTCP80/443HTTP/SCommunication with XenDesktop infrastructure
    MonitorCitrix XenServer Pool Master/HostsTCP80/443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    MonitorLinux ClientTCP22SSHCommunications with Linux machines
    MonitorNetScalersTCP80/443HTTP/SDepending on what the administrator configured
    MonitorNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    MonitorSMTP ServerTCP25SMTPEmail alerts
    MonitorVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon infrastructure
    MonitorVMware vCenter ServerTCP443HTTPSCommunication with vSphere infrastructure

    From the Data Collector Machine

    SourceDNSTypePortProtocolPurpose
    Optional ports, depending on what you want to monitor
    Data Collectorhttps://*.cloud.com
    https://*.citrixworkspacesapi.net
    https://*.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    Data Collectorhttps://management.azure.comTCP443HTTPSCommunication with Microsoft Azure
    Data Collectorhttps://sts.amazonaws.com
    https://ec2.amazonaws.com
    TCP443HTTPSCommunication with AWS
    Data CollectorCitrix XenDesktop ControllersTCP80/443HTTP/SCommunication with XenDesktop infrastructure
    Data CollectorCitrix XenServer Pool Master/HostsTCP80/443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    Data CollectorLinux ClientTCP22SSHCommunications with Linux machines
    Data CollectorNetScalersTCP80/443HTTP/SDepending on what the administrator configured
    Data CollectorNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    Data CollectorVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon infrastructure
    Data CollectorVMware vCenter ServerTCP443HTTPSCommunication with vSphere infrastructure

    Required Connection for Reports from New Data Pipeline

    To enable ControlUp monitors to send data to the new data pipeline for reporting, add the following URL to your allow list:
    https://monitor-receiver-azure-eastus-prod.controlup.com/v1/data

    Or by IP address: 20.168.200.122

    Other required Outbound Connections

    Devices and servers used by ControlUp, providing configuration interface, data aggregration, upload and authorization validation for Solve access, and other services. This requires TCP 443 / SSL outbound connectivity to the following URLs:

    ControlUp component in your environmentPurposeURLs
    Scoutbees Custom HiveReceive configuration, task lists (API) and return scout results (Websockets)https://api.scoutbees.io


    Websockets:

    https://ws.scoutbees.io

    WebSocket - Default Port: 8008

    Encapsulated WebSocket connection (via HDX protocol) from Custom Hive to VDAs. Relevant for StoreFront type scouts.

    HTTP/S - TCP Port 80 / 443:
    • Custom Hive => StoreFront / Netscaler (HTTP/S)
    • Custom Hive => XenDesktop Brokers (HTTP/S)
    • Custom Hive => VMware Horizon Connection Server (HTTPS)
    • Custom Hive => VMware UAG (HTTPS)
    PCs, macOS or thin clients monitored with Edge DX Per tenant / customer URL:
    [tenant name].sip.controlup.com downloads.sip.controlup.com

    Web Browser Access

    Administrators and other ControlUp users need to have web browser access (TCP port 443, https) to the following addresses:

    DNSPurpose
    https://solve.controlup.comControlUp Solve Portal
    https://insights.controlup.comControlUp Insights Portal
    https://[tenant-name].sip.controlup.com
    https://maps.google.com
    Edge DX Portal
    https://app.scoutbees.io
    Scoutbees Portal

    Connection Requirements for APIs

    Depending on if you plan to use the respective API, enable the following API URIs:

    DNSTypePortProtocolPurpose
    https://*.cloud.com
    https://*.citrixworkspacesapi.net
    https://*.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    https://sts.amazonaws.com
    https://ec2.amazonaws.com
    TCP443HTTPSAWS API
    https://management.azure.comTCP443HTTPSAzure API

    Was this article helpful?