Horizon 7 uses TrueSSO ports for the communications pathway (port and protocol) and security controls used for the certificate to pass between Horizon Connection Server and the virtual desktop or published application for a certificate login associated with the TrueSSO solution.

Table 1. TrueSSO Ports Used by Horizon 7

Source

Target

Port

Protocol

Description

Horizon Client

VMware Identity Manager appliance

TCP 443

HTTPS

Launch Horizon 7 from VMware Identity Manager appliance which generates SAML assertion and artifact.

Horizon Client

Horizon Connection Server

TCP 443

HTTPS

Launch Horizon Client.

Horizon Connection Server

VMware Identity Manager appliance

TCP 443

HTTPS

Connection Server performs SAML resolve against VMware Identity Manager. VMware Identity Manager validates artifact and returns assertion.

Horizon Connection Server

Horizon Enrollment Server

TCP 32111

Use the Enrollment Server.

Enrollment Server

ADCS

Enrollment Server requests certificate from Microsoft Certificate Authority (CA) to generate a temporary, short-lived certificate.

The enrollment service uses TCP 135 RPC for the initial communication with the CA, then a random port from 1024 - 5000 and 49152 -65535. See Certificate Services in https://support.microsoft.com/en-us/help/832017#method4.

Enrollment Server also communicates with domain controllers, using all relevant ports to discover a DC and bind to and query the Active Directory.

See https://support.microsoft.com/en-us/help/832017#method1 and https://support.microsoft.com/en-us/help/832017#method12.

Horizon Agent

Horizon Connection Server

TCP 4002

JMS over TLS

Horizon Agent requests and receives a certificate for logon.

Virtual desktop or published application

AD DC

Windows validates the authenticity of the certificate with Active Directory. See Microsoft documentation for a list of ports and protocols, as numerous ports might be required.

Horizon Client

Horizon Agent (protocol session)

TCP/UDP 22443

Blast

Log on to the Windows desktop or application and a remote session is initiated on Horizon Client.

Horizon Client

Horizon Agent (protocol session)

UDP 4172

PCoIP

Log on to the Windows desktop or application and a remote session is initiated on Horizon Client.