I just received an email from a peer asking me about the firewall ports that you’d need to open to ensure that AppSense DesktopNow was able to work across remote sites. That set me thinking as I’d never read anything that particularly seemed to indicate there was any special configuration required. However, I haven’t really done the most complex implementations in the world – most of my clients tend to use XenApp, which means most of the time I am dealing with deploying agents and configurations onto servers that are physically close to my Management Server.
From a quick bit of brainstorming I quickly thought that you’d need to allow http or https traffic for your communication with the Management Server, and from there to the remote database you’d obviously need to allow SQL communication as well. The one thing I’d omitted was BITS traffic, as that’s what the Management Server uses to download configurations to the clients. BITS runs over http or https too (it’s really a sub-component of IIS, if I understand it correctly), so all I’d expect you to need would be
BITS over HTTP (TCP 80) or BITS over HTTPS (443)
SQL (TCP 1433)
Rather than configuring individual firewall exceptions on your clients themselves, the AppSense-recommended way is generally just to enable for File and Print Sharing in the Windows firewall settings (although on most networks I’d expect to probably see this done already). For the record, opening up this setting (via GPO, I should expect) would open up the following ports
NetBIOS – TCP 139, UDP 137, UDP 138
LLMNR – TCP 5255, UDP 5355
SMB – TCP 445
RPC – TCP 135, TCP 445, UDP 445
In addition, you may also need these ports configuring for certain aspects of Performance Manager
RDP – TCP 3389
Other – TCP 52653, UDP 1434
As far as I know, these should be the only ports you’d need to open up to allow AppSense DesktopNow to function correctly. Please, someone correct me if I’ve missed something – I haven’t actually been able to find any official documentation of this, so I could be completely wrong :-0
Update – in response to comments received, I’ve updated the above ports to include those necessary for Performance Manager Application Discovery to work.
Share
