Important Ports
| From | To | Purpose | Port No. | Protocol | Customizable | Mandatory | If the port is not open |
|---|---|---|---|---|---|---|---|
| HyWorks Controller Management Node - 1 | HyWorks Controller Management Node - 2 | Clustering | 38866 | TCP | No | Yes | Cluster and high availability will not work |
| HyWorks Controller Management Node - 1 | HyWorks Controller Management Node - 2 | Monitoring | 38870 | TCP | No | Yes | Resource consumption of other nodes will not be visible |
| HyWorks Controller Management Node - 2 | HyWorks Controller Management Node - 1 | Clustering | 38866 | TCP | No | Yes | Cluster and high availability will not work |
| HyWorks Controller Management Node - 2 | HyWorks Controller Management Node - 1 | Monitoring | 38870 | TCP | No | Yes | Resource consumption of other nodes will not be visible |
| HyWorks Management Nodes | HyWorks Session or Broker Nodes | Clustering | 38866 | TCP | No | Yes | Controller clustering will not work |
| HyWorks Management Nodes | HyWorks Session or Broker Nodes | Monitoring | 38870 | TCP | No | Yes | Resource consumption of other nodes will not be visible |
| HyWorks Session or Broker Nodes | HyWorks Management Nodes | Clustering | 38866 | TCP | No | Yes | Controller clustering will not work |
| HyWorks Controller Management Nodes | SQL Server | Service Database (R/W) | 1433 | TCP | Yes | Yes | The HyWorks controller will not work without database connectivity |
| HyWorks Controller Broker Nodes | SQL Server | Service Database (R/W) | 1433 | TCP | Yes | Yes | The HyWorks controller will not work without database connectivity |
| HyWorks Controller Management Nodes | SQL Server (Logs) | Log database (R/W) | 1433 | TCP | Yes | Yes | Logs will not be pushed to the SQL server and will not be visible on the management console |
| HyWorks Controller Broker Nodes | SQL Server (Logs) | Log database (R/W) | 1433 | TCP | Yes | Yes | Logs will not be pushed to the SQL server and will not be visible on the management console |
| HyWorks Controller Management Node - 1 | SQL Server (Management Node -2 ) | Database syncing | 1433 | TCP | Yes | Yes | Database syncing will not work. Applicable in case of the HyWorks-managed database high availability |
| HyWorks Controller Management Node - 2 | SQL Server (Management Node -1 ) | Database syncing | 1433 | TCP | Yes | Yes | Database syncing will not work. Applicable in case of the HyWorks-managed database high availability |
| HyWorks Controller Management Nodes | AD/LDAP | User authentication, authorization | 389, 636, 3268: for global catalog |
LDAP | No | Yes | Management nodes cannot communicate with AD or authenticate/authorize users |
| HyWorks Controller Broker Nodes | AD/LDAP | User authentication, authorization | 389, 636, 3269: for global catalog |
LDAP | No | Yes | Broker nodes cannot communicate with AD or authenticate/authorize users |
| HyWorks Controller | HyWorks Session Host | Session Info | 38871 | HTTPS | No | Yes | SHD and the application will fail to launch or will be rendered slowly |
| HyWorks Controller | HyWorks Session Host | Load Info | 38870 | HTTPS | No | Yes | Resource-based load-balancing functionality will not work |
| HyWorks Controller | HyWorks Session Host | RDP Service check | 3389 | TCP | No | Yes | The status of the RDS service will not be checked |
| HyWorks Controller | HyWorks Session Host | Desktop agent communication | 38863 | TCP | No | Yes | For system customization and agent communication |
| HyWorks Session Host | HyWorks Controller | Session Status | 38866 | HTTPS | No | Yes | The application will fail to launch |
| HyWorks Controller | Desktop Virtual Machines (DVMs) | Agent communication: DVM Status, Sysprep | 38863 | HTTPS | No | Yes | Sysprep of the clone VM will fail, and the Workgroup login will not work |
| HyWorks Controller | Desktop Virtual Machines (DVMs) | Remote Connection Availability Check | 3389 | TCP | Yes | Yes | RDP readiness of the VM will not be checked |
| Virtual Desktop VMs | HyWorks Upgrade Service (on Management Node) | DVM Tools Upgrade | 38865 | HTTPS | No | No | DVM Tools will not upgrade |
| Virtual Desktop VMs | HyWorks Controller Server | Response to Controller Communication | 38866 | HTTPS | No | No | DVM agents’ responses will not be received, and functional failures may occur |
| HyWorks Controller | Hyper-V Connector | Hyper-V VM Management | 38864 | HTTPS | No | Yes | The Hyper-V VM will not be connected |
| HyWorks Controller | VMWare vCenter/ESX | VMware VM Management | 443 | HTTPS | On VMWare | Yes | VMware VMs will not be connected |
| HyWorks Controller | Nutanix AHV Server | Nutanix Management | 9440 | HTTPS | On Nutanix | Yes | Nutanix VMs cannot be connected |
| HyWorks Controller | Azure Portal | Azure Integration | 443 | HTTPS | No | Yes | Azure connector can not be used for app or desktop delivery |
| HyWorks Controller | AWS Portal | AWS Integration | 443 | HTTPS | No | Yes | AWS can not be used for app or desktop delivery |
| HyWorks Controller | Oracle Cloud Infrastructure | Oracle Integration | 443 | HTTPS | No | Yes | Oracle can not be used for app or desktop delivery |
| HyWorks Controller | Proxmox | Connecting to Proxmox connector | 8006 | HTTPS | No | Yes | Proxmox can not be used as a connector in HyWorks |
| HyWorks Controller | HPE Morpheus - VM Essentials | Connecting to HPE | 443 | HTTPS | No | Yes | HPE Morpheus - VM Essentials can not be used as a connector in HyWorks |
| HyWorks Controller | Red Hat OpenShift | Connecting to Red Hat OpenShift cluster | 6443 | HTTPS | No | Yes | Red Hat OpenShift can not be used as a connector in HyWorks |
| HyWorks Controller (Management Node) | Accops Hypervisor Manager (AHM Service) [Running on management node itself] | Connecting to AHM Service | 38903 | HTTPS | No | Yes | AHM configuration in HyWorks will have issues. |
| HyWorks Controller | SMTP Servers | Mail notification | 25,587,465 | TCP | Yes | Yes | Mail notifications will not be forwarded |
| Admin Browser | HyWorks Management Console Server | Web Management | 443 | HTTPS | No | Yes | Admin cannot do management |
| HyLabs (RMS Service/ Management Console) | HyWorks Controller Management Nodes | HyLabs | 38866 | HTTPS | No | Yes | For HyLabs delivery, HyLabs (RMS service) is deployed on a separate Windows server with the Management Console |
| HyLabs Server(s) If installed separately from the HyWorks Controller |
HyWorks Management Node(s) | Logging | 38872 | UDP | No | No* | HyLabs logs (e.g., reservation add/edit operations) will not come to the HyWorks Controller if a firewall is in between |
| User Browser | HyWorks Management Console Server (HyLabs portal) | HyLabs Web Portal | 443 | HTTPS | No | No | The user cannot log in using the browser and must log in through the Client |
| Virtual Desktop VMs | Accops MQ | Faster VM Status Updates | 5672 | HTTPS | No | No | Events will not be pushed to Accops MQ, and VM Scale Booster functionality will not work |
| HyWorks VM Scale Booster | SQL Server | Service Database access | 1433 | TCP | No | Yes | Scale booster will not be able to update the VM status in the DB |
| Workspace Client | HyWorks Controller | User login, Device management | 38866 See remarks for deployment with HySecure. |
HTTPS | No | Yes | The user cannot log in, and device management fails. Deployment with HySecure: The port does not need to be opened in the firewall. A HyWorks type application for port 38866 is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | RDS Server Host | Remote Session login | 3389 See remarks for deployment with HySecure. |
RDP | No | Yes | The user will not be able to launch the desktop/applications. Deployment with HySecure: The port does not need to be opened in the firewall. A network- or application-server–type application for port 3389 (for virtual desktops) is created on HySecure or another gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | Hyper-V | Console Connect | 2179 See remarks for deployment with HySecure. |
TCP | No | Yes | Console connection with Hyper-V will not work. Deployment with HySecure: The port does not need to be opened in the firewall. A network type application for port 2179 (for Hyper-V) is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | vCenter/ ESXi Host | Console Connect/ Authentication | 443 See remarks for deployment with HySecure. |
HTTPS | No | Yes | Console connection with VMware will not work. Deployment with HySecure: The port does not need to be opened in the firewall. A network-type application for port 443 (for ESXi/vCenter) is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | ESXi Host | Console Connect/ Authentication | 902 See remarks for deployment with HySecure. |
TCP | No | Yes | Console connection with VMware will not work. Deployment with HySecure: The port does not need to be opened in the firewall. A network type application for port 902 (for ESXi/vCenter) is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | Proxmox Host | Console Connect | 3128 See remarks for deployment with HySecure. |
TCP | No | Yes | Console connection with Proxmox will not work. Deployment with HySecure: The port does not need to be opened in the firewall. A network type application for port 3128 (for Hyper-V) is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| HySecure Gateway | HyWorks Controller | User login, app launch | 38866 | HTTPS | No | Yes | The user app list fails, and the user app launch fails |
| HySecure Gateway | AD / LDAP | User authentication | 389 | LDAP | No | Yes | User authentication will fail |
| HySecure Gateway | AD / LDAP | Password Change | 636 | LDAP | No | No | Password change is not possible |
| HySecure Client | HySecure Gateway | User login, app launch | 443 | HTTPS | Yes | Yes | User login fails |
| HyLite Portal | HySecure Gateway | User login, app launch | 443 | HTTPS | Yes | Yes | User login fails |
| HySecure Gateway | DVMs | RDP | 3389 | TCP | Yes | Yes | The user will not be able to connect to reserved VMs |
| HySecure Gateway | HyWorks Web Server (HyLabs) | Connection to HyLabs | 443 | HTTPS | Yes | Yes | HyLite will not be able to get HyLabs Data |
| Desktop Virtual Machines | Session Recording Management Server (SRMS) | Recording upload | 38893 | TCP | No | Yes | Session recordings will not be uploaded to SRMS. Mandatory if session recordings are to be done |
| Session Recording Management Server (SRMS) | Accops MQ | HyWorks HA Status | 5672 | TCP | No | Yes | For HA of SRMS to get the HyWorks Controller primary address. Mandatory if session recordings are to be done |
| Admin Browser | Session Recording Management Server (SRMS) | Streaming the recording. | 38893 | HTTPS | No | Yes | Streaming or viewing recordings. Mandatory if session recordings are to be done |
| Session Recording Management Server (SRMS) | SQL Server (Management Node -1 ) | Read/ Write the recording details into the HyWorks Controller DB | 1433 | TCP | No | Yes | Recording details will not be saved or fetched. Mandatory if session recordings are to be done |
| Session Recording Management Server (SRMS) | SQL Server (Management Node -2 ) | Read/ Write the recording details into the HyWorks Controller DB | 1433 | TCP | No | Yes | Recording details will not be saved or fetched. Mandatory if session recordings are to be done |
| Desktop Virtual Machines | Accops Reporting Server or Syslog Server | Sending network monitoring and file transfer logs to the Syslog server | 514 | UDP | Yes | No | Data will not be sent to the ARS server, and logs can not be used for reporting or visualizations |
| Desktop Virtual Machines | Accops Reporting Server | Sending AUEM and event details to ARS | 9200 | TCP | No | No | Relevant visualizations can not be created on ARS |
| HyLabs Server-1 (Management Console + RMS Service) | HyLabs Server-2 (Management Console + RMS Service) | High availability of the RMS Service | 38868 | TCP | No | No | For HyLabs delivery and the high availability of HyLabs services |
| HyLabs Server-2 (Management Console + RMS Service) | HyLabs Server-1 (Management Console + RMS Service) | High availability of the RMS Service | 38868 | TCP | No | No | For HyLabs delivery and the high availability of HyLabs services |
| External API Clients (Applications) | HyWorks Management Node | Accops | 38902 | HTTPS | No | Yes | Accops HyWorks API Services can not be integrated with external software. |
| From | To | Purpose | Port No. | Protocol | Customizable | Mandatory | If the port is not open |
|---|---|---|---|---|---|---|---|
| Deployment with Accops Policy Engine | |||||||
| HyWorks Controller Nodes | Policy Engine | Accessing Policy Management API endpoint. | 38901 | TCP | No | No | Policy Engine-based features - user experience management and desktop policies will not work. |
| Desktop Virtual Machines | Policy Engine | Accessing Policy Management API endpoint. | 38901 | TCP | No | No | Policy Engine-based features - user experience management and desktop policies will not work. |
| Policy Engine Node | RabbitMQ Servers | For HyWorks Controller HA notifications. | 5671 (SSL) 5672 (Non-SSL) |
TCP | No | No | Switching to the wrong controller node will fail and cause policy engine-based features to fail. |
| Policy Engine Node | HyWorks Controller Servers | Communication with HyWorks Controller. | 38866 | TCP | No | No | Communication with HyWorks Controller. |
| Policy Engine Node | SQL Servers | Reading Policy and associated data. | 1433 (Default) | TCP | No | No | Policy Engine-based features - user experience management and desktop policies will not work. |
| From | To | Purpose | Port No. | Protocol | Customizable | Mandatory | If the port is not open |
|---|---|---|---|---|---|---|---|
| Deployments with Accops Certificate Manager | |||||||
| HyWorks Controller | ACM Nodes | To access the Authorizer AP | 4000 | TCP | No | No | Virtual smart card- based single sign-on using ACM will not work. |
| HyWorks Controller | ACM Nodes | To access the Tenant Service API | 4001 | TCP | No | No | Virtual smart card -based single sign-on using ACM will not work. |
| HyWorks Controller | ACM Nodes | To access Certificate Manager API | 4002 | TCP | No | No | Virtual smart card -based single sign-on using ACM will not work. |
| HyWorks Controller | ACM Nodes | To access the CRL of the vaults’ Directory Server. | 8200 | TCP | No | No | Virtual smart card-based single sign-on using ACM will not work |
| ACM Nodes | ACM Nodes | MongoDB HA Cluster and Database access from Certificate Manager, Authorizer, and Tenant Service. | 27017 | TCP | No | No | Virtual smart card-based single sign-on using ACM will not work |
| ACM Nodes | ACM Nodes | For HashiCorp Vault to access from Certificate Manager. | 8200 | TCP | No | No | Virtual smart card-based single sign-on using ACM will not work |