External domains accessed by XCP-ng and Xen Orchestra
XCP-ng hosts
XCP-ng hosts require access to the following domains:
|
Domain |
Port |
Direction |
Details |
|
mirrors.xcp-ng.org |
443 |
Outbound |
XCP-ng uses mirrorbits to redirect download requests to an appropriate mirror based on their update status and geographical position. |
Xen Orchestra
Xen Orchestra requires access to the following domains:
|
Domain |
Port |
Direction |
Details |
|
xen-orchestra.com |
443 |
Outbound |
|
|
tunnel.xen-orchestra.com |
443 |
Outbound |
Secure support tunnel |
|
github.com |
443 |
Outbound |
|
|
nodejs.org |
443 |
Outbound |
|
|
npmjs.org |
443 |
Outbound |
|
|
registry.npmjs.org |
443 |
Outbound |
|
|
updates.ops.xenserver.com |
443 |
Outbound |
XOA polls information on this site to see whether updates are available for XenServer hosts |
|
fileservice.citrix.com |
443 |
Outbound |
Source for XenServer patches |
Communication ports used by XCP-ng and Xen Orchestra
The ports listed in the following table are the common ports that are used by XCP-ng and Xen Orchestra. Not all ports need to be open, depending on your deployment and requirements.
|
Source |
Destination |
Type |
Port |
Details |
|
XCP-ng hosts |
XCP-ng hosts |
TCP |
80, 443 |
Intra-host communication between members of a resource pool using the management API |
|
NTP Service |
TCP, UDP |
123 |
Time Synchronization |
|
|
DNS Service |
TCP, UDP |
53 |
DNS Lookups |
|
|
Domain Controller |
TCP, UDP |
389 |
LDAP (for Active Directory user authentication) |
|
|
TCP |
636 |
LDAP over SSL (LDAPS) |
||
|
FileServer (with SMB storage) |
TCP, UDP |
139 |
ISOStore:NetBIOSSessionService |
|
|
SAN Controller |
TCP |
3260 |
iSCSI Storage |
|
|
NAS Head/File Server |
TCP |
2049 |
NFSv4 Storage |
|
|
TCP, UDP |
2049 |
NFSv3 Storage. TCP is the default |
||
|
TCP, UDP |
111 |
NFSv3 Storage - connection to rpcbind |
||
|
TCP, UDP |
Dynamic |
NFSv3 Storage - a dynamic set of ports chosen by the filer |
||
|
Syslog |
UDP |
514 |
Sends data to a central location for collation |
|
|
Clustering |
TCP |
8892, 8896, 21064 |
Communication between all pool members in a clustered pool |
|
|
UDP |
5404, 5405 |
|||
|
Xen Orchestra |
XCP-ng hosts |
TCP |
22 |
SSH |
|
TCP |
443 |
Management using the management API |
||
|
Virtual Machine |
TCP |
5900 |
VNC for Linux VMs |
|
|
TCP |
3389 |
RDP for Windows VMs |
||
|
Workload Balancing virtual appliance |
XCP-ng hosts |
TCP |
8012 |
By default, the Workload Balancing server uses 8012. However, if you specify a different port during Workload Balancing set up, ensure that communication is allowed on that port. |
|
Other clients |
XCP-ng hosts |
TCP |
80, 443 |
Any client that uses the management API to communicate with XCP-ng hosts |