Firewalls can be used to protect various parts of a network and must be configured to permit the connections required by Oracle VDI.
Clients must be able to connect to any host in an Oracle VDI Center.
The following table lists the ports you might need to open to permit these connections.
Source | Destination | Port | Protocol | Purpose |
---|---|---|---|---|
Client | Oracle VDI web server | 1800 | TCP | HTTP connections to Oracle VDI Manager. These connections are redirected to port 1801. |
Client | Oracle VDI web server | 1801 | TCP | HTTPS connections to Oracle VDI Manager. |
Client | Oracle VDI web server | 1802 | TCP | HTTPS connections to the VDI Client web services API. |
Client | Oracle VDI host | 3389 | TCP | RDP connections to the Oracle VDI RDP Broker. |
Sun Ray Clients | Oracle VDI host | Various | Various | See Chapter 2 of the Sun Ray Software 5.2 Installation and Configuration Guide for details. |
All hosts in an Oracle VDI Center need to be able to make connections to any of the configured user directories.
The following table lists the ports you might need to open to permit these connections.
Source | Destination | Port | Protocol | Purpose |
---|---|---|---|---|
Oracle VDI host | Windows server | 53 | UDP | DNS lookups on Active Directory. |
Oracle VDI host | Windows server | 88 | TCP or UDP | Authenticate users in Active Directory. |
Oracle VDI host | LDAP directory | 389 | TCP | Authenticate users in an LDAP directory. |
Oracle VDI host | Windows server | 464 | TCP or UDP | Enable users to change their password if it has expired. |
Oracle VDI host | LDAP directory server | 636 | TCP | Authenticate users using a secure connection to an LDAP directory. |
Oracle VDI host | Windows server | 3268 | TCP | Authenticate users in Active Directory. |
Each Oracle VDI host must be able to make connections to Active Directory on the following ports:
Port 53 for DNS lookups on Active Directory
Ports 88 and 464 for Kerberos authentication to a Key Distribution Center (KDC)
Port 389 for the secure LDAP connection to a domain controller
Port 3268 for the secure LDAP connection to a global catalog server
Oracle VDI performs several DNS lookups to discover LDAP information. For these lookups to work, it is essential that your DNS is configured correctly to enable the required information to be returned from Active Directory.
Ports 88 and 464 are the standard ports used for Kerberos authentication to a Key Distribution Center (KDC). These ports are configurable. Connections to these ports can use either the TCP or UDP protocol depending on the packet size and your Kerberos configuration. Port 464 is only required for password change operations.
The standard ports used for connections to LDAP directories are port 389 for standard connections (simple authentication) and port 636 for secure connections (secure authentication). These ports are configurable.
In order to run desktops, all hosts in an Oracle VDI Center must be able to connect to any of the configured desktop provider hosts, and their associated storage hosts.
The ports used for connections depends on the desktop provider type and whether the storage is managed by Oracle VDI.
The following table lists the ports you might need to open to permit these connections.
Source | Destination | Port | Protocol | Purpose |
---|---|---|---|---|
Oracle VDI host | Storage host | 22 | TCP | Storage management using SSH. Required only for Oracle VDI and Hyper-V desktop providers. |
Oracle VDI host | Oracle VM VirtualBox host | 22 | TCP | Used to run some Oracle VM VirtualBox commands over SSH. Required only for the Oracle VDI desktop provider. |
Oracle VDI host | Desktop provider host | 443 | TCP | HTTPS connections to web services for provisioning and managing virtual desktops, or HTTPS connections for Windows Remote Management (WinRM). Required only for Oracle VDI, Microsoft Hyper-V, VMware vCenter, and Microsoft Remote Desktop desktop providers. |
Oracle VDI host | Storage host | 3260 | TCP | iSCSI connections when virtual disks are copied for management reasons, for example when desktops are imported or copied to a storage host for cloning. Required only for Oracle VDI and Hyper-V desktop providers. |
Oracle VM VirtualBox host or Microsoft Hyper-V host | Storage host | 3260 | TCP | iSCSI connections to connect virtual machines to their virtual disks. Required only for Oracle VDI and Hyper-V desktop providers. |
Oracle VDI host | Desktop provider host | 3389 | TCP | Microsoft RDP connections to virtual desktops. |
Oracle VDI host | Oracle VM VirtualBox host | 49152-65534 | TCP | Oracle VM VirtualBox RDP (VRDP) connections to virtual desktops. Required only for the Oracle VDI desktop provider if VRDP is selected as the desktop protocol. |
Ports 22, 443, 3389, and 49152-65534 are configurable.
On Oracle VM VirtualBox hosts, port 18083 is also used for HTTP connections to the Oracle VM VirtualBox web service. This port is bound to localhost.
A network might contain firewalls between the hosts in an Oracle VDI Center, for example if you have multiple offices each containing an Oracle VDI host. The Oracle VDI hosts must be able to connect to any other member of the Oracle VDI Center.
The following table lists the ports you might need to open to permit these connections.
Source | Destination | Port | Protocol | Purpose |
---|---|---|---|---|
Oracle VDI host | Another Oracle VDI host | 3307 | TCP | Connections to the Oracle VDI embedded MySQL Server database. |
Oracle VDI host | Remote MySQL database host | Configurable | Configurable | Connection to a remote MySQL database. Required only if a remote MySQL database is selected when you configure an Oracle VDI Center. |
Oracle VDI host | Another Oracle VDI host | 11172 | TCP | Used for the JMX-MP connector to Cacao. Used by the cacaoadm command |
Oracle VDI host | Another Oracle VDI host | 11173 | TCP | Used for the command stream connector to Cacao. Used by vda and vda-center commands. |
Oracle VDI host | Another Oracle VDI host | 11174 | TCP | Used for the JMX RMI connector to Cacao. Used by the Oracle VDI Manager and for the communication between Oracle VDI Center Agents. |
Sun Ray Software | Sun Ray Software | Various | Various | See Chapter 2 of the Sun Ray Software 5.2 Installation and Configuration Guide for details. |
On Oracle VDI hosts, port 3303 is also used for the connection between the vda client command and the Oracle VDI host. This port is bound to localhost and is configurable.