VMware Horizon Cloud Service on IBM Cloud Network Ports Diagrams

Introduction

This document provides port and protocol requirements for connectivity between the various components and servers in a VMware Horizon® Cloud Service on IBM Cloud™ deployment. This document is intended to be a companion to the Prerequisites for Firewalls and Ports section of the Horizon Cloud Service on IBM Cloud documentation. That part of the product documentation provides lists of ports and protocols in tabular format. It documents which ports must be opened for traffic from the end users' connections to reach their pod-provisioned virtual desktops and remote applications, as well as how to choose how your end users will connect.

The first set of diagrams covers Horizon Cloud Service on IBM Cloud with external connectivity. The second set covers Horizon Cloud Service on IBM Cloud with internal connectivity. To view these diagrams in larger layouts, click the diagram images themselves on each page.

This document leverages the Horizon Cloud Service on IBM Cloud product documentation for a tabular listing of all possible ports from a source component to destination components within a typical Horizon Cloud Service on IBM Cloud deployment. This does not mean that all these ports necessarily need to be open. If a component or protocol is not in use, then the ports associated with it can be ignored. For example:

  • If Blast Extreme is the only display protocol used, the PCoIP ports need not be opened.

  • If VMware Dynamic Environment Manager is not deployed, ports to and from it can be ignored.

Furthermore, this document does not list all possible ports for all possible integrations with third-party services. The document lists ports to third-party services that are critical to a functioning deployment.

Ports shown are destination ports. In the diagrams, arrows depict the direction of communication from source to destination and assume a stateful connection.

The Horizon Cloud tables and diagrams include connections to the following products, product families, and components:

  • VMware Horizon Client™

  • VMware Unified Access Gateway™

  • VMware Workspace ONE Access™

  • VMware Dynamic Environment Manager

Client Connections for Horizon Cloud Service on IBM Cloud

The information in these diagrams is to assist with connectivity questions in a Horizon Cloud Service on IBM Cloud Implementation. These diagrams do call out the need to communicate with core infrastructure platform components such as DNS, Active Directory, and file shares (if you are using Dynamic Environment Manager). However, it is not complete, because your deployment may have requirements for other networking services to be available in your Horizon Cloud Service on IBM Cloud tenant.

For details on the network ports required for a Horizon Cloud Service on IBM Cloud implementation, see the Prerequisites for Firewalls and Ports section of the Horizon Cloud Service on IBM Cloud documentation.

Horizon Cloud Service on IBM Cloud leverages the Horizon Cloud Service for many features, including configuration, administrative interfaces, management, and monitoring. The Horizon Cloud Service on IBM Cloud pod is set up and configured on your behalf by VMware. These diagrams are provided to assist you in planning for connectivity to applications and services that you may use in conjunction with a Horizon Cloud Service on IBM Cloud deployment.

For more information, see the Prerequisites for Firewalls and Ports section of the Horizon Cloud Service on IBM Cloud documentation.

External Connections

There are two basic connectivity configurations for Horizon Cloud Service on IBM Cloud: external and internal connections. The main difference between these two configurations is that with External Connections, Unified Access Gateway is deployed in a secure (untrusted) zone, instead of your tenant (trusted) zone. This configuration is valid for clients using Internal-Tunneled and External connections to the Horizon Cloud Service on IBM Cloud deployment.

The following diagrams depict an external connection for Horizon Cloud Service on IBM Cloud.

External Connections, All Display Protocols

This diagram describes the connections when a user is connecting with both Horizon Client and a Web browser.

Figure 1. External/Internal Tunneled Connections, All Display Protocols

For more information, see the Prerequisites for Firewalls and Ports section of the Horizon Cloud Service on IBM Cloud documentation.

External Connections, Blast Extreme

This diagram describes the connections when a user is connecting with a full Horizon Client and Blast Extreme.

Figure 2. External/Internal Tunneled Connections, Blast Extreme

For more information, see the Prerequisites for Firewalls and Ports section of the Horizon Cloud Service on IBM Cloud documentation.

External Connection, HTML

This diagram describes the connections when a user is connecting with a Web browser instead of a full Horizon Client.

Figure 3. External/Internal Tunneled Connections, All Display Protocols

For more information, see the Prerequisites for Firewalls and Ports section of the Horizon Cloud Service on IBM Cloud documentation.

External Connection, PCoIP

This diagram describes the connections when a user is connecting with a full Horizon Client based on the PCoIP protocol.

Figure 4. External/Internal Tunneled Connections, PCoIP

For more information, see the Prerequisites for Firewalls and Ports section of the Horizon Cloud Service on IBM Cloud documentation.

Internal Configuration

The second basic configuration for Horizon Cloud Service on IBM Cloud re is meant for internal-trusted environments where all client (user) connections go through a VPN or other trusted connection to access Horizon Cloud Service on IBM Cloud. For these configurations, the Unified Access Gateway is deployed on your behalf into the Services zone. 

The following diagrams depict the internal configurations for Horizon Cloud Service on IBM Cloud.

Internal-Direct Connection, All Display Protocols

This diagram describes the connections using all display protocols for an Internal-Direct connection.

Figure 5. Internal Connection, All Display Protocols

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level.

Internal-Direct Connection, Blast Extreme

This diagram describes the connections when a user is connecting with a full Horizon Client based on Blast Extreme.

Figure 6. Internal Connection, Blast Extreme

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level.

Internal-Direct Connection, HTML

This diagram describes the connections when a user is connecting with a Web browser instead of a full Horizon Client.

Figure 7. Internal Connection, HTML

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level.

Internal-Direct Connection, PCoIP

This diagram describes the connections when a user is connecting with the PCoIP protocol.

Figure 8. Internal Connection, PCoIP

For more information, see the Pod Operations Ports and Protocols table in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level.

Summary and Additional Resources

Summary

This document provides the port and protocol requirements that you need to connect the components and servers in your VMware Horizon Cloud Service with Microsoft Azure deployment. The images in this document, combined with the same information in tabular format in Ports and Protocols Requirements for a Horizon Cloud Pod at the September 2019 Release's Manifest Level, will help you meet connectivity requirements. If you have a deployment of Horizon Cloud with Microsoft Azure based on a release prior to that, see Ports and Protocols Requirements for a Horizon Cloud Pod Deployed Prior to the September 2019 Release.

Additional Resources

For more information, you can explore the following resources:

Changelog

The following updates were made to this guide:

2019-10-25

 

 

 

 

 

 

 

 

 

 

 

About the Author and Contributors

Rick Terlep, Senior Architect, EUC Technical Marketing, VMware, wrote this document and created the diagrams.

The following people contributed considerable knowledge and assistance with reviewing:

The following people contributed their knowledge to past versions of this document: