Communication Port Requirements

Summary

ProfileUnity with FlexApp provides User Environment Management and Application Layering for both virtual desktop deployments and physical PCs. ProfileUnity decouples user profiles, settings, and data from the operating system on Windows desktops, including RDSH, Citrix XenDesktop, XenApp, and VMware Horizon. ProfileUnity’s ongoing User Environment Management features centralized user and policy management with context aware settings.

The ProfileUnity solution consists of three parts: the Management Console, the FlexApp Packaging Console, and the Client. The ProfileUnity Management Console provides one central location where administrators can configure persona management and user and machine policies. The FlexApp Packaging Console allows administrators to configure and prepare any applications that needs to be configured for users and made available as a department installed application (DIA). The Client manages each user’s settings and persona during their session.

In addition, ProfileUnity can be configured in a clustered mode to provide multiple nodes for scaling additional resources and to protect against a single point of failure offering high availability. ProfileUnity Clustering is comprised of the following parts that communicate with each other: the messaging fabric, the FlexDisk Service, the Connection Server Monitor, the ProfileUnity database, and ProfileUnity itself.

The goal of this document is to provide a summary of the types of communication that are taking place while providing user services and to enumerate which ports are being used.

Core ProfileUnity UEM, FlexApp DIA with VHDX, and ProfileDisk with VHDX

Source

Target

Target TCP Port

Target Port
Direction

Description

Admin PC

ProfileUnity Server

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops with Inventory enabled

ProfileUnity Server

8000

Inbound

For ProfileUnity’s Inventory Management module

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity client reads the user’s profile from this path.

VHDX file share

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Client layers in applications located on this file share.

ProfileUnity Server

5672

Inbound

Desktops communicating with ProfileUnity to request licensing

ProfileUnity Server

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

All clustered ProfileUnity Servers

(optional for license redundancy)

All clustered ProfileUnity Servers

8000

Inbound

ProfileUnity Management Console cluster  communications

All clustered ProfileUnity Servers

4369, 5672, 25672

Inbound

ProfileUnity Fabric communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

Citrix XenDesktop VMDK ProfileDisk Ports

Source

Target

Target TCP Port

Target Port

Direction

Description

Admin PC

All clustered ProfileUnity Servers

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

(Optional) The ProfileUnity Client reads the user’s profile from this path.

All clustered ProfileUnity Servers

5672

Inbound

Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing

All clustered ProfileUnity Servers

 

All clustered ProfileUnity Servers

8000

Inbound

ProfileUnity Management Console cluster  communications

All clustered ProfileUnity Servers

4369, 5672, 25672

Inbound

ProfileUnity Fabric communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

All ESXi Hosts

443, 902

Inbound (443),
Bidirectional (902)

FlexDisk VMDK provisioning and management

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

VMware Horizon VMDK ProfileDisk Ports

Source

Target

Target TCP
Port

Target Port
Direction

Description

Admin PC

All clustered ProfileUnity Servers

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

(Optional) The ProfileUnity Client reads the user’s profile from this path.

All clustered ProfileUnity Servers

5672

Inbound

Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing

All clustered
ProfileUnity Servers

 

All clustered ProfileUnity Servers

8000

Inbound

ProfileUnity Management Console cluster  communications

All clustered ProfileUnity Servers

4369, 5672, 25672

Inbound

ProfileUnity Fabric communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

All ESXi Hosts

443, 902

Inbound (443),
Bidirectional (902)

FlexDisk VMDK provisioning and management

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

Connection Server Monitor & All View Brokers

All clustered ProfileUnity Servers

5672

Inbound

Connection Server Monitor sends login and logoff information for the FlexDisk Fabric to process.

Citrix XenDesktop and XenApp VMDK FlexApp DIA Ports

Source

Target

Target TCP Port

Target Port

Direction

Description

Admin PC

All clustered ProfileUnity Servers

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

(Optional) The ProfileUnity Client reads the user’s profile from this path.

All clustered ProfileUnity Servers

5672

Inbound

Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing

All clustered ProfileUnity Servers

 

All clustered ProfileUnity Servers

8000

Inbound

ProfileUnity Management Console cluster  communications

All clustered ProfileUnity Servers

4369, 5672, 25672

Inbound

ProfileUnity Fabric communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

All ESXi Hosts

443, 902

Inbound (443),
Bidirectional (902)

FlexDisk VMDK provisioning and management

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

FlexApp Packaging Console

 

ProfileUnity Service, FlexDisk Service

8000

Inbound

FlexApp Packaging Console access to check FlexApp packages into inventory, FlexApp Packaging Console VMDK provisioning

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

VMware Horizon and RDSH VMDK FlexApp DIA Ports

Source

Target

Target TCP Port

Target Port
Direction

Description

Admin PC

All clustered ProfileUnity Servers

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445 (TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445 (TCP & UDP)

Inbound

(Optional) The ProfileUnity Client reads the user’s profile from this path.

All clustered ProfileUnity Servers

5672

Inbound

Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing

All clustered ProfileUnity Servers

 

All clustered ProfileUnity Servers

8000

Inbound

ProfileUnity Management Console cluster  communications

All clustered ProfileUnity Servers

4369, 5672, 25672

Inbound

ProfileUnity Fabric communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

All ESXi Hosts

443, 902

Inbound (443), Bidirectional (902)

FlexDisk VMDK provisioning and management

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445 (TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

FlexApp Packaging Console

 

ProfileUnity Service, FlexDisk Service

8000

Inbound

FlexApp Packaging Console access to check FlexApp packages into  inventory, FlexApp Packaging Console VMDK provisioning

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

Connection Server
Monitor & All View Brokers

All clustered
ProfileUnity Servers

5672

Inbound

Connection Server Monitor sends login and logoff information for the FlexDisk Fabric to process.