Communication Ports for VDI & DaaS (EU Region)
    • Dark
      Light
    • PDF

    Communication Ports for VDI & DaaS (EU Region)

    • Dark
      Light
    • PDF

    Article summary

    This article covers the communication requirements for deploying ControlUp version 9.0 for VDI & DaaS organizations created in the EU region. Visit these articles to see the communication requirements for:

    HybridArch9.0

    Network testing tool

    You can use our network connection testing tool to make sure you have all the network communication requirements in place.

    9.0 Specific URLs

    If you plan to upgrade to version 9.0, see this article listing additional URLs required to allow for version 9.0.

    Outbound Connections

    Devices and servers used by ControlUp, providing configuration interface, data aggregration, upload and authorization validation for web UI, access, and other services.

    When you use a proxy in your environment, make sure to allowlist and open the ControlUp cloud configuration servers through your proxy.

    Network Tester Tool

    To verify connectivity from ControlUp products and components, you can use our network tester tool which checks connectivity to all required outbound URLs.

    Web Application Firewall

    ControlUp ensures that all URLs are protected using TLS to safeguard data during transit. However, for certain URLs, you must also enable SOAP. You can find this information in the Purpose column for the relevant URLs.

    From the Real-Time Agent Machine

    Mandatory Outbound URLs to use Agent Outbound Communication*

    SourceDNSTypePortProtocolPurpose
    ControlUp Agentcu-agents-cpa.controlup.comTCP443HTTPS
    ControlUp Agentcu-agents-cpa-eu.controlup.comTCP443HTTPS

    Optional port, to use for Agent Outbound Communication

    SourceDNSTypePortProtocolPurpose
    ControlUp AgentControlUp MonitorTCP443HTTPSAgent to Monitor communication

    Optional port, to use Remote Control in the Web UI

    SourceDNSTypePortProtocolPurpose
    ControlUp Agentsolve-ws-proxy-eu.controlup.comTCP443HTTPSRemote Control session from the web UI

    From the Real-Time Console Machine

    Mandatory Outbound URLs

    SourceDNSTypePortProtocolPurpose
    Consolefe1.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe2.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe3.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe4.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolert-app.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolert-app-eu-central-1.controlup.comTCP443HTTPSReal-Time DX login services
    Consolert-app-eu.controlup.comTCP443HTTPSReal-Time DX login services
    Consolecu-ca-eu.controlup.comTCP443HTTPSReal-Time DX Centralized Auditing services
    Consolecu-ca-eu-central-1.controlup.comTCP443HTTPSReal-Time DX Centralized Auditing services
    Consolecu-services-cpa-eu.controlup.comTCP443HTTPSGoogle Analytics service, Google Kubernetes service, Events Reporter Kubernetes service, Identity Management service, Configuration Kubernetes service, SBA Store service
    Consolecu-services-cpa.controlup.comTCP443HTTPSOutbound security Kubernetes service, Master Broker, Action API notification service, Identity Management service, Configuration Kubernetes service, SBA Store Kubernetes service

    Mandatory Ports

    SourceDNSTypePortProtocolPurpose
    ConsoleControlUp AgentTCP40705WCFIncoming TCP / WCF traffic from Console and Monitor cluster to ControlUp Agents
    ConsoleControlUp AgentTCP135 - 139RPCAgent deployment from the Console and certain built-in actions such as restarting the Agent
    ConsoleControlUp MonitorTCP40706WCFConsole ⇔ Monitor and internal Monitor cluster communication
    ConsoleControlUp MonitorTCP135 - 139, 445, 49152-65535RPC / WMI / SMBMonitor deployment and upgrades from the Console and certain built-in actions, such as restarting the Agent
    ConsoleData CollectorTCP40705WCFConsole to data collector communication
    ConsoleDomain ControllerTCP389LDAPLDAP communication from the Real-Time Console and ControlUp Monitors with Domain Controllers

    Optional ports, depending on what you want to monitor

    SourceDNSTypePortProtocolPurpose
    Consolehttps://* .cloud.com
    https://*.citrixworkspacesapi.net
    https:// *.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    ConsoleCitrix XenDesktop ControllersTCP80 / 443HTTP/SCommunication with XenDesktop Infrastructure
    ConsoleCitrix XenServer Pool Master/HostsTCP80 / 443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    ConsoleLinux ClientTCP22SSHCommunications with Linux machines
    ConsoleNetScalersTCP443 / 80HTTP(S)Depending on what the administrator configured
    ConsoleNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    ConsoleVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon Infrastructure
    ConsoleVMware vCenter ServerTCP443HTTPSCommunication with vSphere Infrastructure

    From the Real-Time Monitor Machine

    Mandatory Outbound URLs

    SourceDNSTypePortProtocolPurpose
    Monitorfe1.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe2.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe3.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe4.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorrt-app.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorrt-app-eu-central-1.controlup.comTCP443HTTPSReal-Time DX login services
    Monitorrt-app-eu.controlup.comTCP443HTTPSReal-Time DX login services
    Monitorcu-ca-eu.controlup.comTCP443HTTPSReal-Time DX Centralized Auditing services
    Monitorcu-ca-eu-central-1.controlup.comTCP443HTTPSReal-Time DX Centralized Auditing services
    Monitormp.controlup.comTCP443HTTPS / Secure Web SocketReal-Time DX <> the web UI query engine
    Monitormonitor-receiver-azure-westeurope-prod.controlup.com/v1/data (Or by IP address: 20.4.63.242)TCP443HTTPSReal-Time DX new data pipeline for reports
    Monitors3.eu-central-1.amazonaws.comTCP443HTTPSReal-Time DX / historical data uploads
    Monitoruploader-eu-central-1.controlup.comTCP443HTTPSReal-Time DX / historical data uploads, SOAP
    Monitorinsights-hec.controlup.comTCP443HTTPSHTTP Event Collector (HEC) Endpoint - telemetry data from ControlUp Monitors
    Monitorsolve.controlup.comTCP443HTTPSRequired to use the web UI actions
    Monitorcu-services-cpa.controlup.comTCP443HTTPSOutbound security Kubernetes service, Master Broker, Action API notification service, Identity Management service, Configuration Kubernetes service, SBA Store Kubernetes service
    Monitorcu-services-cpa-eu.controlup.comTCP443HTTPSOutbound security Kubernetes service, Master Broker, Action API notification service, Identity Management service, Configuration Kubernetes service, SBA Store Kubernetes service
    Monitorcu-services-cpz-eu.controlup.comTCP443HTTPSSchema service, Monitor receiver

    Mandatory Ports

    SourceDNSTypePortProtocolPurpose
    MonitorControlUp AgentTCP135 - 139, 445, 49152-65535RPC / WMI / SMBAgent deployment via the monitor
    MonitorControlUp AgentTCP40705WCFMonitor to agent communication
    MonitorControlUp MonitorTCP40706WCFInter-Monitor communication
    MonitorControlUp MonitorTCP135 - 139, 445, 49152-65535RPC / WMI / SMBMonitor deployment from the console
    MonitorData CollectorTCP40705WCFMonitor to data collector communication
    MonitorDomain ControllerTCP389LDAPLDAP communication with Domain Controllers

    Optional ports, depending on what you want to monitor

    SourceDNSTypePortProtocolPurpose
    Monitorhttps://* .cloud.com
    https://*.citrixworkspacesapi.net
    https:// *.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    MonitorCitrix XenDesktop ControllersTCP80 / 443HTTP/SCommunication with XenDesktop Infrastructure
    MonitorCitrix XenServer Pool Master/HostsTCP80 / 443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    MonitorLinux ClientTCP22SSHCommunications with Linux machines
    MonitorNetScalersTCP443 / 80HTTP(S)Depending on what the administrator configured
    MonitorNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    MonitorSMTP ServerTCP25Email alerts
    MonitorVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon Infrastructure
    MonitorVMware vCenter ServerTCP443HTTPSCommunication with vSphere Infrastructure
    Monitorsolve-ws-proxy-eu.controlup.com*TCP443HTTPSRemote Control session from the web UI

    * These URLs are only relevant for ControlUp version 9.0.

    From the Real-Time Data Collector Machine

    Optional ports, depending on what you want to monitor

    SourceDNSTypePortProtocolPurpose
    Data Collectorhttps://* .cloud.com
    https://*.citrixworkspacesapi.net
    https:// *.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    Data Collectorhttps://management.azure.comTCP443HTTPSCommunication with Microsoft Azure
    Data Collectorhttps://sts.amazonaws.com
    https://ec2.amazonaws.com
    TCP443HTTPSCommunication with AWS
    Data CollectorCitrix XenDesktop ControllersTCP80 / 443HTTP/SCommunication with XenDesktop Infrastructure
    Data CollectorCitrix XenServer Pool Master/HostsTCP80 / 443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    Data CollectorLinux ClientTCP22SSHCommunications with Linux machines
    Data CollectorNetScalersTCP443 / 80HTTP(S)Depending on what the administrator configured
    Data CollectorNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    Data CollectorVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon Infrastructure
    Data CollectorVMware vCenter ServerTCP443HTTPSCommunication with vSphere Infrastructure

    Required Connection for DEX

    You can access the DEX platform via https://app.controlup.com. Make sure that your browser can access this URL.

    Required Connection for Real-Time Reports from New Data Pipeline

    To enable ControlUp monitors to send data to the new data pipeline for reporting, add the following URL to your allow list:

    • https://monitor-receiver-azure-westeurope-prod.controlup.com/v1/data

    Or by IP address: 20.4.63.242
    (As mentioned in the Monitor table above.)

    If you use legacy reports to view historical data, add the following URLs to your allow list:

    • https://cu-services-cpa-eu.controlup.com
    • https://cu-services-cpz-eu.controlup.com

    Synthetic Monitoring

    ControlUp for VDI & DaaS includes proactive synthetic testing for your network infrastructure and EUC gateways. Visit Communication requirements for Scoutbees for details.


    Was this article helpful?