VidyoConnect for WebRTC Server has two standard configurable interfaces: the Production Interface and the Management Interface. These interfaces are configured in the Vidyo Server console menu.
While enabling the Management Interface is optional, it is recommended for improved security. If the Management Interface is not enabled, then all Admin web pages run on the Production Interface.
If running the Admin web pages on the Production Interface it is recommended to configure them on a different port that can be blocked from being accessible from the Internet. See Configuring HTTPS Port Settings for Your Admin Pages for details on how to configure the Admin web pages.
Optionally, a second IP address on the same subnet as the Production Interface may be configured via the Admin Web Interface Configuration > Advanced subtab for the Media Relay (TURN server).
The Production interface have either a public Internet IP address, or a 1:1 NAT – a DMZ IP address that maps directly to the public IP address on the other side of a Firewall.
The WebRTC server must be able to reach the VidyoPortal and VidyoRouter from the Production Interface without using VidyoProxy.
As with all Vidyo Servers, for improved security it is suggested that the Management Interface be an isolated network configured to allow connections from the corporate LAN, but not allowed to make connections out to the corporate LAN.
The following table lists the VidyoConnect for WebRTC Server port usage:
| Type | Number or Range | Direction | Interface | Usage |
|---|---|---|---|---|
| TCP | 443 or configurable to any port | In | Management* | Admin Web Interface |
| TCP | 22 (recommended) or 2222 | In | Management* | ssh - access from the Internet should be blocked |
| TCP | 443 (recommended) or 80 | In | Production | WebRTC and Session Manager signaling |
| UDP | 60000-61000 | Both | Production | SRTP – it is optional to open these ports; if blocked media will be proxied using TURN |
| UDP and TCP | 3478 | In | Production | TURN – TURN may be optionally configured on a different IP address on any port |
| UDP and TCP | 3478 | Out | Production | STUN |
| TCP | 80 or 443 | Out | Production | VidyoPortal Web Services API |
| TCO | 17992 | Out | Production | VidyoManager EMCP |
| TCP | 17990 | Out | Production | VidyoRouter SCIP |
*Management interface ports will run on the Production Interface if the Management Interface is not enabled
Comments
0 comments
Please sign in to leave a comment.