Pre-requisites
System Requirements
-
Ensure the following system requirements are met and the necessary software is installed.
Port Requirements
Different HyWorks modules use different ports to deliver application and desktop sessions to the users. HyWorks uses designated ports for communication. The table lists default ports that are required for communication, which functionalities might not work if those ports are not open for communication.
Important Ports
| From | To | Purpose | Port No. | Protocol | Customizable | Mandatory | If the port is not open |
|---|---|---|---|---|---|---|---|
| HyWorks Controller Management Node - 1 | HyWorks Controller Management Node - 2 | Clustering | 38866 | TCP | No | Yes | Cluster and high availability will not work |
| HyWorks Controller Management Node - 1 | HyWorks Controller Management Node - 2 | Monitoring | 38870 | TCP | No | Yes | Resource consumption of other nodes will not be visible |
| HyWorks Controller Management Node - 2 | HyWorks Controller Management Node - 1 | Clustering | 38866 | TCP | No | Yes | Cluster and high availability will not work |
| HyWorks Controller Management Node - 2 | HyWorks Controller Management Node - 1 | Monitoring | 38870 | TCP | No | Yes | Resource consumption of other nodes will not be visible |
| HyWorks Management Nodes | HyWorks Session or Broker Nodes | Clustering | 38866 | TCP | No | Yes | Controller clustering will not work |
| HyWorks Management Nodes | HyWorks Session or Broker Nodes | Monitoring | 38870 | TCP | No | Yes | Resource consumption of other nodes will not be visible |
| HyWorks Session or Broker Nodes | HyWorks Management Nodes | Clustering | 38866 | TCP | No | Yes | Controller clustering will not work |
| HyWorks Controller Management Nodes | SQL Server | Service Database (R/W) | 1433 | TCP | Yes | Yes | The HyWorks controller will not work without database connectivity |
| HyWorks Controller Broker Nodes | SQL Server | Service Database (R/W) | 1433 | TCP | Yes | Yes | The HyWorks controller will not work without database connectivity |
| HyWorks Controller Management Nodes | SQL Server (Logs) | Log database (R/W) | 1433 | TCP | Yes | Yes | Logs will not be pushed to the SQL server and will not be visible on the management console |
| HyWorks Controller Broker Nodes | SQL Server (Logs) | Log database (R/W) | 1433 | TCP | Yes | Yes | Logs will not be pushed to the SQL server and will not be visible on the management console |
| HyWorks Controller Management Node - 1 | SQL Server (Management Node -2 ) | Database syncing | 1433 | TCP | Yes | Yes | Database syncing will not work. Applicable in case of the HyWorks-managed database high availability |
| HyWorks Controller Management Node - 2 | SQL Server (Management Node -1 ) | Database syncing | 1433 | TCP | Yes | Yes | Database syncing will not work. Applicable in case of the HyWorks-managed database high availability |
| HyWorks Controller Management Nodes | AD/LDAP | User authentication, authorization | 389, 636, 3268: for global catalog |
LDAP | No | Yes | Management nodes cannot communicate with AD or authenticate/authorize users |
| HyWorks Controller Broker Nodes | AD/LDAP | User authentication, authorization | 389, 636, 3269: for global catalog |
LDAP | No | Yes | Broker nodes cannot communicate with AD or authenticate/authorize users |
| HyWorks Controller | HyWorks Session Host | Session Info | 38871 | HTTPS | No | Yes | SHD and the application will fail to launch or will be rendered slowly |
| HyWorks Controller | HyWorks Session Host | Load Info | 38870 | HTTPS | No | Yes | Resource-based load-balancing functionality will not work |
| HyWorks Controller | HyWorks Session Host | RDP Service check | 3389 | TCP | No | Yes | The status of the RDS service will not be checked |
| HyWorks Controller | HyWorks Session Host | Desktop agent communication | 38863 | TCP | No | Yes | For system customization and agent communication |
| HyWorks Session Host | HyWorks Controller | Session Status | 38866 | HTTPS | No | Yes | The application will fail to launch |
| HyWorks Controller | Desktop Virtual Machines (DVMs) | Agent communication: DVM Status, Sysprep | 38863 | HTTPS | No | Yes | Sysprep of the clone VM will fail, and the Workgroup login will not work |
| HyWorks Controller | Desktop Virtual Machines (DVMs) | Remote Connection Availability Check | 3389 | TCP | Yes | Yes | RDP readiness of the VM will not be checked |
| Virtual Desktop VMs | HyWorks Upgrade Service (on Management Node) | DVM Tools Upgrade | 38865 | HTTPS | No | No | DVM Tools will not upgrade |
| Virtual Desktop VMs | HyWorks Controller Server | Response to Controller Communication | 38866 | HTTPS | No | No | DVM agents’ responses will not be received, and functional failures may occur |
| HyWorks Controller | Hyper-V Connector | Hyper-V VM Management | 38864 | HTTPS | No | Yes | The Hyper-V VM will not be connected |
| HyWorks Controller | VMWare vCenter/ESX | VMware VM Management | 443 | HTTPS | On VMWare | Yes | VMware VMs will not be connected |
| HyWorks Controller | Nutanix AHV Server | Nutanix Management | 9440 | HTTPS | On Nutanix | Yes | Nutanix VMs cannot be connected |
| HyWorks Controller | Azure Portal | Azure Integration | 443 | HTTPS | No | Yes | Azure connector can not be used for app or desktop delivery |
| HyWorks Controller | AWS Portal | AWS Integration | 443 | HTTPS | No | Yes | AWS can not be used for app or desktop delivery |
| HyWorks Controller | Oracle Cloud Infrastructure | Oracle Integration | 443 | HTTPS | No | Yes | Oracle can not be used for app or desktop delivery |
| HyWorks Controller | Proxmox | Connecting to Proxmox connector | 8006 | HTTPS | No | Yes | Proxmox can not be used as a connector in HyWorks |
| HyWorks Controller | HPE Morpheus - VM Essentials | Connecting to HPE | 443 | HTTPS | No | Yes | HPE Morpheus - VM Essentials can not be used as a connector in HyWorks |
| HyWorks Controller | Red Hat OpenShift | Connecting to Red Hat OpenShift cluster | 6443 | HTTPS | No | Yes | Red Hat OpenShift can not be used as a connector in HyWorks |
| HyWorks Controller (Management Node) | Accops Hypervisor Manager (AHM Service) [Running on management node itself] | Connecting to AHM Service | 38903 | HTTPS | No | Yes | AHM configuration in HyWorks will have issues. |
| HyWorks Controller | SMTP Servers | Mail notification | 25,587,465 | TCP | Yes | Yes | Mail notifications will not be forwarded |
| Admin Browser | HyWorks Management Console Server | Web Management | 443 | HTTPS | No | Yes | Admin cannot do management |
| HyLabs (RMS Service/ Management Console) | HyWorks Controller Management Nodes | HyLabs | 38866 | HTTPS | No | Yes | For HyLabs delivery, HyLabs (RMS service) is deployed on a separate Windows server with the Management Console |
| HyLabs Server(s) If installed separately from the HyWorks Controller |
HyWorks Management Node(s) | Logging | 38872 | UDP | No | No* | HyLabs logs (e.g., reservation add/edit operations) will not come to the HyWorks Controller if a firewall is in between |
| User Browser | HyWorks Management Console Server (HyLabs portal) | HyLabs Web Portal | 443 | HTTPS | No | No | The user cannot log in using the browser and must log in through the Client |
| Virtual Desktop VMs | Accops MQ | Faster VM Status Updates | 5672 | HTTPS | No | No | Events will not be pushed to Accops MQ, and VM Scale Booster functionality will not work |
| HyWorks VM Scale Booster | SQL Server | Service Database access | 1433 | TCP | No | Yes | Scale booster will not be able to update the VM status in the DB |
| Workspace Client | HyWorks Controller | User login, Device management | 38866 See remarks for deployment with HySecure. |
HTTPS | No | Yes | The user cannot log in, and device management fails. Deployment with HySecure: The port does not need to be opened in the firewall. A HyWorks type application for port 38866 is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | RDS Server Host | Remote Session login | 3389 See remarks for deployment with HySecure. |
RDP | No | Yes | The user will not be able to launch the desktop/applications. Deployment with HySecure: The port does not need to be opened in the firewall. A network- or application-server–type application for port 3389 (for virtual desktops) is created on HySecure or another gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | Hyper-V | Console Connect | 2179 See remarks for deployment with HySecure. |
TCP | No | Yes | Console connection with Hyper-V will not work. Deployment with HySecure: The port does not need to be opened in the firewall. A network type application for port 2179 (for Hyper-V) is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | vCenter/ ESXi Host | Console Connect/ Authentication | 443 See remarks for deployment with HySecure. |
HTTPS | No | Yes | Console connection with VMware will not work. Deployment with HySecure: The port does not need to be opened in the firewall. A network-type application for port 443 (for ESXi/vCenter) is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | ESXi Host | Console Connect/ Authentication | 902 See remarks for deployment with HySecure. |
TCP | No | Yes | Console connection with VMware will not work. Deployment with HySecure: The port does not need to be opened in the firewall. A network type application for port 902 (for ESXi/vCenter) is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| Workspace Client | Proxmox Host | Console Connect | 3128 See remarks for deployment with HySecure. |
TCP | No | Yes | Console connection with Proxmox will not work. Deployment with HySecure: The port does not need to be opened in the firewall. A network type application for port 3128 (for Hyper-V) is created on HySecure or any other gateway. The external firewall will only require a rule allowing port 443 for HySecure. |
| HySecure Gateway | HyWorks Controller | User login, app launch | 38866 | HTTPS | No | Yes | The user app list fails, and the user app launch fails |
| HySecure Gateway | AD / LDAP | User authentication | 389 | LDAP | No | Yes | User authentication will fail |
| HySecure Gateway | AD / LDAP | Password Change | 636 | LDAP | No | No | Password change is not possible |
| HySecure Client | HySecure Gateway | User login, app launch | 443 | HTTPS | Yes | Yes | User login fails |
| HyLite Portal | HySecure Gateway | User login, app launch | 443 | HTTPS | Yes | Yes | User login fails |
| HySecure Gateway | DVMs | RDP | 3389 | TCP | Yes | Yes | The user will not be able to connect to reserved VMs |
| HySecure Gateway | HyWorks Web Server (HyLabs) | Connection to HyLabs | 443 | HTTPS | Yes | Yes | HyLite will not be able to get HyLabs Data |
| Desktop Virtual Machines | Session Recording Management Server (SRMS) | Recording upload | 38893 | TCP | No | Yes | Session recordings will not be uploaded to SRMS. Mandatory if session recordings are to be done |
| Session Recording Management Server (SRMS) | Accops MQ | HyWorks HA Status | 5672 | TCP | No | Yes | For HA of SRMS to get the HyWorks Controller primary address. Mandatory if session recordings are to be done |
| Admin Browser | Session Recording Management Server (SRMS) | Streaming the recording. | 38893 | HTTPS | No | Yes | Streaming or viewing recordings. Mandatory if session recordings are to be done |
| Session Recording Management Server (SRMS) | SQL Server (Management Node -1 ) | Read/ Write the recording details into the HyWorks Controller DB | 1433 | TCP | No | Yes | Recording details will not be saved or fetched. Mandatory if session recordings are to be done |
| Session Recording Management Server (SRMS) | SQL Server (Management Node -2 ) | Read/ Write the recording details into the HyWorks Controller DB | 1433 | TCP | No | Yes | Recording details will not be saved or fetched. Mandatory if session recordings are to be done |
| Desktop Virtual Machines | Accops Reporting Server or Syslog Server | Sending network monitoring and file transfer logs to the Syslog server | 514 | UDP | Yes | No | Data will not be sent to the ARS server, and logs can not be used for reporting or visualizations |
| Desktop Virtual Machines | Accops Reporting Server | Sending AUEM and event details to ARS | 9200 | TCP | No | No | Relevant visualizations can not be created on ARS |
| HyLabs Server-1 (Management Console + RMS Service) | HyLabs Server-2 (Management Console + RMS Service) | High availability of the RMS Service | 38868 | TCP | No | No | For HyLabs delivery and the high availability of HyLabs services |
| HyLabs Server-2 (Management Console + RMS Service) | HyLabs Server-1 (Management Console + RMS Service) | High availability of the RMS Service | 38868 | TCP | No | No | For HyLabs delivery and the high availability of HyLabs services |
| External API Clients (Applications) | HyWorks Management Node | Accops | 38902 | HTTPS | No | Yes | Accops HyWorks API Services can not be integrated with external software. |
| From | To | Purpose | Port No. | Protocol | Customizable | Mandatory | If the port is not open |
|---|---|---|---|---|---|---|---|
| Deployment with Accops Policy Engine | |||||||
| HyWorks Controller Nodes | Policy Engine | Accessing Policy Management API endpoint. | 38901 | TCP | No | No | Policy Engine-based features - user experience management and desktop policies will not work. |
| Desktop Virtual Machines | Policy Engine | Accessing Policy Management API endpoint. | 38901 | TCP | No | No | Policy Engine-based features - user experience management and desktop policies will not work. |
| Policy Engine Node | RabbitMQ Servers | For HyWorks Controller HA notifications. | 5671 (SSL) 5672 (Non-SSL) |
TCP | No | No | Switching to the wrong controller node will fail and cause policy engine-based features to fail. |
| Policy Engine Node | HyWorks Controller Servers | Communication with HyWorks Controller. | 38866 | TCP | No | No | Communication with HyWorks Controller. |
| Policy Engine Node | SQL Servers | Reading Policy and associated data. | 1433 (Default) | TCP | No | No | Policy Engine-based features - user experience management and desktop policies will not work. |
| From | To | Purpose | Port No. | Protocol | Customizable | Mandatory | If the port is not open |
|---|---|---|---|---|---|---|---|
| Deployments with Accops Certificate Manager | |||||||
| HyWorks Controller | ACM Nodes | To access the Authorizer AP | 4000 | TCP | No | No | Virtual smart card- based single sign-on using ACM will not work. |
| HyWorks Controller | ACM Nodes | To access the Tenant Service API | 4001 | TCP | No | No | Virtual smart card -based single sign-on using ACM will not work. |
| HyWorks Controller | ACM Nodes | To access Certificate Manager API | 4002 | TCP | No | No | Virtual smart card -based single sign-on using ACM will not work. |
| HyWorks Controller | ACM Nodes | To access the CRL of the vaults’ Directory Server. | 8200 | TCP | No | No | Virtual smart card-based single sign-on using ACM will not work |
| ACM Nodes | ACM Nodes | MongoDB HA Cluster and Database access from Certificate Manager, Authorizer, and Tenant Service. | 27017 | TCP | No | No | Virtual smart card-based single sign-on using ACM will not work |
| ACM Nodes | ACM Nodes | For HashiCorp Vault to access from Certificate Manager. | 8200 | TCP | No | No | Virtual smart card-based single sign-on using ACM will not work |