- Print
- DarkLight
- PDF
Communication Ports Used By ControlUp: Hybrid Cloud
- Print
- DarkLight
- PDF
The following article lists all the communication ports required for US + rest of the world (non-EU) customers only to use ControlUp. For the ports required for EU customers only, see Communication Ports Used By ControlUp: Hybrid Cloud (EU Customers).
Outbound Connections
The following table includes all the communication ports that you need for ControlUp to work properly. Our integrations require you to allowlist certain ports and URLs when using them, as well as mandatory outbound URLs.
When you use a proxy in your environment, make sure to allowlist and open the ControlUp cloud configuration servers through your proxy.
To verify connectivity from ControlUp products and components, you can use our network tester tool which checks connectivity to all required outbound URLs.
ControlUp ensures that all URLs are protected using TLS to safeguard data during transit. However, for certain URLs, you must also enable SOAP. You can find this information in the Purpose column for the relevant URLs.
From the Console Machine
Source | DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|---|
Mandatory outbound URLs | |||||
Console | fe1.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | fe2.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | fe3.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | fe4.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | rt-app.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Console | rt.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services |
Console | rt-app-us.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services |
Console | cu-ca-us.controlup.com | TCP | 443 | HTTPS | Real-Time DX Centralized Auditing services |
Mandatory ports | |||||
Console | ControlUp Agent | TCP | 40705 | WCF | Incoming TCP / WCF traffic from Console and Monitor cluster to ControlUp Agents |
Console | ControlUp Monitor | TCP | 40706 | WCF | Console ⇔ Monitor and internal Monitor cluster communication |
Console | ControlUp Monitor | TCP | 135 - 139, 445, 49152-65535 | RPC / WMI / SMB | Monitor deployment and upgrades from the Console and certain built-in actions, such as restarting the Agent |
Console | Data Collector | TCP | 40705 | WCF | Console to data collector communication |
Console | Domain Controller | TCP/UDP | 389 | LDAP | LDAP communication from the Real-Time Console and ControlUp Monitors with Domain Controllers |
Optional ports, depending on what you want to monitor | |||||
Console | https://*.cloud.com https://*.citrixworkspacesapi.net https://*.xendesktop.net | TCP | 443 | HTTPS | Communication with Citrix Cloud |
Console | Citrix XenDesktop Controllers | TCP | 80/443 | HTTP/S | Communication with XenDesktop infrastructure |
Console | Citrix XenServer Pool Master/Hosts | TCP | 80/443 | HTTP/S | Communication with XenServer Infrastructure (and RRD communications) |
Console | Linux Client | TCP | 22 | SSH | Communications with Linux machines |
Console | NetScalers | TCP | 80/443 | HTTP/S | Depending on what the administrator configured |
Console | Nutanix/AHV | TCP | 9440 | Communication with Nutanix Infrastructure | |
Console | VMware Horizon Connection Server | TCP | 443 | HTTPS | Communication with Horizon infrastructure |
Console | VMware vCenter Server | TCP | 443 | HTTPS | Communication with vSphere infrastructure |
From the Monitor Machine
Source | DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|---|
Mandatory outbound URLs | |||||
Monitor | fe1.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | fe2.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | fe3.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | fe4.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | rt-app.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services, SOAP |
Monitor | rt.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services |
Monitor | rt-app-us.controlup.com | TCP | 443 | HTTPS | Real-Time DX login services |
Monitor | cu-ca-us.controlup.com | TCP | 443 | HTTPS | Real-Time DX Centralized Auditing services |
Monitor | monitor-receiver-azure-eastus-prod.controlup.com/v1/data Or by IP address: 20.168.200.122 | TCP | 443 | HTTPS | Real-Time DX new data pipeline for reports |
Monitor | insights-hec.controlup.com | TCP | 443 | HTTPS | HTTP Event Collector (HEC) Endpoint - telemetry data from ControlUp Monitors |
Monitor | mp.controlup.com | TCP | 443 | HTTPS | Solve |
Monitor | solve.controlup.com | TCP | 443 | HTTPS | Required to use Solve actions |
Monitor | s3.amazonaws.com | TCP | 443 | HTTPS | Real-Time DX / Insights and Solve historical data uploads |
Mandatory ports | |||||
Monitor | ControlUp Agent | TCP | 135 - 139, 445, 49152-65535 | RPC / WMI / SMB | Agent deployment via the monitor |
Monitor | ControlUp Agent | TCP | 40705 | WCF | Monitor to agent communication |
Monitor | ControlUp Monitor | TCP | 40706 | WCF | Inter-Monitor communication |
Monitor | ControlUp Monitor | TCP | 135 - 139, 445, 49152-65535 | RPC / WMI / SMB | Monitor deployment from the console |
Monitor | Data Collector | TCP | 40705 | WCF | Monitor to data collector communication |
Monitor | Domain Controller | TCP/UDP | 389 | LDAP | LDAP communication with Domain Controllers |
Optional ports, depending on what you want to monitor | |||||
Monitor | https://*.cloud.com https://*.citrixworkspacesapi.net https://*.xendesktop.net | TCP | 443 | HTTPS | Communication with Citrix Cloud |
Monitor | Citrix XenDesktop Controllers | TCP | 80/443 | HTTP/S | Communication with XenDesktop infrastructure |
Monitor | Citrix XenServer Pool Master/Hosts | TCP | 80/443 | HTTP/S | Communication with XenServer Infrastructure (and RRD communications) |
Monitor | Linux Client | TCP | 22 | SSH | Communications with Linux machines |
Monitor | NetScalers | TCP | 80/443 | HTTP/S | Depending on what the administrator configured |
Monitor | Nutanix/AHV | TCP | 9440 | Communication with Nutanix Infrastructure | |
Monitor | SMTP Server | TCP | 25 | SMTP | Email alerts |
Monitor | VMware Horizon Connection Server | TCP | 443 | HTTPS | Communication with Horizon infrastructure |
Monitor | VMware vCenter Server | TCP | 443 | HTTPS | Communication with vSphere infrastructure |
From the Data Collector Machine
Source | DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|---|
Optional ports, depending on what you want to monitor | |||||
Data Collector | https://*.cloud.com https://*.citrixworkspacesapi.net https://*.xendesktop.net | TCP | 443 | HTTPS | Communication with Citrix Cloud |
Data Collector | https://management.azure.com | TCP | 443 | HTTPS | Communication with Microsoft Azure |
Data Collector | https://sts.amazonaws.com https://ec2.amazonaws.com | TCP | 443 | HTTPS | Communication with AWS |
Data Collector | Citrix XenDesktop Controllers | TCP | 80/443 | HTTP/S | Communication with XenDesktop infrastructure |
Data Collector | Citrix XenServer Pool Master/Hosts | TCP | 80/443 | HTTP/S | Communication with XenServer Infrastructure (and RRD communications) |
Data Collector | Linux Client | TCP | 22 | SSH | Communications with Linux machines |
Data Collector | NetScalers | TCP | 80/443 | HTTP/S | Depending on what the administrator configured |
Data Collector | Nutanix/AHV | TCP | 9440 | Communication with Nutanix Infrastructure | |
Data Collector | VMware Horizon Connection Server | TCP | 443 | HTTPS | Communication with Horizon infrastructure |
Data Collector | VMware vCenter Server | TCP | 443 | HTTPS | Communication with vSphere infrastructure |
Required Connection for Reports from New Data Pipeline
To enable ControlUp monitors to send data to the new data pipeline for reporting, add the following URL to your allow list:
https://monitor-receiver-azure-eastus-prod.controlup.com/v1/data
Or by IP address: 20.168.200.122
Other required Outbound Connections
Devices and servers used by ControlUp, providing configuration interface, data aggregration, upload and authorization validation for Solve access, and other services. This requires TCP 443 / SSL outbound connectivity to the following URLs:
ControlUp component in your environment | Purpose | URLs |
---|---|---|
Scoutbees Custom Hive | Receive configuration, task lists (API) and return scout results (Websockets) | https://api.scoutbees.io Websockets: https://ws.scoutbees.io WebSocket - Default Port: 8008 Encapsulated WebSocket connection (via HDX protocol) from Custom Hive to VDAs. Relevant for StoreFront type scouts. HTTP/S - TCP Port 80 / 443:
|
PCs, macOS or thin clients monitored with Edge DX | Per tenant / customer URL: [tenant name].sip.controlup.com downloads.sip.controlup.com |
Web Browser Access
Administrators and other ControlUp users need to have web browser access (TCP port 443, https) to the following addresses:
DNS | Purpose |
---|---|
https://solve.controlup.com | ControlUp Solve Portal |
https://insights.controlup.com | ControlUp Insights Portal |
https://[tenant-name].sip.controlup.com https://maps.google.com | Edge DX Portal |
https://app.scoutbees.io | Scoutbees Portal |
Connection Requirements for APIs
Depending on if you plan to use the respective API, enable the following API URIs:
DNS | Type | Port | Protocol | Purpose |
---|---|---|---|---|
https://*.cloud.com https://*.citrixworkspacesapi.net https://*.xendesktop.net | TCP | 443 | HTTPS | Communication with Citrix Cloud |
https://sts.amazonaws.com https://ec2.amazonaws.com | TCP | 443 | HTTPS | AWS API |
https://management.azure.com | TCP | 443 | HTTPS | Azure API |