Communication Ports for VDI & DaaS (US Region)
    • Dark
      Light
    • PDF

    Communication Ports for VDI & DaaS (US Region)

    • Dark
      Light
    • PDF

    Article summary

    This article covers the communication requirements for deploying ControlUp version 9.0 for VDI & DaaS in the US + rest of the world (non-EU) region. Click on these links to see prerequisites for:

    HybridArch9.0

    Network testing tool

    You can use our network connection testing tool to make sure you have all the network communication requirements in place.

    9.0 Specific URLs

    If you are planning to upgrade to version 9.0, consult this article, which lists additional URLs requiring whitelisting for version 9.0

    Outbound Connections

    The following table includes all the communication ports that you need for ControlUp to work properly. To use our integrations, you must allowlist mandatory ports and URLs, as well as mandatory outbound URLs.

    When you use a proxy in your environment, you must allowlist and open the ControlUp cloud configuration servers through your proxy.

    Network Tester Tool

    To verify connectivity from ControlUp products and components, you can use our network tester tool which checks connectivity to all required outbound URLs.

    Web Application Firewall

    ControlUp ensures that all URLs are protected using TLS to safeguard data during transit. However, for certain URLs, you must also enable SOAP. You can find this information in the Purpose column for the relevant URLs.

    From the Real-Time Agent Machine*

    SourceDNSTypePortProtocolPurpose
    Mandatory outbound URLs to use Agent Outbound Communication
    ControlUp AgentControlUp MonitorTCP443HTTPSAgent to Monitor communication
    ControlUp Agentcu-agents-cpa.controlup.com/broker-discoveryTCP443HTTPSBroker Discovery service for agent outbound communication
    ControlUp Agentcu-agents-cpa.controlup.com/outbound-securityTCP443HTTPSOutbound security service for agent outbound communication
    ControlUp Agentcu-agents-cpa-us.controlup.com/broker-discoveryTCP443HTTPSBroker Discovery service for agent outbound communication
    ControlUp Agentcu-agents-cpa-us.controlup.com/outbound-securityTCP443HTTPSOutbound security service for agent outbound communication
    Optional ports, to use Remote Control in web UI
    ControlUp Agentsolve-ws-proxy-us.controlup.comTCP443HTTPSRemote Control session from the web UI
    ControlUp AgentIP address: 3.210.212.180TCP443HTTPSRemote Control session from the web UI
    ControlUp AgentIP address: 44.205.79.193TCP443HTTPSRemote Control session from the web UI

    * These URLs are only relevant to use Agent Outbound Communication in ControlUp version 9.0

    From the Real-Time Console Machine

    To manage your VDI & DaaS environment from the web UI, your machine must have access to:

    SourceDNSTypePortProtocolPurpose
    Mandatory outbound URLs
    Any computerapp.controlup.comTCP443HTTPSDEX platform

    To use the Real-Time DX desktop console (used for configuration and connecting to your virtual infrastructure), your machine must have access to:

    SourceDNSTypePortProtocolPurpose
    Mandatory outbound URLs
    Consolefe1.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe2.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe3.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolefe4.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolert-app.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Consolert-app-us.controlup.comTCP443HTTPSReal-Time DX login services
    Consolecu-ca-us.controlup.comTCP443HTTPSReal-Time DX Centralized Auditing services
    Consolecu-services-cpa.controlup.comTCP443HTTPSGoogle Analytics service, Google Kubernetes service, Events Reporter Kubernetes service, Identity Mangement service, Configuration Kubernetes service, SBA Store Kubernetes service
    Consolecu-services-cpa-us.controlup.comTCP443HTTPSGoogle Analytics service, Google Kubernetes service, Events Reporter Kubernetes service, Identity Mangement service, Configuration Kubernetes service, SBA Store Kubernetes service
    Mandatory ports
    ConsoleControlUp AgentTCP40705WCFIncoming TCP / WCF traffic from Console and Monitor cluster to ControlUp Agents
    ConsoleControlUp AgentTCP135 - 139RPCAgent deployment from the Console and certain built-in actions such as restarting the Agent
    ConsoleControlUp MonitorTCP40706WCFConsole ⇔ Monitor and internal Monitor cluster communication
    ConsoleControlUp MonitorTCP135 - 139, 445, 49152-65535RPC / WMI / SMBMonitor deployment and upgrades from the Console and certain built-in actions, such as restarting the Agent
    ConsoleData CollectorTCP40705WCFConsole to data collector communication
    ConsoleDomain ControllerTCP/UDP389, 3268LDAPLDAP communication from the Real-Time Console and ControlUp Monitors with Domain Controllers
    Optional ports, depending on what you want to monitor
    Consolehttps://*.cloud.com
    https://*.citrixworkspacesapi.net
    https://*.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    ConsoleCitrix XenDesktop ControllersTCP80/443HTTP/SCommunication with XenDesktop infrastructure
    ConsoleCitrix XenServer Pool Master/HostsTCP80/443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    ConsoleLinux ClientTCP22SSHCommunications with Linux machines
    ConsoleNetScalersTCP80/443HTTP/SDepending on what the administrator configured
    ConsoleNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    ConsoleVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon infrastructure
    ConsoleVMware vCenter ServerTCP443HTTPSCommunication with vSphere infrastructure

    From the Real-Time Monitor Machine

    SourceDNSTypePortProtocolPurpose
    Mandatory outbound URLs
    Monitorfe1.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe2.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe3.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorfe4.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorrt-app.controlup.comTCP443HTTPSReal-Time DX login services, SOAP
    Monitorrt-app-us.controlup.comTCP443HTTPSReal-Time DX login services
    Monitorcu-ca-us.controlup.comTCP443HTTPSReal-Time DX Centralized Auditing services
    Monitormonitor-receiver-azure-eastus-prod.controlup.com/v1/data

    Or by IP address: 20.168.200.122
    TCP443HTTPSReal-Time DX new data pipeline for reports
    Monitorinsights-hec.controlup.comTCP443HTTPSHTTP Event Collector (HEC) Endpoint - telemetry data from ControlUp Monitors
    Monitormp.controlup.comTCP443HTTPS / WSSWeb UI (Monitor Proxy)
    Monitorsolve.controlup.comTCP443HTTPSWeb UI Action API Notification Service, Remote Control Feature
    Monitors3.amazonaws.comTCP443HTTPSReal-Time DX / web UI historical data uploads
    Monitorcu-services-cpa.controlup.comTCP443HTTPSOutbound security Kubernetes service, Master Broker, Action API notification service, Identity Mangement service, Configuration Kubernetes service, SBA Store Kubernetes service
    Monitorcu-services-cpa-us.controlup.comTCP443HTTPSOutbound security Kubernetes service, Master Broker, Action API notification service, Identity Mangement service, Configuration Kubernetes service, SBA Store Kubernetes service
    Monitorcu-services-cpz-us.controlup.comTCP443HTTPSSchema service, Monitor receiver
    Monitorrt-app-services-us.controlup.comTCP443HTTPSShadow Kubernetes service
    Mandatory ports
    MonitorControlUp AgentTCP135 - 139, 445, 49152-65535RPC / WMI / SMBAgent deployment via the monitor
    MonitorControlUp AgentTCP40705WCFMonitor to agent communication
    MonitorControlUp MonitorTCP40706WCFInter-Monitor communication
    MonitorControlUp MonitorTCP135 - 139, 445, 49152-65535RPC / WMI / SMBMonitor deployment from the console
    MonitorData CollectorTCP40705WCFMonitor to data collector communication
    MonitorDomain ControllerTCP/UDP389, 3268LDAPLDAP communication with Domain Controllers
    Optional ports, depending on what you want to monitor
    Monitorhttps://*.cloud.com
    https://*.citrixworkspacesapi.net
    https://*.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    MonitorCitrix XenDesktop ControllersTCP80/443HTTP/SCommunication with XenDesktop infrastructure
    MonitorCitrix XenServer Pool Master/HostsTCP80/443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    MonitorLinux ClientTCP22SSHCommunications with Linux machines
    MonitorNetScalersTCP80/443HTTP/SDepending on what the administrator configured
    MonitorNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    MonitorSMTP ServerTCP25SMTPEmail alerts
    MonitorVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon infrastructure
    MonitorVMware vCenter ServerTCP443HTTPSCommunication with vSphere infrastructure
    Monitorsolve-ws-proxy-us.controlup.com*TCP443HTTPSRemote Control session from the web UI
    MonitorIP address: 3.210.212.180*TCP443HTTPSRemote Control session from the web UI
    MonitorIP address: 44.205.79.193*TCP443HTTPSRemote Control session from the web UI
    * These URLs are only relevant for ControlUp version 9.0.

    From the Real-Time Data Collector Machine

    SourceDNSTypePortProtocolPurpose
    Optional ports, depending on what you want to monitor
    Data Collectorhttps://*.cloud.com
    https://*.citrixworkspacesapi.net
    https://*.xendesktop.net
    TCP443HTTPSCommunication with Citrix Cloud
    Data Collectorhttps://management.azure.comTCP443HTTPSCommunication with Microsoft Azure
    Data Collectorhttps://sts.amazonaws.com
    https://ec2.amazonaws.com
    TCP443HTTPSCommunication with AWS
    Data CollectorCitrix XenDesktop ControllersTCP80/443HTTP/SCommunication with XenDesktop infrastructure
    Data CollectorCitrix XenServer Pool Master/HostsTCP80/443HTTP/SCommunication with XenServer Infrastructure (and RRD communications)
    Data CollectorLinux ClientTCP22SSHCommunications with Linux machines
    Data CollectorNetScalersTCP80/443HTTP/SDepending on what the administrator configured
    Data CollectorNutanix/AHVTCP9440Communication with Nutanix Infrastructure
    Data CollectorVMware Horizon Connection ServerTCP443HTTPSCommunication with Horizon infrastructure
    Data CollectorVMware vCenter ServerTCP443HTTPSCommunication with vSphere infrastructure

    Required Connection for Real-Time Reports from New Data Pipeline

    To enable ControlUp monitors to send data to the new data pipeline for reporting, add the following URL to your allow list:

    • https://monitor-receiver-azure-eastus-prod.controlup.com/v1/data

    Or by IP address: 20.168.200.122
    (As mentioned in the Monitor table above.)

    If you use legacy reports to view historical data, add the following URLs to your allow list:

    • https://cu-services-cpa-us.controlup.com
    • https://cu-services-cpz-us.controlup.com

    Synthetic Monitoring

    ControlUp for VDI & DaaS includes proactive synthetic testing for your network infrastructure and EUC gateways. Visit Communication requirements for Scoutbees for details.


    Was this article helpful?