Pre Sales Communications OmniVista 4760 from R4.1 & OmniPCX Enterprise R7.1 IP Protocols and Ports All rights reserved 2006, Alcatel
Table of contents 1. Objectives...3 2. IP protocols...3 2.1. Global overview...3 2.1.1. Protocols...3 2.2. Protocols and ports used without security protocol...4 2.2.1. Connection...4 2.2.1.1. Windows PC client with connection to the 4760 server...4 2.2.1.2. Web directory consultation...5 2.2.2. Application...6 2.2.2.1. Configuration...6 2.2.2.2. Accounting...7 2.2.2.3. Directory...8 2.2.2.4. Alarms...9 2.2.2.5. Topology...10 2.2.2.6. Scheduler...11 2.2.3. Miscellaneous...12 2.2.3.1. Report generation...12 2.2.3.2. OXE declaration...13 2.2.3.3. Save OXE data...14 2.2.3.4. OXE automatic synchronization...16 2.2.3.5. TELNET...17 2.2.3.6. Hypervisor integration...18 2.3. Protocols and ports used with security protocols...19 2.3.1. Between PBX and OmniVista 4760 server...19 2.3.1.1. SSH/SFTP...19 2.3.2. Between OmniVista 4760 server and client...20 2.3.2.1. IPSec protocol...20 End of document...21 ESD / Pre Sales / JMB 2/21 February 2009 Ed01b
1. Objectives This document provides the list of all IP protocols and the ports used by the OmniVista 4760 (client/server) to manage an OmniPCX Enterprise. The use of these protocols and ports is described through the examples. 2. IP protocols 2.1. Global overview 2.1.1. Protocols GIOP: OmniVista 4760 uses CORBA (Common Object Request Broker Architecture) technology to communicate between Server and Client. GIOP is the CORBA exchange protocol. LDAP: is used to retrieve or send data to the Directory server. HTTP: is used to provide HTML pages and on-line help. TDS: is used to access the accounting database (SQL Sybase). CMOT: is used to retrieve or send the data from the PBX database. TELNET: is used when the user connects to the PBX system. FTP: is the file transfer protocol used to retrieve the PBX files (accounting, past time performance). The active mode is used up to OmniVista R3.1; the passive mode is used from OmniVista R3.2. ESD / Pre Sales / JMB 3/21 February 2009 Ed01b
SSH: is the secure protocol that replaces TELNET and FTP. SFTP is the file transfer protocol embedded with SSH protocol. SFTP it is not the evolution of the FTP protocol. SNMP: is used to provide voice network alarms by SNMP traps. SMTP: is used following an event, which includes sending information to a mail server. By default, 4760 sends the message to port 25 of the SMTP server. Information about SMTP is not provided in this document. STAP: Simple Telephony Application Protocol. It is used with the call by name feature in the Enterprise Directory. 2.2. Protocols and ports used without security protocol All ports, which are defined by default, can be modified after OmniVista 4760 server installation (for more information, see technical documentation). When the customer only uses the embedded client in the server, all the listening ports to a remote PC client management remain closed. There is no need to open the customer firewall. All listening ports of the 4760 server and PC client that are used by protocols are opened when a session starts. 2.2.1. Connection 2.2.1.1. Windows PC client with connection to the 4760 server The protocols used are available whatever the type of Client Management (browser or client embedded in the Windows PC). The protocols and ports used are the same with or without user identification. GIOP: At the first connection, it is used to communicate with: The security server, The notification server. ESD / Pre Sales / JMB 4/21 February 2009 Ed01b
The license server and user access rights are sent via this protocol. OmniVista 4760 from R4.1 IP Protocols The default listening ports used by the 4760 server are: 30025, 30019, 30012. The default listening port used by the PC Client management is a free port in range: 30500 to 30509. LDAP: It is used to retrieve directory system information. The default listening port used by the 4760 server is: 389. HTTP: It is used for the help on the way. The default listening port used by the 4760 server is: 80. 2.2.1.1.1. Ports usage PC Client Management Ports DP DP DP Connection to the Directory server Access to the security server Access right request as PC client Ports 389 30025 30019 OmniVista 4760 DP Test HTTP server 80 DP Request to the notification server 30012 RP Answer of the notification server DP DP : Dynamics Ports: Between1024 to 5000 RP : Range ports : between 30500 to 30509 2.2.1.2. Web directory consultation HTTP: It is used for the web presentation. The default listening port used by the 4760 server is: 80. ESD / Pre Sales / JMB 5/21 February 2009 Ed01b
2.2.1.2.1. Ports usage 2.2.2. Application 2.2.2.1. Configuration The protocols and ports described below concern the launching module and connection in the PBX. All PBX configuration actions are made in this way. GIOP: In this context, this protocol is used to: Request connection to the 4760 server, Send and receive PBX data information, Synchronize with the PBX MIB, Receive alarms and events configuration commands, Retrieve security information about user rights. The default listening ports used by the 4760 server are: 30022, 30014, 30017, 30018, 30025. The default listening port used by the PC Client management is a free port in the range: 30500 to 30509. LDAP: It is used to retrieve information about the PBX managed by the 4760 ESD / Pre Sales / JMB 6/21 February 2009 Ed01b
The default listening port used by the 4760 server is: 389. CMISE: is used to send requests to the OmniPCX Enterprise. The listening port of the OmniPCX Enterprise is: 2535. HTTP: is used when the GUI mode is used for set configuration. OmniVista 4760 from R4.1 IP Protocols 2.2.2.1.1. Ports usage 2.2.2.2. Accounting The protocols and ports described below concern the launching application and accounting configuration in the server. For accounting reports, see chapter 2.2.3.1 report generation). ESD / Pre Sales / JMB 7/21 February 2009 Ed01b
TDS: is used to retrieve Data in the accounting database (Sybase Anywhere). The default listening port used by the 4760 server is: 30011. LDAP: is used to retrieve the accounting information (rights ) in the directory system. The default listening port used by the 4760 server is: 389. GIOP: is used to retrieve security information about user rights. The default listening port used by the 4760 server is: 30025. 2.2.2.2.1. Ports usage 2.2.2.3. Directory The protocols and ports described below concern the launching application and Directory configuration in the server. For declaring the OXE, see chapter 2.2.3.2 OXE declaration. ESD / Pre Sales / JMB 8/21 February 2009 Ed01b
TDS: is used to retrieve information from the accounting database (Sybase Anywhere). The default listening port used by the 4760 server is: 30011. LDAP: is used to retrieve the Data in the directory system. The default listening port used by the 4760 server is: 389. GIOP: is used to retrieve security information about user rights. The default listening port used by the 4760 server is: 30025. 2.2.2.3.1. Ports usage 2.2.2.4. Alarms The protocols and ports described below concern the launching application and Alarm actions made in the server (Delete, Acknowledge ). For alarm reports, see chapter 2.2.3.1 Report generation. ESD / Pre Sales / JMB 9/21 February 2009 Ed01b
GIOP: In this context, this protocol is used to receive alarms and events configuration from the notification server. The default listening port used by the 4760 server is: 30022. The default listening port used by the PC Client management is: 30500 to 30509 LDAP: is used to retrieve the alarms information (right ) in the directory system. The default listening port used by the 4760 server is: 389. 2.2.2.4.1. Ports usage 2.2.2.5. Topology The protocols and ports described below concern the launching application and actions made in Topology (object creation ). ESD / Pre Sales / JMB 10/21 February 2009 Ed01b
GIOP: In this context, the protocol is used to receive alarms from the notification server and retrieve user rights from the security server. The default listening port used by the 4760 server is: 30022, 30025. The default listening port used by the PC Client management is a free port in range: 30500 to 30509. LDAP: is used to retrieve the topology information (PBX ) in the directory system. The default listening port used by the 4760 server is: 389. HTTP: It is used for the Topology GUI and the on-line help. The default listening port used by the 4760 server is: 80. 2.2.2.5.1. Ports usage 2.2.2.6. Scheduler The protocols and ports described below concern the launching application and actions made in Scheduler (job creation...). ESD / Pre Sales / JMB 11/21 February 2009 Ed01b
GIOP: is used to communicate with the Scheduler server and the security server The default listening ports used by the 4760 server are: 30024 and 30025. LDAP: is used to retrieve the scheduler information (rights ) in the directory system. The default listening port used by the 4760 server is: 389. 2.2.2.6.1. Ports usage 2.2.3. Miscellaneous 2.2.3.1. Report generation The protocols and ports described below concern the launching application and reports generation. All report types are concerned (accounting, alarms, performances). ESD / Pre Sales / JMB 12/21 February 2009 Ed01b
GIOP: is used to communicate with the extractor server and security server The default listening port used by the 4760 server is: 30016 and 30025. TDS: is used to retrieve data in the accounting database (Sybase Anywhere). The default listening port used by the 4760 server is: 30011. LDAP: is used to retrieve the Directory information necessary to generate a report. The default listening port used by the 4760 server is: 389. 2.2.3.1.1. Ports usage 2.2.3.2. OXE declaration The protocols and ports described below only concern OXE declaration. ESD / Pre Sales / JMB 13/21 February 2009 Ed01b
CMISD: is used to supervise the OmniPCX Enterprise alarms. If the OXE alarms are not supervised, the protocol is not used when an OXE PBX is declared. The listening port of the OmniPCX Enterprise is: 2535. FTP or SFTP: is used to retrieve the OmniPCX Enterprise MIB. If the MIB is already in the OmniVista database, the MIB is not retrieved from the OmniPCX Enterprise and the FTP protocol is not used. The listening port of the OmniPCX Enterprise is: 21. If SFTP is used the listening and data port is: 22 (see 2.3.1.1) 2.2.3.2.1. Ports usage 2.2.3.3. Save OXE data The protocols and ports described below only concern the save of OXE data. ESD / Pre Sales / JMB 14/21 February 2009 Ed01b
GIOP: is used to communicate with the backup/restore server. The default listening port used by the 4760 server is: 30023. FTP or SFTP: is used to retrieve OmniPCX Enterprise database. The listening port of the OmniPCX Enterprise is: 21. If SFTP is used, the listening and data port is: 22 (see 2.3.1.1) LDAP: is used to retrieve Directory information necessary for the OmniPCX database backup/restore. The default listening port used by the 4760 server is: 389 2.2.3.3.1. Ports usage ESD / Pre Sales / JMB 15/21 February 2009 Ed01b
2.2.3.4. OXE automatic synchronization The protocols and ports described below are only used when the scheduler window is open. CMISD: is used: To supervise the OmniPCX Enterprise alarms, To retrieve specific telephonic database data (subscriber phone number ) The listening port of the OmniPCX Enterprise is: 2535. FTP or SFTP: is used to retrieve the files from the OmniPCX Enterprise (MIB, Accounting tickets, PTP counters, VOIP tickets). The listening port of the OmniPCX Enterprise is: 21. If SFTP is used, the listening and data port is: 22 (see 2.3.1.1) GIOP: is used to communicate with the Scheduler server The default listening port used by the 4760 server is: 30024. HTTP: It is used for on-line help. The default listening port used by the 4760 server is: 80. 2.2.3.4.1. Ports usage ESD / Pre Sales / JMB 16/21 February 2009 Ed01b
2.2.3.5. TELNET TELNET: is used when the 4760 administrator connects to the OmniPCX in terminal mode. In this way, all technical commands to the OmniPCX Enterprise can be made (Login and password are required). TELNET protocol is not secured. The default ports used by the 4760 server are in the range: 30100 to 30149 ESD / Pre Sales / JMB 17/21 February 2009 Ed01b
The listening port of the OmniPCX Enterprise is: 23. 2.2.3.5.1. Ports usage OmniVista 4760 from R4.1 IP Protocols 2.2.3.6. Hypervisor integration SNMP: The 4760 SNMP traps are sent via this protocol. The listening port of the 4760 is: 161 2.2.3.6.1. Ports usage ESD / Pre Sales / JMB 18/21 February 2009 Ed01b
2.3. Protocols and ports used with security protocols 2.3.1. Between PBX and OmniVista 4760 server 2.3.1.1. SSH/SFTP SFTP: is the Secured File Transfer Protocol of SSH protocol that replaces TELNET and FTP. It can be used from OmniPCX R6.0. When the 4760 administrator connects to the OmniPCX in terminal mode, a Proxy in the 4760 server is used. In this way, all technical commands to the OmniPCX Enterprise can be made (Login and password are required). SSH: is used for Remote maintenance. Authentication is mandatory (Login / Password). Secured File Transfer Protocol retrieve: MIB structure, Accounting tickets, Counters of Past time performance, VOIP tickets. The port used by default in the 4760 server is: 30100 The listening port of the OmniPCX Enterprise is: 22. 2.3.1.1.1. Ports usage ESD / Pre Sales / JMB 19/21 February 2009 Ed01b
2.3.2. Between OmniVista 4760 server and client 2.3.2.1. IPSec protocol IPSec is a standard, which includes specific protocols. OmniVista 4760 from R4.1 IP Protocols When IPSec is used, the ports, which have been described in the previous chapter 2.2, are not seen through the data network. They are still used at the end point (OXE, 4760 sever or client). IPSec can be deployed if the Operating System for the OmniVista 4760 server is Windows 2003 and Windows 2000, XP or 2003 for the OmniVista 4760 client. By default, IPSec protection is not active between 4760 server & client. IPSec protection of OmniVista 4760 is built with two IPSec windows strategies provided by Alcatel (client strategy & server strategy). Except for the HTTP protocol (port 80), these strategies provide security for all the client/server communications. HTTP port (80) can be added into the IPSec protection, but the Windows PC Web browser, which has active IPSec, can only have access to the 4760 Web Administration server. In the case of a third party, where the LDAP application would need to access the 4760 Directory Server (LDAP overflow from the OXE, LDAP replication, Alcatel 4059), the LDAP port (389 of the 4760 server) must be removed from the IPSec strategy. IPSec slows down access time and data exchanges. If the time delays are excessive, IPSec protection field can be reduced (modification of strategies). If the customer has an IPSec strategy, the IPSec protection of the OmniVista 4760 must be included in it. ESD / Pre Sales / JMB 20/21 February 2009 Ed01b
KERBEROS: is used to send the authentication request to the Kerberos server embedded in the Data Controller. Authentication is requested when the PC starts. UDP or TCP support depends on the Kerberos message size. If the size is not compliant with UDP format, it is sent by TCP format. The Microsoft System makes the choice. ISAKMP: is the security protocol used to define security keys and algorithms. In 4760 server or client, the Port #500 is used as source and destination port. ESP: is the security protocol used to provide data privacy for the communication exchange between the OmniVista 4760 server and the client. 2.3.2.1.1. Ports usage IPSec protection, simplifies firewall configuration because the communication ports embedded in the IPSec strategy are not filtered in firewalls. If you have reactions or comments to make about this document, please send an e-mail to enterprise.presalesfeedback@alcatel.fr with the title of this document and the subject. End of document ESD / Pre Sales / JMB 21/21 February 2009 Ed01b