Firewall and Load Balancing Considerations
Anyware Manager and the Connector require certain ports to be open to enable connections between the Anyware Manager, Connector, Remote Workstations, as well as other components.
Ports and Component Connections
Component | Allow | Port/Protocol | Source/Destination Component | Descriptions |
---|---|---|---|---|
Connector | Inbound | 443 TCP | From PCoIP Clients and administrative web browsers. | For users to negotiate connections to their remote workstations. For accessing the Management Interface for (legacy) management of Anyware Manager. |
Connector | Outbound | 443 TCP | To CAM Service, PCoIP Cloud License Server and to SumoLogic. | To sync AD information to the CAM service and call Anyware Manager APIs related to negotiating PCoIP sessions. To verify license activation code during the Connector installation. For log aggregation for support purposes. |
Connector | Outbound | 60443 TCP | To remote workstations. | Prepares PCoIP Agents for a new user session. |
Connector | Inbound | 4172 TCP/UDP | From PCoIP Clients. | For PCoIP Sessions with users that are outside of the corporate network. |
Connector | Outbound | 4172 TCP/UDP | To remote workstations. | For PCoIP Sessions with users that are outside of the corporate network. |
Connector | Outbound | 636 TCP | To Domain Controllers. | To authenticate users, and query user and computer information. |
Connector | Outbound | 1812 UDP (This port is configurable) | To RADIUS Server. | For authentication against RADIUS Server. |
Connector | Outbound | 53 TCP/UDP | To DNS. | Domain name resolution. |
PCoIP License Server | Inbound | 7070 TCP (This port is configurable) | From remote workstations. | For license activation and verification from PCoIP Agent if the PCoIP License Server is used instead of the Cloud License Server. |
Port and Component Notes:¶
- Port 443 TCP is not required if the PCoIP License Server is used in place of the Cloud License Server.
- The RADIUS Server is optionally configured.
- See the PCoIP License Server guide for changing port and configuring TLS encryption.
Health Check Endpoint¶
The following URI endpoint can be used for the Anyware Manager and Connector's health check:
/health
curl
command to verify the health check status and run it on a console. The following command is an example of using the curl
command:
curl -k https://cac-machine.local:443/health
-
If the command is successful, you will see the following response:
{"code":200,"status":"success"}
-
If the command fails, you will see the following response:
{"code":500,"status":"Error","reason":"Cannot communicate with broker"}
The following table outlines the list of possible errors and the associated status codes for the /health
endpoint:
Status Code | Status | Example | Issue |
---|---|---|---|
200 | success | {"code":200,"status":"success"} | N/A |
500 | error | {"code":500,"status":"Error","reason":"Cannot communicate with broker"} | Failure to communicate to Broker. |
500 | error | {"code":500,"status":"Error","reason":"Security Gateway is enabled but does not respond"} | Failure to communicate to Security Gateway. |
500 | error | {"code":500,"status":"Error","reason":"[error-related-for-configuration]"} | Misconfiguration for the Connection Manager |