Service connectivity requirements

Citrix Cloud Japan provides administrative functions (through a web browser) and operational requests (from other installed components) that connect to resources within a customer’s deployment. This document defines the requirements and considerations for establishing connectivity between your resources and Citrix Cloud Japan.

Connecting to the Internet from your data centers requires opening port 443 to outbound connections. However, to operate within environments containing an Internet proxy server or firewall restrictions, further configuration might be needed. For more information, see Cloud Connector Proxy and Firewall Configuration.

The addresses for each service in this article must be contactable to properly operate and consume the service. The following table lists the addresses that are common to most Citrix Cloud Japan services and their function. These addresses are provided only as domain names because Citrix Cloud Japan services are dynamic and their IP addresses are subject to routine changes.

Required address Function
https://*.citrixworkspacesapi.jp Provides access to Citrix Cloud APIs that the services use.
https://*.cloud.com Provides access to the Citrix Cloud Japan sign-in interface.
https://*.blob.core.windows.net Provides access to Azure Blob Storage, which stores updates for Citrix Cloud Connector.
https://*.servicebus.windows.net Provides access to Azure Service Bus, which is used by the Active Directory agent and Machine Creation Services.
https://*.cloudapp.net Provides access to Azure Cloud Services, which hosts compute resources and APIs for Citrix Cloud Japan.

As a best practice, use Group Policy to configure and manage these addresses. Also, configure only the addresses that are applicable to the services that you and your end-users are consuming.

Virtual Apps and Desktops

Citrix resource location / Cloud Connector:

  • https://*.citrixworkspacesapi.jp
  • https://*.citrixnetworkapi.net
  • https://*.cloud.com
  • https://cwsproduction.blob.core.windows.net
  • https://*.xendesktop.net
  • https://*.servicebus.windows.net

For an overview of how the Cloud Connector communicates with the service, refer to the Virtual Apps and Desktops diagram on the Citrix Tech Zone web site.

Administration console:

  • https://*.citrixworkspacesapi.jp
  • https://*.citrixnetworkapi.net
  • https://*.cloud.com
  • https://*.xendesktop.net

Management console

The Citrix Cloud Japan management console is a web-based console that you can access after signing in to https://citrix.cloud.jp. The web pages that make up the console might require other resources on the Internet, either when signing in or at a later point when carrying out specific operations.

Proxy and firewall configuration

If you’re connecting through a proxy server, the management console operates using the same configuration applied to your web browser. The console operates within the user context, so any configuration of proxy servers that require user authentication should work as expected.

For the management console to operate, you must have port 443 open for outbound connections. You can test general connectivity by navigating within the console.

For more information, see Citrix Cloud Connector proxy and firewall configuration.

Session timeouts

After an administrator signs in to Citrix Cloud Japan, the management console session times out after the following intervals have elapsed:

  • Idle sessions (no console activity detected): 60 minutes
  • Maximum session timeout (regardless of console activity): 24 hours

After the maximum session timeout elapses, any unsaved configuration changes are lost and the administrator must sign in again.

Citrix Cloud Connector

The Citrix Cloud Connector is a software package that deploys a set of services that run on Microsoft Windows servers. The machine hosting the Cloud Connector resides within the network where the resources you use with Citrix Cloud Japan reside. The Cloud Connector connects to Citrix Cloud Japan, allowing it to operate and manage your resources as needed.

For requirements for installing the Cloud Connector, see Citrix Cloud Connector requirements. To operate, the Cloud Connector requires outbound connectivity on port 443. After installation, the Cloud Connector might have additional access requirements depending on the cloud service with which it is being used.

For help with troubleshooting connectivity between the Cloud Connector and Citrix Cloud Japan, use the Cloud Connector Connectivity Check Utility. This utility runs a series of checks on the Cloud Connector machine to verify it can reach Citrix Cloud Japan and related services and helps you add any missing connectivity addresses to the Trusted Sites zone in Internet Explorer. If you use a proxy server in your environment, all connectivity checks are tunneled through your proxy server. To download the utility, see CTX260337 in the Citrix Support Knowledge Center.

Certificate validation

Cloud Connector binaries and endpoints that the Cloud Connector contacts are protected by X.509 certificates that are verified when the software is installed. To validate these certificates, each Cloud Connector machine must meet the following requirements:

  • HTTP port 80 is open to *.digicert.com. This port is used during Cloud Connector installation and during periodic Certificate Revocation List checks.
  • The following addresses must be contactable:
    • http://*.digicert.com
    • https://*.digicert.com
    • https://dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
    • https://dl.cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt

For more information about these certificates, see Certificate validation requirements.

SSL Decryption

Enabling SSL decryption on certain proxies might prevent the Cloud Connector from connecting successfully to Citrix Cloud Japan. For more information about resolving this issue, see CTX221535.

Service connectivity requirements