Communication Port Requirements

Summary

ProfileUnity with FlexApp provides User Environment Management and Application Layering for both virtual desktop deployments and physical PCs. ProfileUnity decouples user profiles, settings, and data from the operating system on Windows desktops, including RDSH, Citrix Virtual Apps and Desktops (CVAD), and VMware Horizon. ProfileUnity’s ongoing User Environment Management features centralized user and policy management with context aware settings.

The ProfileUnity solution consists of three parts: the Management Console, the FlexApp Packaging Console, and the Client. The ProfileUnity Management Console provides one central location where administrators can configure persona management and user and machine policies. The FlexApp Packaging Console allows administrators to configure and prepare any applications that needs to be configured for users and made available as a department installed application. The Client manages each user’s settings and persona during their session.

In addition, ProfileUnity can be configured in a clustered mode to provide multiple nodes for scaling additional resources and to protect against a single point of failure offering high availability. ProfileUnity Clustering is comprised of the following parts that communicate with each other: the license service, the FlexDisk Service, the ProfileUnity database, and ProfileUnity itself.

The goal of this document is to provide a summary of the types of communication that are taking place while providing user services and to enumerate which ports are being used.

Core ProfileUnity UEM, FlexApp with VHDX, and ProfileDisk with VHDX

Source

Target

Target TCP Port

Target Port
Direction

Description

Admin PC

ProfileUnity Server

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity client reads the user’s profile from this path.

VHDX file share

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Client layers in applications located on this file share.

ProfileUnity Server

443
(Optional 8000)

Inbound

Desktops communicating with ProfileUnity to request licensing
(Optional 8000 for Inventory Module support)

ProfileUnity Server

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

All clustered ProfileUnity Servers

(optional for license redundancy)

All clustered ProfileUnity Servers

8000

Inbound

ProfileUnity Management Console cluster communications

All clustered ProfileUnity Servers

443

Inbound

ProfileUnity License Service communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

Citrix Virtual Apps and Desktops VMDK ProfileDisk Ports

Source

Target

Target TCP Port

Target Port

Direction

Description

Admin PC

All clustered ProfileUnity Servers

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Client reads the user’s profile from this path.

All clustered ProfileUnity Servers

443, 4443
(Optional 8000)

Inbound

Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing
(Optional 8000 for Inventory Module support)

All clustered ProfileUnity Servers

 

All clustered ProfileUnity Servers

4443, 8000

Inbound

ProfileUnity Management Console cluster communications

All clustered ProfileUnity Servers

443

Inbound

ProfileUnity License Service communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

All ESXi Hosts

443, 902

Inbound (443),
Bidirectional (902)

FlexDisk VMDK provisioning and management

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

VMware Horizon VMDK ProfileDisk Ports

Source

Target

Target TCP
Port

Target Port
Direction

Description

Admin PC

All clustered ProfileUnity Servers

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Client reads the user’s profile from this path.

All clustered ProfileUnity Servers

443, 4443
(Optional 8000)

Inbound

Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing
(Optional 8000 for Inventory Module support)

All clustered
ProfileUnity Servers

 

All clustered ProfileUnity Servers

4443, 8000

Inbound

ProfileUnity Management Console cluster communications

All clustered ProfileUnity Servers

443

Inbound

ProfileUnity License Service communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

VMware Horizon Connection Server

443

Inbound

FlexDisk VMDK provisioning and management

All ESXi Hosts

443, 902

Inbound (443),
Bidirectional (902)

FlexDisk VMDK provisioning and management

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

Citrix Virtual Apps and Desktops VMDK FlexApp Ports

Source

Target

Target TCP Port

Target Port

Direction

Description

Admin PC

All clustered ProfileUnity Servers

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Client reads the user’s profile from this path.

All clustered ProfileUnity Servers

443, 4443
(Optional 8000)

Inbound

Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing
(Optional 8000 for Inventory Module support)

All clustered ProfileUnity Servers

 

All clustered ProfileUnity Servers

4443, 8000

Inbound

ProfileUnity Management Console cluster communications

All clustered ProfileUnity Servers

443

Inbound

ProfileUnity License Service communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

All ESXi Hosts

443, 902

Inbound (443),
Bidirectional (902)

FlexDisk VMDK provisioning and management

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

FlexApp Packaging Console

 

ProfileUnity Service, FlexDisk Service

8000

Inbound

FlexApp Packaging Console access to check FlexApp packages into inventory, FlexApp Packaging Console VMDK provisioning

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

VMware Horizon and RDSH VMDK FlexApp Ports

Source

Target

Target TCP Port

Target Port
Direction

Description

Admin PC

All clustered ProfileUnity Servers

8000

Inbound

Admin PC access to the ProfileUnity Management Console

Desktops

All domain controllers with read access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Installer and Client access this path.

Home share for user profile

SMB 445
(TCP & UDP)

Inbound

The ProfileUnity Client reads the user’s profile from this path.

All clustered ProfileUnity Servers

443, 4443 (Optional 8000)

Inbound

Desktops communicating with ProfileUnity to request FlexDisk VMDKs and licensing
(Optional 8000 for Inventory Module support)

All clustered ProfileUnity Servers

 

All clustered ProfileUnity Servers

4443, 8000

Inbound

ProfileUnity Management Console cluster communications

All clustered ProfileUnity Servers

443

Inbound

ProfileUnity License Service communications

All clustered ProfileUnity Servers

27017

Inbound

ProfileUnity Database cluster communications

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management

VMware Horizon Connection Server

443

Inbound

FlexDisk VMDK provisioning and management

All ESXi Hosts

443, 902

Inbound (443), Bidirectional (902)

FlexDisk VMDK provisioning and management

All domain controllers in the site

389, 636

Inbound

The default port for LDAP traffic is on TCP and UDP 389. If LDAP traffic is tunneled through SSL/TLS encrypted connections, then TCP port 636 is used for SSL and TCP port 389 is used for TLS.

All domain controllers with write access to NETLOGON

SMB 445
(TCP & UDP)

Inbound

Allows ProfileUnity Management Console to auto deploy tools and write configurations to domain controller.

FlexApp Packaging Console

 

ProfileUnity Service, FlexDisk Service

8000

Inbound

FlexApp Packaging Console access to check FlexApp packages into  inventory, FlexApp Packaging Console VMDK provisioning

VMware Virtual Center

443

Inbound

FlexDisk VMDK provisioning and management