Network requirements cloud solution

This is the network requirements for the cloud solution based on Azure Virtual Desktop (Windows Virtual desktop). It does not describe the old cloud solution based on Citrix or the ASP solution.

Client

...

Citrix client – utilizing general vpn ports

...

One of the Remote Desktop clients mentioned bellow.

Bandwidth depend on the usage and resolution. A minimum of 150 Kbps. File transfer and printing may demand higher bandwidth. 1Mbps or more recommended.

Latency lower then 200 ms. Latency may be checked for West Europe, South West US 2 and South East Asia (depending on which location your installation is set up on) at https://azure.microsoft.com/en-gb/services/virtual-desktop/assessment/

Support for TLS 1.2 using the chiphers

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Outbound access to TCP port 443 for the following destinations:

• *.wvd.microsoft.com
• *.servicebus.windows.net
• microsoft.com
• ms
• microsoft.com
• microsoft.com
• prod.cms.rt.microsoft.com

Outbound access to TCP port 80 and 443 for the following destinations:

• *.msftidentity.com
• *.msidentity.com
• activedirectory.windowsazure.com
• accesscontrol.windows.net
• microsoftonline.com
• passwordreset.microsoftonline.com
• microsoftazuread-sso.com
• microsoftonline.com
• microsoftonline-p.net
• microsoftonline.com
• login.microsoftonline.com
• microsoft.com
• windows.net
• microsoft.com
• microsoftonline.com
• microsoftonline-p.com
• windows.net
• microsoftonline.com
• microsoftonline.com
• login-us.microsoftonline.com
• microsoftonline-p.com
• microsoftonline.com
• microsoftonline.com
• 190.128.0/18
• 126.0.0/18
• 2603:1006:2000::/48
• 2603:1007:200::/48
• 2603:1016:1400::/48
• 2603:1017::/48
• 2603:1026:3000::/48
• 2603:1027:1::/48
• 2603:1036:3000::/48
• 2603:1037:1::/48
• 2603:1046:2000::/48
• 2603:1047:1::/48
• 2603:1056:2000::/48
• 2603:1057:2::/48

• *.hip.live.com
• *.microsoftonline.com
• *.microsoftonline-p.com
• *.msauth.net
• *.msauthimages.net
• *.msecnd.net
• *.msftauth.net
• *.msftauthimages.net
• *.phonefactor.net
• windows.net
• azure.com
• dc.ad.msft.net

• *.entrust.net
• *.geotrust.com
• *.omniroot.com
• *.public-trust.com
• *.symcb.com
• *.symcd.com
• *.verisign.com
• *.verisign.net
• identrust.com
• digicert.com
• int-x3.letsencrypt.org
• globalsign.com
• globalsign.net
• identrust.com
• microsoft.com
• digicert.com
• digicert.com
• trustid.ocsp.identrust.com
• microsoft.com
• digicert.com
• globalsign.com
• msocsp.com
• globalsign.com
• digicert.com
• globalsign.com
• digicert.com
• microsoft.com

Windows Desktop client

Windows 10 or Windows 7 (Windows 8 is not supported). The client from one of the following links matching your Windows system

64 bit systems (https://go.microsoft.com/fwlink/?linkid=2068602)

32 bit systems (https://go.microsoft.com/fwlink/?linkid=2098960)

Mac client

macOS 10.12 or later. 

Download (https://apps.apple.com/app/microsoft-remote-desktop/id1295203466?mt=12)

Web client

Any HTML5 compatible browser, but no mobile OS support. IE 11 will no longer be supported. For Firefox the version must be version 55 or later.

Note that the web client have some restrictions in regard to functionality, specifically accessing local resources (like saving/opening files)

Email

Own email servers or an office365 account.

...

Port 25 is blocked by Microsoft.

Replication

For the Replicator Manager connection to Adonis Replicator Service, the TCP port 8010 is used in most systems. I recommend doing a check here.Adonis Replicator Service uses a connection to an FTP server for file transfer. The Command channel utilizes the TCP port 21, and for the Data transfer channel — the random TCP port in the range 50000-60000.replication to/from our Cloud service. FTP or FTPS (Either active or passive) towards FTP server used for replication.

Active FTP

Outbound TCP to port 21

Outbound TCP to port 990  (FTPS)

Inbound TCP to random port number from port 20 (989 FTPS)

Passive FTP

Outbound TCP to port 21

Outbound TCP to port 5000-6000

Portal

To access the Adonis personnel Portal in a browser, HTTP HTTPS protocol over TCP port 80 443 is used.

Azure

Withing Azure we have several firewalls running but they should not impact your changes. Possible otherwise it would be possible to do a coordinated test run together.

3th party

...

3rd party

For integrations with 3^rd parties, we may have to adjust our Firewall configurations.  We will need the protocol, ports(and direction) and destination servers used for those integrations.