Blog posts tagged with 'network'


12 Mar 2008 06:02 PM EDT
posted by Vinny Sosa

In the process of working on a project I had to gather all of the ports used by Citrix XenApp (the new name for Citrix Presentation Server). I had to look in a number of documents and KB articles. All I have to say is WHEW! I thought this might be useful for someone out there since I would have liked to have something similar. There are other ports too but I felt they weren't important (or perhaps I didn't understand how important they were so I left them out   ). Many of these are not Citrix ports but rather the service ports that we use to communicate into the infrastructure (such as LDAP). Hope this helps someone. If you find an obvious error or something omitted, please be sure to comment to this post. Enjoy!

Definitely nice to see that regardless of all of these ports, all clients/users need to connect are HTTP(S)-TCP ports 80 or 443.

NOTE: For more information on commonly known ports, visit http://www.iana.org/assignments/port-numbers

  • Application Performance Monitoring (powered by Citrix EdgeSight)
    • EdgeSight Agent to Edgesight Server - TCP 80/443 (Payload and alerts)
    • EdgeSight Web console (non-IMA) to RSCorSvc on EdgeSight Agent - TCP 9035
    • EdgeSight Agent internal communication - TCP 9036 (client-side database) NOTE: After EdgeSight 4.5, replaced with IPC)
    • EdgeSight database - SQL 1433 (configurable)
  • Client-side Application Virtualization -
    • Streaming Client to Application Hub (File Server/Share) - SMB 445
  • EasyCall -
    • To client - HTTP(S)-TCP 8443 (PSync)
    • To Admin console (non-IMA) - TCP 443
    • To LDAP Directory- TCP 389
    • To PBX - port varies by vendor
  • Independent Management Architecture (IMA) Services - TCP 2512, 2513
  • Licensing Service - TCP 27000, 27009 (configurable)
  • Server-side Application Virtualization
    • Management Console (Using IMA) - TCP 2512, 2513
    • Application requests - TCP XML 80, 8080 or 443 (configurable)
    • Access to Applications Virtualized on the Server - ICA-TCP 1494, 2598 (Session Reliability)
  • Single Sign-on (powered by Citrix Password Manager)
    • Management Console (non-IMA) or Agent to Password Manager Service - TCP-443
    • Management Console (non-IMA), Agent or Service to credential store
      • Network File Share Credential Store - TCP/UDP 445 (CIFS) or TCP/UDP 135-139 (NetBIOS)
      • Active Directory Credential Store - TCP/UDP - 389, 636, TCP - 3268, 3269
      • Novell File Share Credential Store - TCP/UDP - 524  
  • SmartAccess (powered by Citrix Access Gateway)
    • Standard and Advanced Edition
      • Client connections- TCP-SSL 443 (configurable)
      • Advanced Access Control (AAC) to Appliance communication - TCP 80 or 443 (configurable), 9001, 9002, 9005
      • Management Console
        • to Appliance (non-IMA) - 9001, 9002, 9005
        • to AAC - IMA-TCP-2513
    • Enterprise Edition
      • To client - SSL-TCP 443
      • To internal network - SSL-TCP 443, Native Authentication port (i.e. RADIUS 1812, LDAP 389), Native application ports (i.e. ICA-1494)
      • Management console (non-IMA) - SSH-TCP 22, HTTP(S)-TCP 80/443
  • SmartAuditor -
    • Management (non-IMA) - Use local console on Agent or on Server.
    • Agent to Broker (Recording and Policy Check) - TCP 80/443 (configurable)
    • Player to Broker - TCP 80/443 (configurable)
    • Agent to Server (Metadata and Video)- Microsoft Message Queuing,
      • Default - TCP: 1801; RPC: 135, 2101*, 2103*, 2105*; UDP: 3527, 1801 (*These port numbers may be incremented by 11 if the initia choice of RPC port is being used when Message Queuing initializes. A connecting QM queries port 135 to discover the 2xxx ports.)
      • Over SSL- TCP 80,443
  • WAN Optimizer -Guidance provided was to get it from Admin Guide
    • Appliance to Appliance - Pass-through native application port (e.g. ICA-1494, HTTP-80, LDAP-389)
    • Management Console (non-IMA) - TCP 80
    • Client to Appliance - TCP 443
  • Web Interface
    • Client connections - TCP 80/443 (configurable)
    • Server-to-server - TCP XML 80/8080, 443 (using SSL Relay)
    • Management console (partially IMA) - DCOM 135 (+ configurable high port range), IMA-TCP 2513, TCP 80/443

Brian Madden created a webinar that helped to explain some core communications processes. That might also be useful and you can find it here (called Understanding and Designing Presentation Server Farms).

Expand Blog Post
18 Jul 2007 12:00 AM EDT
[ Tags: network,  configure,  tips ]
posted in XenApp by Ruiguo Yang

Recently I had to configure a virtual machine with two virtual network cards for testing purposes. One of them connects to a private virtual LAN. Another is bridged to the physical NIC card on the host and is connected to the physical LAN which is connected to the INTERNET. first I couldn get to http://www.google.com/ for example. It turned out that IE is not using the NIC that is connected to the INTERNET. How can this happen? Let me explain what I found and how I fixed it.

virtual machine runs windows 2003 server. You can try command print to show the routing table on the machine.

routing table shows two default routes with network destination of 0.0.0.0 and network mask of 0.0.0.0. Both of them have Metric of 10. I am not sure what algorithm my win2k server is using. But it seems to always pick the default route which uses the private LAN to get to http://www.google.com/ or any other external IP addresses on the INTERNET.

did the following to fix it:

the default routes using delete 0.0.0.0

the new default route using the bridged network.

Command:

-p add 0.0.0.0 mask 0.0.0.0 your default gateway here Metric 5 IF your network interface card ID here -p option to make the route persistent across reboot. I chose Metric 5 to make sure that if the default route using the virtual LAN was added back, this route has higher priority.

find out which interface uses the bridged network, check the ip address associated with the virtual network. Match the MAC address with the ones displayed in print would be easier to delete just the default route that uses the virtual LAN. But I can figure out a way to do that using this command. Do you know a better way?

guess the problem and solution is not limited to virtual machine. And there may be other solutions. Your suggestions and comments are welcome.

Expand Blog Post
18 Jul 2007 12:00 AM EDT
[ Tags: vmware,  network,  simulation,  test,  performance ]
posted by Ruiguo Yang

Presentation server 4.5 added some cool features to optimize ICA performance. The improvement is most visible over slow links. To set up a test environment to see the difference requires multiple machines and some ways to control the network characteristics such as bandwidth, latency, packet loss rate etc. Products such as Shunra can be used to simulate the network. http://www.shunra.com/vedesktop desktop version costs $499 dollars though the last time I checked.

I just found out that vmware workstation has the team feature that allows virtual machines to be grouped together and connect using a virtual LAN. You can specify the virtual LAN bandwidth and packet loss rate. You can change the latency of the virtual LAN though. The ability to change latency would be a nice feature to add I think. This allows a relatively quick way to conduct some comparison testing in a controlled environment.

am using vmware workstation 6.0. I am not sure about vmware workstation 5.5.

is an example of what I tried.

a new team

an XP VM to the team

a CPS 4.5 VM to the team

a new virtual LAN for the team

both vms to use the virtual LAN

Since vmware workstation doesn provide automatic DHCP server for the virtual LAN, I configured static IP addresses for both VMs. You can configure static IP addresses in the Guest OS. Make sure you set the network mask and default gateway correctly.

vms can now communicate with each other. They are not directly connected to the outside network. Now you have an isolated environment to conduct your test. Optionally you can enabled shared folders or/and host only networking to move data between your vms and your host machine.

an ICA connection from the XP VM to the CPS VM. Launch a test application. I used google earth from http://earth.google.com/. It worked really well for me. When the internet connection is not available, google earth will use cached data. If you would like to run your test in an isolated environment to reduce variables caused by internet connection, you may want to enable only the private network. Google earth worked really well for me. You can try rotating the 3D globe. Such operation is typically a challenge for remote display protocols.

Shut down the team, change the virtual LAN characteristics and try again. Note that you will need to restart the team before the changes to the virtual LAN takes effect. I wish VMWARE would remove this restriction in the future.

make some changes to CPS settings (create new policies for example) to see for yourself how well the new features work! Please note that you will need to open the old Citrix management console to configure policies. I heard the development team is still working on moving all features to the MMC based Access management console.

also possible to add another virtual network card to allow one or more VMs to gain access to external networks. I will try to write more on that topic in a separate post.

also tried RDP connections and compared the results.

it yourself and share your experience with the rest of us...

Expand Blog Post