HALB

HALB

VRRP

112

HALB to HALB communication used for automatic assignment of VIP to active HALB.

RAS Secure Gateway in Forwarding Mode

TCP, UDP

80, 443

Management and user session connections.

RAS Secure Gateway in Normal Mode

TCP, UDP

TCP, UDP

80, 443

20009

Management and user session connections.

Device Manager shadowing via Firewall (indirect network connection).

Parallels Client

HALB

TCP, UDP

TCP, UDP

80, 443

20009

Management and user session connections.

Device Manager shadowing via Firewall (indirect network connection).

RAS Secure Gateway Forwarding mode

TCP, UDP

TCP, UDP

UDP

80, 443

3389

20000

Management and user session connections.

Optional - Used for user session if RDP load balancing is enabled (Standard RDP).

Secure Gateway lookup broadcast.

RAS Secure Gateway Normal mode

TCP, UDP

TCP, UDP

TCP, UDP

UDP

80, 443,

3389

20009

20000

Management and user session connections.

Optional - Used for user session if RDP load balancing is enabled (Standard RDP).

Device Manager shadowing via Firewall (indirect network connection)

Secure Gateway Lookup Broadcast

Session host (VDI, RDS, RemotePC)

TCP, UDP

3389

Used for user session connections in Direct Mode only. RDP connection is always encrypted.

Azure Virtual Desktop Services

TCP

UDP

443

3390

Azure Virtual Desktop Gateway connection

Used for user session connections in ShortPath mode only.

Microsoft site

TCP

443

Download Microsoft Remote Desktop (MSRDC) client

Parallels site

TCP

80, 443

Check for updates and download Parallels Client

Web browser (HTML5) and Let's Encrypt service

RAS Web Admin Service [RAS Management Portal]

TCP

20443

Admin access to HTML5 based Management Portal of RAS environment

HALB

TCP

80, 443

End-user access to Parallels RAS Web Client (on Secure Gateway in Normal mode) through the HALB

Note: Ports 80 and 443 must be open for incoming requests when using Let's Encrypt.

RAS Secure Gateway

TCP

80, 443

End-user access to Parallels RAS Web Client (on Secure Gateway in Normal mode)

Note: Ports 80 and 443 must be open for incoming requests when using Let's Encrypt.

RAS Secure Gateway in Forwarding mode

RAS Secure Gateway in Normal mode

TCP, UDP

TCP, UDP

80, 443

3389

Management and user session connections.

Optional - Used for user session if RDP Load Balancing is enabled.

RAS Performance Monitor

TCP

8086

Agent (Telegraf service) sends collected performance data to InfluxDB.

RAS Secure Gateway in Normal mode

Remote Desktop Services

TCP, UDP

3389

RDP Connections.

RAS Connection Broker

TCP

TCP, UDP

20002

20009

RAS Connection Broker service port - communications with RAS Secure Gateways and the RAS Console (in Normal mode only).

Device Manager shadowing via Firewall (indirect network connection) if RAS Console runs on RAS Connection Broker

RAS Performance Monitor

TCP

8086

Agent (Telegraf service) sends collected performance data to InfluxDB.

Localhost

TCP

20020

Communication with User Portal web server (NodeJS).

RAS Reporting Service

MS SQL

TCP

1433

Store RAS activity information

SSRS

TCP

8085, 443

Enumeration of reports (incl. custom reports)

RAS Provider Agent

RAS Connection Broker

TCP

20003

Connection Broker communication port.

RAS Guest Agent

TCP

UDP

30010

30009

TCP is used to send the commands.

UDP is used during the initial handshake.

RAS Performance Monitor

TCP

8086

Agent (Telegraf service) sends collected performance data to InfluxDB - applicable to Hyper-V only.

Hyper-V

TCP

135, 49152-65535

Used to check if the host is powered on and send export, import, delete, shutdown, restart or suspend commands.

Nutanix AHV (AOS)

TCP

9440

Used to check if the host is powered on and sends clone, delete, shutdown, restart commands (RestAPI calls, PoSH, remote ncli).

VMWare

TCP

443

Used to check if the host is powered on and sends clone, delete, shutdown, restart and suspend commands.

Microsoft Azure

TCP

443

Used to check if the guest is powered on and sends clone, shutdown, restart commands (via REST).

Azure Virtual Desktop

TCP

443

Used to check if the host is powered on and sends clone, shutdown, restart commands (via REST).

AWS

TCP

443

Used to check if the host is powered on and sends clone, shutdown, restart commands (via REST).

Scale

TCP

443

Used to check if the host is powered on and sends clone, shutdown, restart commands (via REST).

Remote PC over VDI

TCP

135, 49152-65535

Used to check if the host is powered on and sends shutdown, restart or suspend commands.

SSRS

Microsoft SQL Server

TCP

1433

RAS Console is connected to RAS Reporting

RAS PowerShell

RAS RD Session Host Agent

TCP

30004

Log retrieval

RAS Guest Agent

TCP

30010

Log retrieval

RAS Remote PC Agent

TCP

30004

Log retrieval

RAS Provider Agent

TCP

30006

Log retrieval

RAS Connection Broker

TCP

20002, 20001

Communication with GA and Redundancy

Used during publishing to browse for installed applications or single file/folder browsing.

RAS Enrollment Server

AD DS controllers

TCP

TCP

TCP,UDP

UDP

389, 3268

636, 3269

88

53

LDAP

LDAPS

Kerberos

DNS

RAS Connection Broker

TCP

UDP

20003

20003

Settings synchronization and performance counters.

Deny Connection Request

Certificate Authority (CA)

TCP

TCP

135

dynamic range

49152 - 65535

DCOM/RPC ports

RAS RD Session Host Agent

RAS Connection Broker

TCP, UDP

20003

Used for communications with RAS Connection Brokers.

Localhost

TCP

30005

For internal commands (memshell, printer redirector).

FSlogix

TCP

443

Download FSlogix installer

RAS Performance Monitor

TCP

8086

Agent (Telegraf service) sends collected performance data to InfluxDB.

RAS Enrollment Server

TCP

30030

RAS RD Session Host Agent (PrlsSCDriver) connects to get logon credentials.

RAS Web Administration Service

RAS RD Session Host Agent

TCP

30004

Log retrieval

RAS Guest Agent

TCP

30010

Log retrieval

RAS Provider Agent

TCP

30006

Log retrieval

RAS Connection Broker

TCP

20002, 20001 30020

Communication with GA and Redundancy

Used during publishing to browse for installed applications or single file/folder browsing.

30020 - remote agent pushing (pre-RAS 18).

RAS RD Session Host Agent

RAS Guest Agent

RAS Remote PC Agent

RAS Connection Broker

RAS Secure Gateway

RAS Enrollment Server

TCP

135, 445

Remote Install Push/Takeover of Software (pre-RAS 18).

RAS Reporting Service

TCP

3000

Integration of RAS Reporting in Management Portal iFrame

*.wvd.microsoft.com

443

Service traffic

AzureVirtualDesktop

gcs.prod.monitoring.core.windows.net

443

Agent traffic

AzureCloud

production.diagnostics.monitoring.core.windows.net

443

Agent traffic

AzureCloud

*xt.blob.core.windows.net

443

Agent traffic

AzureCloud

*eh.servicebus.windows.net

443

Agent traffic

AzureCloud

*xt.table.core.windows.net

443

Agent traffic

AzureCloud

*xt.queue.core.windows.net

443

Agent traffic

AzureCloud

catalogartifact.azureedge.net

443

Azure Marketplace

AzureCloud

kms.core.windows.net

1688

Windows activation

Internet

mrsglobalsteus2prod.blob.core.windows.net

443

Agent and SXS stack updates

AzureCloud

wvdportalstorageblob.blob.core.windows.net

443

Azure portal support

AzureCloud

169.254.169.254

80

Azure Instance Metadata service endpoint

N/A

168.63.129.16

80

Host health monitoring

N/A

https://download.parallels.com/ras/Configuration_01-20-2022.zip

443

Joining a host to a host pool

AzureVirtualDesktop

*.microsoftonline.com

443

Authentication to Microsoft Online Services

login.microsoftonline.us

*.events.data.microsoft.com

443

Telemetry Service

None

www.msftconnecttest.com

443

Detects if the OS is connected to the internet

None

*.prod.do.dsp.mp.microsoft.com

443

Windows Update

None

login.windows.net

443

Sign in to Microsoft Online Services, Microsoft 365

login.microsoftonline.us

*.sfx.ms

443

Updates for OneDrive client software

oneclient.sfx.ms

*.digicert.com

443

Certificate revocation check

None

*.azure-dns.com

443

Azure DNS resolution

None

*.azure-dns.net

443

Azure DNS resolution

None

Tenant - RAS Connection Broker

Tenant Broker - RAS Connection Broker

TCP

20003

Tenant's RAS Connection Broker communicates with Tenant Broker to join Tenant Broker, synchronize configuration and statuses

RAS Guest Agent (used by Azure Virtual Desktop)

Provider Agent

TCP, UDP

30006

Communication with Provider Agent

Subnet broadcast is sent to find Provider Agent

Regular UDP heartbeats

Localhost

TCP

30005

For internal commands - memshell, printer redirector)

RAS Performance Monitor

TCP

8086

Agent (Telegraf service) sends collected performance data to InfluxDB

RAS Enrollment Server

TCP

30030

RAS Guest Agent (PrlsSCDriver) connects to get logon credentials

FSlogix

TCP

443

Download FSlogix installer

RAS Console

RAS Reporting

TCP

30008

RAS Console is connected to primary RAS Connection Broker which communicates with RAS Reporting (installed on the same host as SSRS). SSRS talks to SQL via TCP 1433 (or dynamic if 1433 is not established in the settings).

SSRS

TCP

443

Reports retrieval.

HALB

TCP, UDP

31006

Used for configuration.

Parallels Client

TCP

50005

Shadowing from the RAS Console in case of direct network connection.

RAS RD Session Host Agent

UDP, TCP

30004

Used for the "Check Agent" task.

Used to manage components.

RAS Guest Agent

TCP

UDP

30010

30009

Used to manage components. Used for the "Check Agent" task.

RAS Remote PC Agent

UDP, TCP

30004

Used for the "Check Agent" task.

Used to manage components.

RAS Provider Agent

UDP, TCP

30006

Used for the "Check Agent" task.

Used to manage component.

MFA Server(s)

TCP, UDP

8080, 80, 1812, 1813

Deepnet / Safenet / Radius

Microsoft site

TCP

80, 443

Check for updates and download Parallels Client

Parallels site

TCP

80

Check for updates and download Parallels Client

RAS Secure Gateway

TCP

80, 443

Set the log level or clear/retrieve the log file

Prefers to connect to the normal port (80 by default), falls back to the SSL port (443 by default) if the normal port is disabled

RAS Performance Monitor

TCP

20002, 20001

RAS browser plugin connection to Grafana.

RAS Connection Broker

TCP

20002, 20001

Communication with Connection Broker and redundancy.

RAS Enrollment Server

TCP, UDP

30030

Used for the "Check Agent" task.

Used to manage components and for troubleshooting.

Wyse Broker

UDP

1234 (outbound only)

68 (inbound only)

Wyse broker discovery request broadcast packet (V_WYSEBCAST).

Wyse broker discovery reply packet (V_WYSETEST).

SMTP

TCP

587

RAS Console can send test emails using port specified in the Mailbox settings (+SSL/TLS)

RAS Remote PC Agent

RAS Connection Broker

TCP, UDP

20003

Used for communications with RAS Connection Brokers

Localhost

TCP

30005

For internal commands - memshell, printer redirector)

RAS Performance Monitor

TCP

8086

Agent (Telegraf service) sends collected performance data to InfluxDB

RAS Enrollment Server

TCP, UDP

30030

RAS Remote PC (PrlsSCDriver) connects to get logon credentials

FSlogix

TCP

443

Download FSlogix installer

RAS Connection Broker

AD DS controllers

TCP

TCP

TCP,UDP

UDP

389, 3268

636, 3269

88

53

LDAP

LDAPS

Kerberos

DNS

RAS Connection Broker

TCP

20001

20030

Redundancy service.

Communication between RAS Connection Brokers running in the same site.

Parallels Licensing Server

TCP

443

RAS Connection Broker (primary Connection Broker in Licensing Site) communicates with Parallels Licensing Server (https://ras.parallels.com).

Note: Not required for Tenant Broker RAS Connection Broker (see the Tenant Broker section).

RAS Performance Monitor

TCP

8086

Agent (Telegraf service) sends collected performance data to InfluxDB.

RAS RD Session Host Agent

TCP, UDP

30004

Server for Connection Broker requests.

RAS Provider Agent

TCP, UDP

30006

Provider Agent communication port.

RAS Remote PC Agent

TCP, UDP

30004

Remote PC Agent Communication Port (agent state, counters and session information)

2FA Server(s)

TCP, UDP

8080, 80

1812, 1813

Deepnet/ Safenet

Radius

RAS Enrollment Server

TCP

30030

RAS Connection Broker Sends RAS Enrollment Server connection Request

RAS Reporting

TCP

30008

Master RAS Connection Broker communicates with RAS Reporting (installed on the same host as SSRS).

RAS Remote Installer Service

TCP

30020

Remote agent pushing

RAS RD Session Host Agent

RAS Guest Agent

RAS Remote PC Agent

RAS Connection Broker

RAS Secure Gateway

RAS Enrollment Server

TCP

135, 445, 49179

Remote Install Push/Takeover of Software

SMTP

TCP

587

Notifdispatcher is the service which sends the emails using port specified in the Mailbox settings (+SSL/TLS)

Let's Encrypt Service

TCP

80, 443

Communication between the Let's Encrypt client (available in the primary Connection Broker) and a Let's Encrypt server.