Connectivity requirements for Citrix Cloud Government
Citrix Cloud Government provides administrative functions (through a web browser) and operational requests (from other installed components) that connect to resources within a customer’s deployment. This document defines the requirements and considerations for establishing connectivity between the customer’s resources and Citrix Cloud Government.
Connecting to the Internet from your data centers requires opening port 443 to outbound connections. However, to operate within environments containing an Internet proxy server or firewall restrictions, further configuration might be needed.
Transport Layer Security requirements
Citrix Cloud Government supports Transport Layer Security (TLS) 1.2 for TCP-based connections between components. Citrix Cloud doesn’t allow communication over TLS 1.0 or TLS 1.1.
To access Citrix Cloud Government, you must use a browser that supports TLS 1.2 and have accepted cipher suites configured. For more information, see Encryption and key management.
Citrix Cloud Government management console
The Citrix Cloud Government management console is a web-based console that you can access after signing in to https://citrix.cloud.us. The console’s webpages requires more Internet resources when signing in or performing specific operations.
Configurable inactivity timeout for console
As a full-access administrator, you can configure the duration of inactivity on the Citrix Cloud console before administrators are automatically signed out. Once configured, the specified timeout period will be applied to all administrators of the Citrix Cloud account.
When the feature is enabled, administrators will be logged out after the configured period of inactivity, and the session timeout will reset upon each subsequent login.
When the feature is disabled, there is no inactivity timer, and administrators will be logged out only when the 12-hour session limit is reached.
Note:
- This feature is enabled by default.
- The configurable inactivity timeout is 10 minutes to 1 hour.
- The default inactivity timeout is 15 minutes.
Proxy configuration
If you’re connecting through a proxy server, the management console operates using the same configuration applied to your web browser. The console operates within the user context, enabling the configuration of proxy servers that require user authentication to work as expected.
Firewall configuration
For the management console to operate, you must have port 443 open for outbound connections. You can test general connectivity by navigating within the console.
Citrix Cloud Connector
The Citrix Cloud Connector is a software package that deploys a set of services that run on Microsoft Windows servers. The machine hosting the Cloud Connector resides within the network where the resources that you use with Citrix Cloud Government reside. The Cloud Connector connects to Citrix Cloud Government, allowing it to operate and manage your resources as needed.
For requirements for installing the Cloud Connector, see Citrix Cloud Connector requirements. To operate, the Cloud Connector requires outbound connectivity on port 443. After installation, the Cloud Connector might have more access requirements depending on the Citrix Cloud Government service with which it is being used.
Allowed FQDNs for Cloud Connector
For a complete list of the fully qualified domain names (FQDNs) that the Cloud Connector accesses, refer to the JSON file available at https://fqdnallowlistsa.blob.core.windows.net/fqdnallowlist-gov/allowlist.json. The list is categorized by the product and includes a change log for each group of FQDNs.
Some of these FQDNs are specific to a customer and include templated sections in angular brackets. These templated sections must be replaced with the actual values before use. For example, for <CUSTOMER_ID>.xendesktop.net
, you replace <CUSTOMER_ID>
with the actual customer ID for your Citrix Cloud account. You can find the customer ID at the top of the API Access tab in Identity and Access Management.
Citrix DaaS service connectivity
Citrix resource location / Cloud Connector:
https://*.citrixworkspacesapi.us
https://*.cloud.us
https://*.apps.cloud.us
https://*.blob.core.usgovcloudapi.net
https://*.servicebus.usgovcloudapi.net
https://*.xendesktop.us
Administration console:
https://*.citrixworkspacesapi.us
https://*.cloud.us
https://*.blob.core.usgovcloudapi.net
https://*.xendesktop.us