Skip to content

Firewall and Load Balancing Considerations

Anyware Manager and the Connector require certain ports to be open to enable connections between the Anyware Manager, Connector, Remote Workstations, as well as other components.

Ports and Component Connections

Component            Allow Port/Protocol Source/Destination Component Descriptions
Connector Inbound 443 TCP From PCoIP Clients and administrative web browsers. For users to negotiate connections to their remote workstations. For accessing the Management Interface for (legacy) management of Anyware Manager.
Connector Outbound 443 TCP To CAM Service, PCoIP Cloud License Server and to SumoLogic. To sync AD information to the CAM service and call Anyware Manager APIs related to negotiating PCoIP sessions. To verify license activation code during the Connector installation. For log aggregation for support purposes.
Connector Outbound 60443 TCP To remote workstations. Prepares PCoIP Agents for a new user session.
Connector Inbound 4172 TCP/UDP From PCoIP Clients. For PCoIP Sessions with users that are outside of the corporate network.
Connector Outbound 4172 TCP/UDP To remote workstations. For PCoIP Sessions with users that are outside of the corporate network.
Connector Outbound 636 TCP To Domain Controllers. To authenticate users, and query user and computer information.
Connector Outbound 1812 UDP (This port is configurable) To RADIUS Server. For authentication against RADIUS Server.
Connector Outbound 53 TCP/UDP To DNS. Domain name resolution.
PCoIP License Server Inbound 7070 TCP (This port is configurable) From remote workstations. For license activation and verification from PCoIP Agent if the PCoIP License Server is used instead of the Cloud License Server.

Port and Component Notes:

  • Port 443 TCP is not required if the PCoIP License Server is used in place of the Cloud License Server.
  • The RADIUS Server is optionally configured.
  • See the PCoIP License Server guide for changing port and configuring TLS encryption.

Health Check Endpoint

The following URI endpoint can be used for the Anyware Manager and Connector's health check:

/health
You can use the curl command to verify the health check status and run it on a console. The following command is an example of using the curl command:

curl -k https://cac-machine.local:443/health
  • If the command is successful, you will see the following response:

    {"code":200,"status":"success"}
    
  • If the command fails, you will see the following response:

    {"code":500,"status":"Error","reason":"Cannot communicate with broker"}
    

The following table outlines the list of possible errors and the associated status codes for the /health endpoint:

Status Code Status Example Issue
200 success {"code":200,"status":"success"} N/A
500 error {"code":500,"status":"Error","reason":"Cannot communicate with broker"} Failure to communicate to Broker.
500 error {"code":500,"status":"Error","reason":"Security Gateway is enabled but does not respond"} Failure to communicate to Security Gateway.
500 error {"code":500,"status":"Error","reason":"[error-related-for-configuration]"} Misconfiguration for the Connection Manager