Connectivity requirements for Citrix Cloud Government
Citrix Cloud Government provides administrative functions (through a web browser) and operational requests (from other installed components) that connect to resources within a customer’s deployment. This document defines the requirements and considerations for establishing connectivity between the customer’s resources and Citrix Cloud Government.
Connecting to the Internet from your data centers requires opening port 443 to outbound connections. However, to operate within environments containing an Internet proxy server or firewall restrictions, further configuration might be needed.
Transport Layer Security requirements
Citrix Cloud Government supports Transport Layer Security (TLS) 1.2 for TCP-based connections between components. Citrix Cloud doesn’t allow communication over TLS 1.0 or TLS 1.1.
To access Citrix Cloud Government, you must use a browser that supports TLS 1.2 and have accepted cipher suites configured. For more information, see Encryption and key management.
Citrix Cloud Government management console
The Citrix Cloud Government management console is a web-based console that you can access after signing in to https://citrix.cloud.us. The web pages that make up the console might require other resources on the Internet, either when signing in or at a later point when carrying out specific operations.
Proxy configuration
If you’re connecting through a proxy server, the management console operates using the same configuration applied to your web browser. The console operates within the user context, so any configuration of proxy servers that require user authentication should work as expected.
Firewall configuration
For the management console to operate, you must have port 443 open for outbound connections. You can test general connectivity by navigating within the console.
Citrix Cloud Connector
The Citrix Cloud Connector is a software package that deploys a set of services that run on Microsoft Windows servers. The machine hosting the Cloud Connector resides within the network where the resources you use with Citrix Cloud Government reside. The Cloud Connector connects to Citrix Cloud Government, allowing it to operate and manage your resources as needed.
For requirements for installing the Cloud Connector, see Citrix Cloud Connector requirements. To operate, the Cloud Connector requires outbound connectivity on port 443. After installation, the Cloud Connector might have additional access requirements depending on the Citrix Cloud Government service with which it is being used.
Allowed FQDNs for Cloud Connector
For a complete list of the fully-qualified domain names (FQDNs) that the Cloud Connector accesses, refer to the JSON file located at https://fqdnallowlistsa.blob.core.windows.net/fqdnallowlist-gov/allowlist.json. This list is grouped by product and includes a change log for each group of FQDNs.
Some of these FQDNs are specific to a customer and include templated sections in angular brackets. These templated sections must be replaced with the actual values before use. For example, for <CUSTOMER_ID>.xendesktop.net, you replace <CUSTOMER_ID> with the actual customer ID for your Citrix Cloud account. You can find the customer ID at the top of the API Access tab in Identity and Access Management.
Citrix DaaS service connectivity
Citrix resource location / Cloud Connector:
https://*.citrixworkspacesapi.ushttps://*.cloud.ushttps://*.apps.cloud.ushttps://*.blob.core.usgovcloudapi.nethttps://*.servicebus.usgovcloudapi.nethttps://*.xendesktop.us
Administration console:
https://*.citrixworkspacesapi.ushttps://*.cloud.ushttps://*.blob.core.usgovcloudapi.nethttps://*.xendesktop.us
Endpoint Management service connectivity
Citrix resource location / Cloud Connector:
https://*.citrixworkspacesapi.ushttps://*.cloud.ushttps://*.apps.cloud.ushttps://*.blob.core.usgovcloudapi.nethttps://*.servicebus.usgovcloudapi.nethttps://*.xendesktop.us
Administration console:
https://*.cem.cloud.usads.xm.cloud.comhttps://*.citrixworkspacesapi.ushttps://*.cloud.ushttps://*.blob.core.usgovcloudapi.net
See also, Port requirements.