Connectivity Requirements
Overview
Full details of all required network/firewall rules for AppsAnywhere are detailed below.
Further information is available by request to AppsAnywhere Support or as part of an AppsAnywhere Implementation.
For Parallels RAS, please refer to Parallels RAS 19 Administrator's Guide - Port reference.
Firewall Rules
The following tables detail the connectivity required, grouped according to the origin of the network traffic.
All traffic is bi-directional
Internal Destinations should be amended to match internal servers and services.
There is no requirement to configure firewall rules on AppsAnywhere servers.
AppsAnywhere
Inbound Traffic (Internal and External)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
Client Devices | appsanywhere.uni.edu | 443 TCP | User access to AppsAnywhere (e.g. via a load balancer) |
Inbound Traffic (Internal)
It is recommended that access for Analytics users is provisioned on an internal network only.
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
Client Devices | analytics.uni.edu | 9999 TCP | User access to Analytics A direct connection to the server DNS is recommended Retrieving content to be embedded into AppsAnywhere Analytics user interface and is required from all Analytics Viewer/Explorer (end user) devices (note: this is only the named Analytics Viewers/Explorers users and not all users of AppsAnywhere). It is recommended that access is only available on the internal network. |
AppsAnywhere | analytics.uni.edu | 19999 TCP | Authorizing sessions for AppsAnywhere Analytics and pulling data on behalf of AppsAnywhere Analytics UI and is only required from the AppsAnywhere Servers |
AppsAnywhere01 | appsanywhere02.uni.edu | 80 TCP | Transfer of AppsAnywhere Client installers from other internal AppsAnywhere servers |
AppsAnywhere01 | appsanywhere03.uni.edu | 80 TCP | Transfer of AppsAnywhere Client installers from other internal AppsAnywhere servers |
AppsAnywhere01 | appsanywhere02.uni.edu | 22 TCP | Transfer of AppsAnywhere Configuration from other internal AppsAnywhere servers |
AppsAnywhere01 | appsanywhere03.uni.edu | 22 TCP | Transfer of AppsAnywhere Configuration from other internal AppsAnywhere servers |
Jump Host | appsanywhere01.uni.edu | 22 TCP | SSH access for administration (usually via a Windows jump host) |
Jump Host | appsanywhere02.uni.edu | 22 TCP | SSH access for administration (usually via a Windows jump host) |
Jump Host | appsanywhere03.uni.edu | 22 TCP | SSH access for administration (usually via a Windows jump host) |
Jump Host | analytics.uni.edu | 22 TCP | AppsAnywhere remote support for installation, configuration and upgrades |
Outbound Traffic (Internal)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
AppsAnywhere | MSSQL.uni.edu | 1433 TCP | Connection to your SQL database |
AppsAnywhere | MSSQL.uni.edu | 1434 UDP | Connection to your SQL database, if using dynamic ports |
AppsAnywhere | AD.uni.edu | 636 TCP | Connection via LDAPS to Active Directory |
AppsAnywhere | AD.uni.edu | 88 UDP | Connection via Kerberos to Active Directory |
AppsAnywhere02 | appsanywhere01.uni.edu | 80 TCP | Transfer of AppsAnywhere Client installers to other internal AppsAnywhere servers |
AppsAnywhere03 | appsanywhere01.uni.edu | 80 TCP | Transfer of AppsAnywhere Client installers to other internal AppsAnywhere servers |
AppsAnywhere | Configured Base URL (load balanced HTTPS address) | 443 TCP | TLS certificate checks. |
AppsAnywhere | cloudpaging.uni.edu | 443 TCP | Connection to your Cloudpaging service (if applicable) |
AppsAnywhere | parallels.uni.edu | 443 TCP | Connection to the Parallels RAS service (if applicable) |
AppsAnywhere | analytics.uni.edu | 19999 TCP | Connection to the Analytics Appliance |
AppsAnywhere | myfileshare.uni.edu | 445 TCP | AppsAnywhere Service access to the Secure Download UNC path |
Analytics | MSSQL.uni.edu | 1433 TCP | Connection to the SQL database |
Analytics | MSSQL.uni.edu | 1433 UDP | Connection to the SQL database |
Outbound Traffic (External)
Source | Port | Usage |
|---|---|---|
AppsAnywhere | 123 UDP | OS time service (NTP) |
AppsAnywhere | 80 TCP | Icon Library and OS updates |
AppsAnywhere | 443 TCP | APIs, libraries and OS updates |
AppsAnywhere | 587 TCP | Expiration notifications sent to Admin Email Addresses |
Analytics | 123 UDP | OS time service (NTP) |
Analytics | 443 TCP | Daily license check, software and OS updates |
Analytics | 80 TCP | OS updates |
Analytics | 587 TCP |
External Destinations
The following table provides detailed information for all the outbound destinations that AppsAnywhere requires access to during normal operation.
Source | External Destination | Port | Owner / Usage |
|---|---|---|---|
AppsAnywhere | 1bdb4cc9b0722bc205a377fabbc4511a62a47f7610ad5c7c4e62.ssl.cf3.rackcdn.com | 443 TCP | Client Management |
AppsAnywhere | 2.rocky.pool.ntp.org | 123 UDP | NTP Time Service (Default Configuration) |
AppsAnywhere | ajax.googleapis.com | 443 TCP | jQuery & Google Fonts |
AppsAnywhere | api.appsanywhere.com | 80 TCP | Icon Library |
AppsAnywhere | api.software2.com | 443 TCP | AppsAnywhere Server Registration |
AppsAnywhere | appsanywhereresources.blob.core.windows.net | 80 TCP | Appliance Configuration Console |
AppsAnywhere | appsanywhereresources.blob.core.windows.net | 443 TCP | Appliance Configuration Console |
AppsAnywhere | appsanywhereresources.azureedge.net | 443 TCP | Appliance Deployment Resources |
AppsAnywhere | b12228822d08f4925072-e23aef5ecad0f6168507017a4f5869f1.ssl.cf3.rackcdn.com | 443 TCP | AppsAnywhere Icon Library |
AppsAnywhere | cdn.remirepo.net This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from rpms.remirepo.net and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Remi mirror list. | 80 TCP | Appliance Package Repository Mirrors |
AppsAnywhere | mirror.pulsant.com This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 80 TCP | Appliance Package Repository |
AppsAnywhere | mirror.pulsant.com This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 443 TCP | Appliance Package Repository |
AppsAnywhere | mirrors.fedoraproject.org This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrors.fedoraproject.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Fedora mirror list. | 443 TCP | Appliance Package Repository Mirrors |
AppsAnywhere | mirrors.rockylinux.org This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrors.rockylinux.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Rocky Linux mirror list. | 443 TCP | Appliance Package Repository Mirrors |
AppsAnywhere | mirrors.vinters.com This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 80 TCP | Appliance Package Repository |
AppsAnywhere | packages.microsoft.com This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. | 443 TCP | Appliance Package Repository |
AppsAnywhere | rpms.remirepo.net This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 80 TCP | Appliance Package Repository |
AppsAnywhere | s2public.blob.core.windows.net | 443 TCP | Client Management |
AppsAnywhere | smtp.sendgrid.net | 587 TCP | SMTP Email Server |
AppsAnywhere | software2-public.azureedge.net | 443 TCP | Patch Management App licence template updates Dynamic admin dashboard content Client setup application updates |
AppsAnywhere | files.software2.com | 443 TCP | App licence template updates |
AppsAnywhere | files.appsanywhere.com | 443 TCP | Dynamic admin dashboard content Client setup application updates |
The following table provides detailed information for all the outbound destinations that Analytics requires access to during normal operation.
Source | External Destination | Port | Usage |
|---|---|---|---|
Analytics (CentOS) | 0.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics (CentOS) | 1.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics (CentOS) | 2.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics (CentOS) | 3.centos.pool.ntp.org | 123 UDP | CentOS Time Service |
Analytics (CentOS) | mirrorlist.centos.org Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrorlist.centos.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the CentOS mirror list. | 80 TCP | CentOS Update Repository |
Analytics (Rocky) | 2.rocky.pool.ntp.org | 123 UDP | NTP Time Service (Default Configuration) |
Analytics (Rocky) | mirrors.fedoraproject.org This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrors.fedoraproject.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Fedora mirror list. | 443 TCP | Appliance Package Repository Mirrors |
Analytics (Rocky) | ask4.mm.fcix.net This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 443 TCP | Appliance Package Repository |
Analytics (Rocky) | mirrors.rockylinux.org This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrors.rockylinux.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Rocky Linux mirror list. | 443 TCP | Appliance Package Repository Mirrors |
Analytics (Rocky) | rocky-linux-europe-west2.production.gcp.mirrors.ctrliq.cloud This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 443 TCP | Appliance Package Repository |
Analytics (Rocky) | mirror.pulsant.com This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 80 TCP | Appliance Package Repository |
Analytics (Rocky) | mirror.pulsant.com This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 443 TCP | Appliance Package Repository |
Analytics (All) | cdn.remirepo.net This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from rpms.remirepo.net and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Remi mirror list. | 80 TCP | Appliance Package Repository Mirrors |
Analytics (All) | rpms.remirepo.net This destination is determined dynamically as per active appliance configuration and is subject to change. Changes may occur if the third-party maintainer of this destination changes its address. Changes may also occur in the even this destination is derived from a mirrors list and the appliance operating system resolved the address from a different item in that list. This value is derived by parsing a mirror list, ensure all mirrors whitelisted where required and documented against other records in this table. | 80 TCP | Appliance Package Repository |
Analytics (All) | s2public.blob.core.windows.net | 443 TCP | ACC Updates |
Analytics (All) | software2-public.azureedge.net | 443 TCP | ACC Updates |
Analytics (All) | bitbucket.org | 443 TCP | Analytics model and ML updates used by reports and the reporting schema |
Analytics (All) | license.looker.com | 443 TCP | Daily heartbeat to licensing server |
Analytics (All) | smtp.sendgrid.net | 587 TCP | Email alerts via SMTP |
Cloudpaging
Inbound Traffic (Internal and External)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
Client Devices | 80 TCP | User access to the Paging Service |
Inbound Traffic (Internal)
Sources | Internal Destination | Port | Usage |
|---|---|---|---|
AppsAnywhere | 443 TCP | AppsAnywhere access to the Cloudpaging Admin Service via a load balancer |
Parallels RAS
For Parallels RAS, please refer to Parallels RAS 19 Administrator's Guide - Port reference.