Copyright © 2008, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices
Firewalls can be used to protect various parts of a network and must be configured to permit the connections required by Oracle VDI.
Clients must be able to connect to any host in an Oracle VDI Center.
The following table lists the ports you might need to open to permit these connections.
Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
Client | Oracle VDI web server | 1800 | TCP | HTTP connections to Oracle VDI Manager. These connections are redirected to port 1801. |
Client | Oracle VDI web server | 1801 | TCP | HTTPS connections to Oracle VDI Manager. |
Client | Oracle VDI web server | 1802 | TCP | HTTPS connections to the VDI Client web services API. |
Client | Oracle VDI host | 3389 | TCP | RDP connections to the Oracle VDI RDP Broker. |
Sun Ray Clients | Oracle VDI host | Various | Various | See Ports and Protocols in the Sun Ray Software 5.3 Administration Guide for details. |
All hosts in an Oracle VDI Center need to be able to make connections to any of the configured user directories.
The following table lists the ports you might need to open to permit these connections.
Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
Oracle VDI host | Windows server | 53 | UDP | DNS lookups on Active Directory. |
Oracle VDI host | Windows server | 88 | TCP or UDP | Authenticate users in Active Directory. |
Oracle VDI host | LDAP directory | 389 | TCP | Authenticate users in an LDAP directory. |
Oracle VDI host | Windows server | 464 | TCP or UDP | Enable users to change their password if it has expired. |
Oracle VDI host | LDAP directory server | 636 | TCP | Authenticate users using a secure connection to an LDAP directory. |
Oracle VDI host | Windows server | 3268 | TCP | Authenticate users in Active Directory. |
Each Oracle VDI host must be able to make connections to Active Directory on the following ports:
Port 53 for DNS lookups on Active Directory
Ports 88 and 464 for Kerberos authentication to a Key Distribution Center (KDC)
Port 389 for the secure LDAP connection to a domain controller
Port 3268 for the secure LDAP connection to a global catalog server
Oracle VDI performs several DNS lookups to discover LDAP information. For these lookups to work, it is essential that your DNS is configured correctly to enable the required information to be returned from Active Directory.
Ports 88 and 464 are the standard ports used for Kerberos authentication to a Key Distribution Center (KDC). These ports are configurable. Connections to these ports can use either the TCP or UDP protocol depending on the packet size and your Kerberos configuration. Port 464 is only required for password change operations.
The standard ports used for connections to LDAP directories are port 389 for standard connections (simple authentication) and port 636 for secure connections (secure authentication). These ports are configurable.
In order to run desktops, all hosts in an Oracle VDI Center must be able to connect to any of the configured desktop provider hosts, and their associated storage hosts.
The ports used for connections depends on the desktop provider type and whether the storage is managed by Oracle VDI.
The following table lists the ports you might need to open to permit these connections.
Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
Oracle VDI host | Storage host | 22 | TCP | Storage management using SSH. Required only for Oracle VM VirtualBox and Hyper-V desktop providers. |
Oracle VDI host | VirtualBox host | 22 | TCP | Used to run some Oracle VM VirtualBox commands over SSH. Required only for the Oracle VM VirtualBox desktop provider. |
Oracle VDI host | Virtualization host | 443 | TCP | HTTPS connections to web services for provisioning and managing virtual desktops, or HTTPS connections for Windows Remote Management (WinRM). Required only for Oracle VM VirtualBox, Microsoft Hyper-V, VMware vCenter, and Microsoft Remote Desktop desktop providers. |
Oracle VDI host | Storage host | 3260 | TCP | iSCSI connections when virtual disks are copied for management reasons, for example when desktops are imported or copied to a storage host for cloning. Required only for Oracle VM VirtualBox and Hyper-V desktop providers. |
VirtualBox or Microsoft Hyper-V host | Storage host | 3260 | TCP | iSCSI connections to connect virtual machines to their virtual disks. Required only for Oracle VM VirtualBox and Hyper-V desktop providers. |
Oracle VDI host | Virtualization host | 3389 | TCP | Microsoft RDP connections to virtual desktops. |
VirtualBox host | VirtualBox host | 7777 | TCP | Required for Oracle Cluster File System version 2 (OCFS2) for VirtualBox hosts on Oracle Linux platforms and the hosts use an iSCSI or a Sun ZFS storage. |
Oracle VDI host | VirtualBox host | 18083 | TCP | HTTPS connections to web services for provisioning and managing virtual desktops. Required only for Oracle VM VirtualBox desktop providers when a non-root user is selected to run VirtualBox. |
Oracle VDI host | VirtualBox host | 49152 to 65534 | TCP | VirtualBox RDP (VRDP) connections to virtual desktops. Required only for the Oracle VM VirtualBox desktop provider if VRDP is selected as the desktop protocol. |
Ports 22, 443, 3389, 18083, and 49152-65534 are configurable.
On VirtualBox hosts, the HTTPS port is configured when you install VirtualBox. The VRDP ports are only required if the VRDP protocol is used to connect to desktops. See Choosing Between VRDP and MS-RDP for details. The range of ports used is configurable, see Configuring the VRDP Port Range for details.
A network might contain firewalls between the hosts in an Oracle VDI Center, for example if you have multiple offices each containing an Oracle VDI host. The Oracle VDI hosts must be able to connect to any other member of the Oracle VDI Center.
The following table lists the ports you might need to open to permit these connections.
Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
Oracle VDI secondary host | Oracle VDI primary host | 123 | UDP | Network time connection (NTP) connections to the primary host. Required only if NTP is not enabled on the secondary host. |
Oracle VDI host | Another Oracle VDI host | 3307 | TCP | Connections to the embedded MySQL Server database. |
Oracle VDI host | Remote MySQL database host | Configurable | Configurable | Connection to a remote MySQL database. Required only if a remote MySQL database is selected when you configure an Oracle VDI Center. |
Oracle VDI host | Another Oracle VDI host | 11172 | TCP | Used for the JMX-MP connector to Cacao. Used by the cacaoadm command |
Oracle VDI host | Another Oracle VDI host | 11173 | TCP | Used for the command stream connector to Cacao. Used by vda and vda-center commands. |
Oracle VDI host | Another Oracle VDI host | 11174 | TCP | Used for the JMX RMI connector to Cacao. Used by the Oracle VDI Manager and for the communication between Oracle VDI Center Agents. |
Sun Ray Software | Sun Ray Software | Various | Various | See Ports and Protocols in the Sun Ray Software 5.3 Administration Guide for details. |
On Oracle VDI hosts, port 3303 is also used for the connection between the vda client command and the Oracle VDI host. This port is bound to localhost and is configurable.
Copyright © 2008, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices