Connectivity Requirements

    External domains accessed by XCP-ng and Xen Orchestra

    XCP-ng hosts

    XCP-ng hosts require access to the following domains:

    Domain

    Port

    Direction

    Details

    mirrors.xcp-ng.org

    443

    Outbound

    XCP-ng uses mirrorbits to redirect download requests to an appropriate mirror based on their update status and geographical position.
    However please note this mirror system will redirect you to your nearest mirror, which can be any of our third party mirrors, so you will need to allow traffic to these as well. They can be found here: https://mirrors.xcp-ng.org/?mirrorstats

    Xen Orchestra

    Xen Orchestra requires access to the following domains:

    Domain

    Port

    Direction

    Details

    xen-orchestra.com

    443

    Outbound

    tunnel.xen-orchestra.com

    443

    Outbound

    		 Secure support tunnel

    github.com

    443

    Outbound

    nodejs.org

    443

    Outbound

    npmjs.org

    443

    Outbound

    registry.npmjs.org

    443

    Outbound

    updates.ops.xenserver.com

    443

    Outbound

    XOA polls information on this site to see whether updates are available for XenServer hosts

    fileservice.citrix.com

    443

    Outbound

    Source for XenServer patches

    Communication ports used by XCP-ng and Xen Orchestra

    The ports listed in the following table are the common ports that are used by XCP-ng and Xen Orchestra. Not all ports need to be open, depending on your deployment and requirements.

    Source

    Destination

    Type

    Port

    Details

    XCP-ng hosts

    XCP-ng hosts

    TCP

    80, 443

    Intra-host communication between members of a resource pool using the management API

    NTP Service

    TCP, UDP

    123

    Time Synchronization

    DNS Service

    TCP, UDP

    53

    DNS Lookups

    Domain Controller

    TCP, UDP

    389

    LDAP (for Active Directory user authentication)


    TCP

    636

    LDAP over SSL (LDAPS)

    FileServer (with SMB storage)

    TCP, UDP

    139

    ISOStore:NetBIOSSessionService

    SAN Controller

    TCP

    3260

    iSCSI Storage

    NAS Head/File Server

    TCP

    2049

    NFSv4 Storage


    TCP, UDP

    2049

    NFSv3 Storage. TCP is the default


    TCP, UDP

    111

    NFSv3 Storage - connection to rpcbind


    TCP, UDP

    Dynamic

    NFSv3 Storage - a dynamic set of ports chosen by the filer

    Syslog

    UDP

    514

    Sends data to a central location for collation

    Clustering

    TCP

    8892, 8896, 21064

    Communication between all pool members in a clustered pool


    UDP

    5404, 5405

    Xen Orchestra

    XCP-ng hosts

    TCP

    22

    SSH


    TCP

    443

    Management using the management API

    Virtual Machine

    TCP

    5900

    VNC for Linux VMs


    TCP

    3389

    RDP for Windows VMs

    Workload Balancing virtual appliance

    XCP-ng hosts

    TCP

    8012

    By default, the Workload Balancing server uses 8012. However, if you specify a different port during Workload Balancing set up, ensure that communication is allowed on that port.

    Other clients

    XCP-ng hosts

    TCP

    80, 443

    Any client that uses the management API to communicate with XCP-ng hosts

    Published