- Change administrative passwords
- Set up a file share for the App Layering appliance
- Open firewall ports for App Layering, as needed
- Connect to a directory service
- Assign App Layering roles to users
- Enable Labs features
- Connector essentials
Open firewall ports for App Layering, as needed
Jan 11, 2018
The App Layering appliance (aka the Enterprise Layer Manager (ELM)) must be connected to a network file share.
The App Layering installer opens ports that the appliance needs to interact with services on the virtual server where it is hosted. The default ports that App Layering uses are listed in the tables below.
If there is a firewall between the App Layering appliance and the machine on which you are running the App Layering Agent or one of the App Layering Connectors, you must manually open the port in the firewall used for that purpose. If during installation you changed any of the ports from the default setting, be sure to open the correct port.
Admin User
By default, App Layering uses the following ports in your firewall for the Admin User to interact with the Management Console on the App Layering appliance VM.
| Destination | Activity | Protocol | Ports |
|---|---|---|---|
|
App Layering appliance |
Management Console |
TCP |
80, 443 |
|
App Layering appliance |
Administrator log download |
TCP |
8888 |
|
Connector for Azure |
Communication |
TCP |
3000 (HTTP) |
|
Connector for PVS |
Communication |
TCP |
3009 (HTTP) |
|
Connector for vSphere |
Communication |
TCP |
3004 (HTTP) |
|
Connector for XenServer |
Communication |
TCP |
3002 (HTTP) |
|
Connector for Azure |
Communication |
TCP |
3000 (HTTP) |
|
App Layering appliance |
ActiveMQ Console |
TCP |
8161 |
App Layering Appliance (Enterprise Layer Manager (ELM))
Internal Connections
By default, the App Layering service uses the following ports in your firewall for internal connections between the appliance and each of the destinations listed below.
In this table:
- Appliance - The App Layering appliance, also called the Enterprise Layer Manager, or ELM. This is the virtual appliance
- Agent - refers to the App Layering agent, which you install on
- Admin User -
| Source | Destination | Activity | Protocol | Ports |
|---|---|---|---|---|
|
Appliance |
Agent |
Communication |
TCP |
8016 |
|
Agent |
Appliance |
Log deliveries from the Agent |
TCP |
8787 |
|
Appliance |
VMware vCenter and ESX Hosts |
Communication with datastore via ESXI Host |
TCP |
443 |
|
Agent |
Appliance |
Communication with datastore via ESXI Host |
TCP |
8888 |
|
Appliance |
Active Directory |
Communication with datastore via ESXI Host |
TCP |
443 |
|
Agent |
Appliance |
Log gathering |
TCP |
14243 |
|
Appliance |
Active Directory |
LDAP |
TCP |
389, 636 |
|
Admin User |
Appliance |
Connector for Azure Communication |
TCP |
3000 (HTTP) |
|
Agent on PVS server /Admin user |
Appliance |
Connector for PVS Communication /Publishing |
TCP |
3009 (HTTP) |
|
Admin User |
Appliance |
Connector for vSphere Communication |
TCP |
3004 (HTTP) |
|
Admin User |
Appliance |
Connector for XenServer Communication |
TCP |
3002 (HTTP) |
External connection
By default, uses the following port in your firewall for external connections between the App Layering appliance and the destination listed below.
| Destination | Activity | Protocol | Ports |
|---|---|---|---|
|
cdn.unidesk.com |
API access |
TCP |
443 |
|
www.unidesk.com/upgrades/latest |
Download upgrade media from Citrix Cloud |
TCP |
80 |
OS Image (XenServer requirement only)
Citrix XenServer uses Port 5900 for communications between your OS Image and XenCenter or other Xen client.
| Destination | Activity | Protocol | Ports |
|---|---|---|---|
|
XenCenter |
Communications |
|
5900 |