Cisco Unified MeetingPlace, Release 7.0 -- Network Requirements
From DocWiki
m (1 revision) |
m |
||
Line 624: | Line 624: | ||
|} | |} | ||
- | Footnote 1: RMI = Remote Method Invocation | + | '''Footnote 1:''' RMI = Remote Method Invocation |
- | Footnote 2: JRMP = Java Remote Method Protocol | + | '''Footnote 2:''' JRMP = Java Remote Method Protocol |
Revision as of 18:32, 19 March 2009
Main page: Cisco Unified MeetingPlace, Release 7.0
Previous page: System Requirements
Contents |
TCP/UDP Ports for Cisco Unified MeetingPlace
Table: Incoming Ports Used by Cisco Unified MeetingPlace lists the incoming ports, and Table: Outgoing Ports Used by Cisco Unified MeetingPlace lists the outgoing ports, used by Cisco Unified MeetingPlace. Use these lists to make sure that your firewalls do not block access to Cisco Unified MeetingPlace from users or integrated systems, and to make sure that you do not block communication among the Cisco Unified MeetingPlace components and servers.
Note: The ports that you do not need to expose to system administrators or end users are used for local communication between the Cisco Unified MeetingPlace elements or between Cisco Unified MeetingPlace and local services such as Cisco Unified Communications Manager or Microsoft Exchange. Such ports should be blocked in the DMZ or external firewall, but should not be blocked between internal components of the Cisco Unified MeetingPlace solution.
Table: Incoming Ports Used by Cisco Unified MeetingPlace
Protocol | Port Type | Ports | Port Usage | Special Requirements |
---|---|---|---|---|
Application Server | ||||
SSH |
TCP |
22 |
Secure access |
Expose to system administrators. |
HTTP, HTTPS |
TCP |
80, 443 |
Administrator web access |
Expose to system administrators. |
NTP |
UDP |
123 |
Network Time Protocol communication from the Web Servers and Media Servers |
Expose to Web Server in the DMZ. |
SNMP |
UDP |
161 |
SNMP configuration |
Expose to system administrators. |
MP_REPL |
TCP |
2008 |
Database replication between the active and standby servers for Application Server failover |
- |
GWSIM |
TCP |
5003 |
Attachments between the external Web Server and the Application Server |
Expose to Web Server in the DMZ.
|
SIP |
TCP UDP |
5060 |
SIP B2BUA |
- |
HTTP |
TCP |
8080 |
HTTP services |
- |
HTTP |
TCP |
9090 |
Media Server Administration |
Expose to system administrators. |
SIP |
TCP UDP |
61002 |
Recording signaling |
- |
Recording control |
TCP |
61003 |
Recording control |
- |
HTTP |
TCP |
61004 |
Communication from the external Web Server to the Application Server for prompts, recordings, attachment access, and login service for remote users |
Expose to Web Server in the DMZ. |
RTP, RTCP |
UDP |
16384-32767 |
Recording media |
- |
Media Server | ||||
FTP |
TCP |
21 |
Retrieving log files |
Expose to system administrators. |
Telnet |
TCP |
23 |
Telnet |
Expose to system administrators. |
HTTP |
TCP |
80 |
Web user interface |
Expose to system administrators. |
NTP |
UDP |
123 |
Network Time Protocol |
- |
SNMP |
UDP |
161 |
SNMP configuration |
Expose to system administrators. |
MPI |
TCP |
2010 |
MPI (Pompa control protocol) |
- |
DCI |
TCP |
3333 |
DCI (DCS control protocol) |
- |
XML control |
TCP |
3336 |
XML control |
- |
XML cascading |
TCP |
3337 |
XML cascading |
- |
File server |
TCP |
3340 |
File server |
- |
SIP |
TCP UDP |
5060 |
SIP |
- |
RTP/RTCP |
UDP |
16384-16683 |
Audio Blades |
Expose to system administrators and end users. |
RTP/RTCP |
UDP |
20000-21799 |
Video Blades |
Expose to system administrators and end users. |
Video Blade control |
TCP |
2944-2945 |
Video Blade control (H.248) |
- |
Web Server | ||||
HTTP |
TCP |
80 |
User web access
|
Expose to system administrators and end users.
|
HTTPS |
TCP |
443 |
Secure user web access
|
(Optional) Expose to system administrators and end users. If you have external users, then grant access from the Internet to the Web Server in the DMZ. |
RTMP |
TCP |
1627 |
Web meeting room |
(Optional but recommended for best performance) Expose to system administrators and end users. If you have external users, then grant access from the Internet to the Web Server in the DMZ. |
DCOM |
TCP |
Dynamically open 1024 to 65535 |
Cisco Unified MeetingPlace for Microsoft Outlook to Microsoft Exchange uses the CDO API |
Required only for Release 7.0.1 systems using the back-end Microsoft Outlook integration. |
SQL |
TCP |
1433 |
Communication between the Web Server and the SQL Server database |
- |
Control connection |
TCP |
5003 |
Control connection between Web Servers and the Application Server |
Expose to Application Server. |
Microsoft Office Communicator | ||||
SIP/TLS |
TCP |
5060-5069 |
Live Communication Server (LCS) gateway service |
- |
IBM Lotus Sametime | ||||
TCP/UDP |
TCP UDP |
8083 |
Java RMI1 lookup service for IBM Lotus Sametime |
- |
TCP |
TCP |
8086 |
RMI calls (JRMP2) for IBM Lotus Sametime web conferencing |
- |
Footnote 1: RMI = Remote Method Invocation
Footnote 2: JRMP = Java Remote Method Protocol
Note: Table: Outgoing Ports Used by Cisco Unified MeetingPlace contains only a partial list of outgoing ports.
Table: Outgoing Ports Used by Cisco Unified MeetingPlace
Service | Port Type | Port | Purpose | Source | Destination |
---|---|---|---|---|---|
Microsoft Exchange | |||||
HTTP |
TCP |
80 |
Microsoft Exchange integration |
Application Server |
Microsoft Exchange server |
HTTPS |
TCP |
443 |
Microsoft Exchange integration when SSL is enabled |
Application Server |
Microsoft Exchange server |
SMTP |
TCP |
25 |
E-mail notification |
Application Server |
SMTP server or Microsoft Exchange server |
Application Server to Media Server Connectivity
The Media Server should be on the same local network segment as the Application Server. Cisco Unified MeetingPlace does not support Media Server blades that are remotely located.
Application Server to Web Server Connectivity
Confirm that the system meets the following requirements so that the Web Server can communicate with the Application Server:
- The Web Server must be able to communicate with the Application Server on TCP port 5003. This can be achieved by opening port 5003 inbound from the Web Server to the Application Server, in which case the normal registration mechanism will operate. Alternately, the Application Server can initiate a reverse (outbound) connection to the Web Server. For the reverse connection to be initiated, you must enter the MeetingPlace Server name as a host name instead of an IP address during the Cisco Unified MeetingPlace Web Conferencing installation. You will also have to manually configure this Web Server unit on the Application Server.
- Connectivity between the Web Server and the Application Server is of high quality and not subject to interruptions because of traffic congestion. Any time the round-trip latency exceeds 100 ms or there is more than 1 percent packet loss, you should expect a noticeable reduction in service quality.
- TCP port 61004 must be open inbound from the Web Server to the Application Server. There is no "reverse" connection mechanism for this port.
- Cisco recommends opening UDP port 123 (NTP) bidirectionally between the Web Server and the Application Server. This is used for time synchronization. Alternate time synchronization mechanisms may be used, but any significant clock drift will result in failures.
Failover Requirements
To configure failover, you need two Application Servers with a high-speed network connection (preferably 100Mpbs or better) between them.