Summary
ProfileUnity with FlexApp provides User Environment Management and Application Layering for both virtual desktop deployments and physical PCs. ProfileUnity decouples user profiles, settings, and data from the operating system on Windows desktops, including RDSH, Citrix XenDesktop, XenApp, and VMware Horizon. ProfileUnity’s ongoing User Environment Management features centralized user and policy management with context aware settings.
The ProfileUnity solution consists of three parts: the Management Console, the FlexApp Packaging Console, and the Client. The ProfileUnity Management Console provides one central location where administrators can configure persona management and user and machine policies. The FlexApp Packaging Console allows administrators to configure and prepare any applications that needs to be configured for users and made available as a department installed application (DIA). The Client manages each user’s settings and persona during their session.
In addition, ProfileUnity can be configured in a clustered mode to provide multiple nodes for scaling additional resources and to protect against a single point of failure offering high availability. ProfileUnity Clustering is comprised of the following parts that communicate with each other: the messaging fabric, the FlexDisk Service, the Connection Server Monitor, the ProfileUnity database, and ProfileUnity itself.
The goal of this document is to provide a summary of the types of communication that are taking place while providing user services and to enumerate which ports are being used.
Core ProfileUnity UEM, FlexApp DIA with VHDX, and ProfileDisk with VHDX
|
Source |
Target |
Target TCP Port |
Target Port |
Description |
|---|---|---|---|---|
|
Admin PC |
ProfileUnity Server |
8000 |
Inbound |
Admin PC access to the ProfileUnity Management Console |
|
Desktops with Inventory enabled |
ProfileUnity Server |
8000 |
Inbound |
For ProfileUnity’s Inventory Management module |
|
Desktops |
All domain controllers with read access to NETLOGON |
SMB 445 |
Inbound |
The ProfileUnity Installer and Client access this path. |
|
Home share for user profile |
SMB 445 |
Inbound |
The ProfileUnity client reads the user’s profile from this path. |
|
|
VHDX file share |
SMB 445 |
Inbound |
The ProfileUnity Client layers in applications located on this file share. |
|
|
ProfileUnity Server |
5672 |
Inbound |
Desktops communicating with ProfileUnity to request licensing |
|
|
ProfileUnity Server |
All domain controllers in the site |
389, 636 |
Inbound |
The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS. |
|
All domain controllers with write access to NETLOGON |
SMB 445 |
Inbound |
Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller. |
|
|
All clustered ProfileUnity Servers (optional for license redundancy) |
All clustered ProfileUnity Servers |
8000 |
Inbound |
ProfileUnity Management Console cluster communications |
|
All clustered ProfileUnity Servers |
4369, 5672, 25672 |
Inbound |
ProfileUnity Fabric communications |
|
|
All clustered ProfileUnity Servers |
27017 |
Inbound |
ProfileUnity Database cluster communications |
Citrix XenDesktop VMDK ProfileDisk Ports
|
Source |
Target |
Target TCP Port |
Target Port Direction |
Description |
|---|---|---|---|---|
|
Admin PC |
All clustered ProfileUnity Servers |
8000 |
Inbound |
Admin PC access to the ProfileUnity Management Console |
|
Desktops |
All domain controllers with read access to NETLOGON |
SMB 445 |
Inbound |
The ProfileUnity Installer and Client access this path. |
|
Home share for user profile |
SMB 445 |
Inbound |
(Optional) The ProfileUnity Client reads the user’s profile from this path. |
|
|
All clustered ProfileUnity Servers |
5672 |
Inbound |
Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing |
|
|
All clustered ProfileUnity Servers
|
All clustered ProfileUnity Servers |
8000 |
Inbound |
ProfileUnity Management Console cluster communications |
|
All clustered ProfileUnity Servers |
4369, 5672, 25672 |
Inbound |
ProfileUnity Fabric communications |
|
|
All clustered ProfileUnity Servers |
27017 |
Inbound |
ProfileUnity Database cluster communications |
|
|
VMware Virtual Center |
443 |
Inbound |
FlexDisk VMDK provisioning and management |
|
|
All ESXi Hosts |
443, 902 |
Inbound (443), |
FlexDisk VMDK provisioning and management |
|
|
All domain controllers in the site |
389, 636 |
Inbound |
The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS. |
|
|
All domain controllers with write access to NETLOGON |
SMB 445 |
Inbound |
Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller. |
VMware Horizon VMDK ProfileDisk Ports
|
Source |
Target |
Target TCP |
Target Port |
Description |
|---|---|---|---|---|
|
Admin PC |
All clustered ProfileUnity Servers |
8000 |
Inbound |
Admin PC access to the ProfileUnity Management Console |
|
Desktops |
All domain controllers with read access to NETLOGON |
SMB 445 |
Inbound |
The ProfileUnity Installer and Client access this path. |
|
Home share for user profile |
SMB 445 |
Inbound |
(Optional) The ProfileUnity Client reads the user’s profile from this path. |
|
|
All clustered ProfileUnity Servers |
5672 |
Inbound |
Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing |
|
|
All clustered
|
All clustered ProfileUnity Servers |
8000 |
Inbound |
ProfileUnity Management Console cluster communications |
|
All clustered ProfileUnity Servers |
4369, 5672, 25672 |
Inbound |
ProfileUnity Fabric communications |
|
|
All clustered ProfileUnity Servers |
27017 |
Inbound |
ProfileUnity Database cluster communications |
|
|
VMware Virtual Center |
443 |
Inbound |
FlexDisk VMDK provisioning and management |
|
|
All ESXi Hosts |
443, 902 |
Inbound (443), |
FlexDisk VMDK provisioning and management |
|
|
All domain controllers in the site |
389, 636 |
Inbound |
The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS. |
|
|
All domain controllers with write access to NETLOGON |
SMB 445 |
Inbound |
Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller. |
|
|
Connection Server Monitor & All View Brokers |
All clustered ProfileUnity Servers |
5672 |
Inbound |
Connection Server Monitor sends login and logoff information for the FlexDisk Fabric to process. |
Citrix XenDesktop and XenApp VMDK FlexApp DIA Ports
|
Source |
Target |
Target TCP Port |
Target Port Direction |
Description |
|---|---|---|---|---|
|
Admin PC |
All clustered ProfileUnity Servers |
8000 |
Inbound |
Admin PC access to the ProfileUnity Management Console |
|
Desktops |
All domain controllers with read access to NETLOGON |
SMB 445 |
Inbound |
The ProfileUnity Installer and Client access this path. |
|
Home share for user profile |
SMB 445 |
Inbound |
(Optional) The ProfileUnity Client reads the user’s profile from this path. |
|
|
All clustered ProfileUnity Servers |
5672 |
Inbound |
Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing |
|
|
All clustered ProfileUnity Servers
|
All clustered ProfileUnity Servers |
8000 |
Inbound |
ProfileUnity Management Console cluster communications |
|
All clustered ProfileUnity Servers |
4369, 5672, 25672 |
Inbound |
ProfileUnity Fabric communications |
|
|
All clustered ProfileUnity Servers |
27017 |
Inbound |
ProfileUnity Database cluster communications |
|
|
VMware Virtual Center |
443 |
Inbound |
FlexDisk VMDK provisioning and management |
|
|
All ESXi Hosts |
443, 902 |
Inbound (443), |
FlexDisk VMDK provisioning and management |
|
|
All domain controllers in the site |
389, 636 |
Inbound |
The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS. |
|
|
All domain controllers with write access to NETLOGON |
SMB 445 |
Inbound |
Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller. |
|
|
FlexApp Packaging Console
|
ProfileUnity Service, FlexDisk Service |
8000 |
Inbound |
FlexApp Packaging Console access to check FlexApp packages into inventory, FlexApp Packaging Console VMDK provisioning |
|
VMware Virtual Center |
443 |
Inbound |
FlexDisk VMDK provisioning and management |
VMware Horizon and RDSH VMDK FlexApp DIA Ports
|
Source |
Target |
Target TCP Port |
Target Port |
Description |
|---|---|---|---|---|
|
Admin PC |
All clustered ProfileUnity Servers |
8000 |
Inbound |
Admin PC access to the ProfileUnity Management Console |
|
Desktops |
All domain controllers with read access to NETLOGON |
SMB 445 (TCP & UDP) |
Inbound |
The ProfileUnity Installer and Client access this path. |
|
Home share for user profile |
SMB 445 (TCP & UDP) |
Inbound |
(Optional) The ProfileUnity Client reads the user’s profile from this path. |
|
|
All clustered ProfileUnity Servers |
5672 |
Inbound |
Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing |
|
|
All clustered ProfileUnity Servers
|
All clustered ProfileUnity Servers |
8000 |
Inbound |
ProfileUnity Management Console cluster communications |
|
All clustered ProfileUnity Servers |
4369, 5672, 25672 |
Inbound |
ProfileUnity Fabric communications |
|
|
All clustered ProfileUnity Servers |
27017 |
Inbound |
ProfileUnity Database cluster communications |
|
|
VMware Virtual Center |
443 |
Inbound |
FlexDisk VMDK provisioning and management |
|
|
All ESXi Hosts |
443, 902 |
Inbound (443), Bidirectional (902) |
FlexDisk VMDK provisioning and management |
|
|
All domain controllers in the site |
389, 636 |
Inbound |
The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS. |
|
|
All domain controllers with write access to NETLOGON |
SMB 445 (TCP & UDP) |
Inbound |
Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller. |
|
|
FlexApp Packaging Console
|
ProfileUnity Service, FlexDisk Service |
8000 |
Inbound |
FlexApp Packaging Console access to check FlexApp packages into inventory, FlexApp Packaging Console VMDK provisioning |
|
VMware Virtual Center |
443 |
Inbound |
FlexDisk VMDK provisioning and management |
|
|
Connection Server |
All clustered |
5672 |
Inbound |
Connection Server Monitor sends login and logoff information for the FlexDisk Fabric to process. |
