Service connectivity requirements
Citrix Cloud Japan provides administrative functions (through a web browser) and operational requests (from other installed components) that connect to resources within a customer’s deployment. This document defines the requirements and considerations for establishing connectivity between your resources and Citrix Cloud Japan.
Connecting to the Internet from your data centers requires opening port 443 to outbound connections. However, to operate within environments containing an Internet proxy server or firewall restrictions, further configuration might be needed. For more information, see Citrix Cloud Connector proxy and firewall configuration.
Management console
The Citrix Cloud Japan management console is a web-based console that you can access after signing in to https://citrix.citrixcloud.jp. The web pages that make up the console might require other resources on the Internet, either when signing in or at a later point when carrying out specific operations.
Proxy and firewall configuration
If you’re connecting through a proxy server, the management console operates using the same configuration applied to your web browser. The console operates within the user context, so any configuration of proxy servers that require user authentication should work as expected.
For the management console to operate, you must have port 443 open for outbound connections. You can test general connectivity by navigating within the console.
For more information, see Citrix Cloud Connector proxy and firewall configuration.
Console notifications
The management console uses Pendo to display critical alerts, notifications about new features, and in-product guidance for some features and services. To ensure you can view Pendo content within the management console, Citrix recommends that the address https://citrix-cloud-content.customer.pendo.io/
is contactable.
Services that display Pendo content include:
- Citrix DaaS (formerly Virtual Apps and Desktops service)
- Citrix Workspace
Pendo is a third-party sub-processor that Citrix uses to provide cloud and support services to Citrix customers. For a complete list of these sub-processors, see Sub-Processors for Citrix Cloud & Support Services and Citrix Affiliates.
Session timeouts
After an administrator signs in to Citrix Cloud Japan, the management console session times out after the following intervals have elapsed:
- Idle sessions (no console activity detected): 60 minutes
- Maximum session timeout (regardless of console activity): 24 hours
After the maximum session timeout elapses, any unsaved configuration changes are lost and the administrator must sign in again.
Configurable inactivity timeout for console
As a full-access administrator, you can configure the duration of inactivity on the Citrix Cloud console before administrators are automatically signed out. Once configured, the specified timeout period will be applied to all administrators of the Citrix Cloud account.
When the feature is enabled, administrators will be logged out after the configured period of inactivity, and the session timeout will reset upon each subsequent login.
When the feature is disabled, there is no inactivity timer, and administrators will be logged out only when the 72-hour session limit is reached.
Note:
- By default this feature is disabled.
- The configurable inactivity timeout is 10 minutes to 12 hours.
- The default inactivity timeout is 60 minutes.
Citrix Cloud Connector
The Citrix Cloud Connector is a software package that deploys a set of services that run on Microsoft Windows servers. The machine hosting the Cloud Connector resides within the network where the resources you use with Citrix Cloud Japan reside. The Cloud Connector connects to Citrix Cloud Japan, allowing it to operate and manage your resources as needed.
For requirements for installing the Cloud Connector, see Citrix Cloud Connector requirements. To operate, the Cloud Connector requires outbound connectivity on port 443. After installation, the Cloud Connector might have additional access requirements depending on the cloud service with which it is being used.
Common service connectivity requirements
The following table lists the addresses that are common to most Citrix Cloud Japan services and their function. These addresses are provided only as domain names because Citrix Cloud Japan services are dynamic and their IP addresses are subject to routine changes.
Required address | Function |
---|---|
https://*.citrixworkspacesapi.jp |
Provides access to Citrix Cloud APIs that the services use. |
https://*.citrixcloud.jp |
Provides access to the Citrix Cloud Japan sign-in interface. |
https://*.blob.core.windows.net |
Provides access to Azure Blob Storage, which stores updates for Citrix Cloud Connector. |
https://*.servicebus.windows.net |
Provides access to Azure Service Bus, which is used for logging and the Active Directory agent. |
As a best practice, use Group Policy to configure and manage these addresses. Also, configure only the addresses that are applicable to the services that you and your end-users are consuming.
Certificate validation
Cloud Connector binaries and endpoints that the Cloud Connector contacts are protected by X.509 certificates that are verified when the software is installed. To validate these certificates, each Cloud Connector machine must meet the following requirements:
- HTTP port 80 is open to *.digicert.com. This port is used during Cloud Connector installation and during periodic Certificate Revocation List checks.
- The following addresses must be contactable:
http://*.digicert.com
https://*.digicert.com
https://dl.cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
https://dl.cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt
For more information about these certificates, see Certificate validation requirements.
SSL Decryption
Enabling SSL decryption on certain proxies might prevent the Cloud Connector from connecting successfully to Citrix Cloud Japan. For more information about resolving this issue, see CTX221535.
Citrix Gateway
- Common service connectivity requirements
https://*.*.nssvc.jp
Customers who can’t enable all subdomains can use the following addresses instead:
https://*.g.nssvc.jp
https://*.c.nssvc.jp
Citrix DaaS
Note:
Citrix DaaS was formerly Virtual Apps and Desktops service.
Citrix resource location / Cloud Connector:
- Common service connectivity requirements
https://*.citrixworkspacesapi.jp
https://*.citrixcloud.jp
https://*.blob.core.windows.net
https://*.citrixworkspacesapi.net
https://*.servicebus.windows.net
- For in-product messages including new features and critical communications:
https://citrix-cloud-content.customer.pendo.io/
For an overview of how the Cloud Connector communicates with the service, refer to the Citrix DaaS diagram on the Citrix Tech Zone web site.
Administration console:
https://*.citrixworkspacesapi.jp
https://*.citrixcloud.jp
https://*.blob.core.windows.net
https://*.apps.citrixworkspacesapi.net
Citrix Workspace
https://*.citrixcloud.jp
https://*.citrixdata.com
- For in-product messages including new features and critical communications:
https://citrix-cloud-content.customer.pendo.io/
Workspace Environment Management service
https://*.wem.citrixcloud.jp