5.1. Security Groups Requirements¶
Before creating your Connection Broker and Leostream Gateway instances, ensure that you have the appropriate security groups configured in Virtuozzo Hybrid Infrastructure. Leostream requires the following ports be open for incoming traffic to the specified component. Consider three separate security groups:
Connection Broker
Leostream Gateway
VDI instances
Port |
Required By |
Purpose |
|---|---|---|
22 |
Connection Broker, Leostream Gateway |
For SSH access to the Connection Broker or Leostream Gateway, if required. |
443 |
Connection Broker, Leostream Gateway |
For access to the Connection Broker Web interface, and communications from the Leostream Agents and Leostream Connect. On the Leostream Gateway, for communication from Leostream Connect and to use the Leostream HTML5 viewer. |
20001-22000 |
Leostream Gateway |
The Leostream Gateway uses this default port range to forward display protocol traffic from the user’s client device to an instance isolated in a private VHI network. You may optionally change this port range using the Leostream Gateway CLI. NOTE: You do not need to open this range if you use the display protocol port for forwarding desktop connection traffic. For that scenario, open the display protocol port in the Leostream Gateway security group, instead. |
8080 |
VDI instances |
Port for communications from the Connection Broker to the Leostream Agent. * The Leostream Agent port may be changed using the Leostream Agent Control Panel dialog. If you change the default Leostream Agent port, ensure that you open the associated port in the security group |
3389** |
VDI instances, Leostream Gateway |
For RDP access to the VDI/DaaS instances ** This port is dependent on the display protocol you plan to use. If you use a display protocol other than RDP, ensure that you open the ports required by that display protocol. |