Firewall ports 编辑

The App Layering appliance communicates with your hypervisor, provisioning service, and the App Layering agent. This article details the ports that the appliance uses to communicate both internally with other App Layering-related services, and externally with servers, such as NTP servers. Be sure to open the necessary ports in your firewall before you install the App Layering appliance.

During App Layering installation, you open ports that the appliance uses to interact with services on the virtual server where it is hosted. If there is a firewall between the App Layering appliance and the machine on which you are running the App Layering agent or one of the App Layering connectors, you must manually open the port in the firewall used for that purpose. If during installation you changed any of the ports from the default setting, be sure to open the correct port.

The App Layering appliance uses the TCP/IP protocol, and IPv4 is required. There are three main classes of communication:

  • Accessing and managing the appliance.
  • Talking to other App Layering agent service.
  • Talking directly to hypervisors that don’t require the agent.

Note:

The App Layering appliance must be connected to a network file share.

Admin user

By default, App Layering uses the following ports in your firewall for the Admin User to interact with the Management console on the App Layering appliance virtual machine.

App Layering appliance

The connector services for the various hypervisors and provisioning services listed below all run on the App Layering appliance.

App Layering DestinationActivityProtocolPorts
ApplianceManagement consoleTCP80, 443
ApplianceAdministrator log downloadTCP8888
Azure connector serviceCommunicationTCP3000 (HTTP), 3500 (HTTPS)
BITS ServerDisk uploadTCP3015 (HTTP), 3515 (HTTPS)
Citrix Hypervisor connector serviceCommunicationTCP3002 (HTTP), 3502 (HTTPS)
Citrix Provisioning connector serviceCommunicationTCP3009 (HTTP), 3509 (HTTPS)
Google connector serviceCommunicationTCP3016 (HTTP), 3516 (HTTPS)
Hyper-V connector serviceCommunicationTCP3012 (HTTP), 3512 (HTTPS)
Nutanix connector serviceCommunicationTCP3006 (HTTP), 3506 (HTTPS)
vSphere connector serviceCommunicationTCP3004 (HTTP), 3504 (HTTPS)

Internal connections

By default, the App Layering service uses the following ports in your firewall for internal connections between the appliance and each of its destinations.

In the table, the following shorthand is used:

  • Appliance - The App Layering virtual appliance.
  • Agent - refers to the App Layering agent.
  • Admin user - A management console user who is assigned the App Layering Admin role.
  • Compositing machine - A virtual machine used to create and update layers using the App Layering compositing engine, including:
    • Virtual machine created when you use a connector with Offload compositing enabled to create a layer, add a version to a layer, or publish a layered image.
    • Virtual machine in which the ImportOsLayer.ps1 script runs to import the OS image as a new OS layer.
App Layering SourceApp Layering DestinationActivityProtocolPorts
AgentApplianceInitial registrationTCP443
ApplianceAgentCommunicationTCP8016
AgentApplianceLog deliveries from agentTCP8787
AppliancevCenter, ESXI hostsCommunication with datastore via ESXI hostTCP443
Admin userApplianceLog downloadTCP8888
ApplianceActive directoryLDAPTCP389, 636
ApplianceCompositing machineCommunicationTCP443
Compositing machineApplianceCommunicationTCP443
Compositing machineApplianceLayer disk access via iSCSITCP3260
Admin userApplianceAzure connector communicationTCP3000 (HTTP), 3500 (HTTPS)
ApplianceAzureCommunicationTCP443
Admin userApplianceCitrix Provisioning connector communicationTCP3009 (HTTP), 3509 (HTTPS)
Agent on Citrix Provisioning serverApplianceDisk downloadTCP3009 (HTTP), 3509 (HTTPS)
Admin userApplianceHyper-V connector communicationTCP3012 (HTTP), 3512 (HTTPS)
Agent on Hyper-V serverApplianceDisk downloadTCP3012 (HTTP), 3512 (HTTPS)
Agent on Hyper-V serverApplianceDisk uploadTCP3015 (HTTP), 3515 (HTTPS)
Admin userAppliancevSphere connector communicationTCP3004 (HTTP), 3504 (HTTPS)
AppliancevSphereCommunicationTCP443
Admin userApplianceCitrix Hypervisor connector communicationTCP3002 (HTTP), 3502 (HTTPS)
ApplianceCitrix HypervisorCommunicationTCP5900
Admin userApplianceNutanix connector communicationTCP3006 (HTTP), 3506 (HTTPS)
AppliancePrismCommunicationTCP9440

External connection

By default, uses the following port in your firewall for external connections between the App Layering appliance and the destination listed below.

Note:

These URLs are only accessible by the appliance using the credentials defined for it. Attempting to browse these sites will result in an error message.

App Layering DestinationActivityProtocolPorts
<https://applayeringwebapi.azurewebsites.net>API AccessTCP443
<http://alcdn.citrix.com/>Download upgrade mediaTCP80

OS image, a Citrix Hypervisor requirement

DestinationActivityProtocolPorts
Citrix HypervisorCommunicationTCP5900

Key ports

Basic appliance management and access (always required)

  • HTTP - Port 80
  • HTTPS - Port 443
  • SSH - Port 22
  • Log downloads - Port 8888

Servers

  • Active Directory server - Port 389 - LDAP protocol
  • Active Directory server - Port 636 - LDAPS protocol
  • Active Directory server - Port 53 - DNS protocol
  • Windows file servers, SMB - Port 445 - SMB protocol
  • Network time servers - Port 123 - NTP protocol
  • Unix file servers - Port 2049 - NFS protocol
  • DHCP server, DHCP - Port 67 - UDP protocol
  • App Layering appliance - Port 68 - DHCP protocol

App Layering agent

The agent uses the following ports for communications with itself and the appliance.

  • Appliance to agent server:

    • Commands from appliance/SOAP - Port 8016
  • Agent server to appliance:

    • Registration - Port 443 HTTPS
    • Log export - Port 8787
    • Citrix Provisioning disk download - Ports 3009 HTTP, 3509 HTTPS
    • Hyper-V disk download - Ports 3012 HTTP, 3512 HTTPS
    • Hyper-V disk upload - Ports 3015 HTTP, 3515 HTTPS

Connectors to hypervisors and provisioning services

Connectors on the appliance allow the appliance to communicate directly with the supported hypervisors and provisioning services using the following ports.

  • Citrix Hypervisor - Port 5900
  • Citrix Provisioning - Port 8016 (App Layering agent)
  • Google Cloud - Port 443
  • Microsoft Azure management - Port 443
  • Microsoft Hyper-V - Port 8016 (App Layering agent)
  • Nutanix AHV - Port 9440
  • VMware vSphere - Port 443 (Virtual Center, and ESX hosts for disk transfers)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:18 次

字数:11605

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文