Avaya Port Matrix: Avaya Aura Conferencing 8.0

Similar documents
Avaya Port Matrix: Avaya Diagnostic Server 2.5

Avaya Port Matrix: Avaya one-x Communicator Release 6

Cisco Expressway IP Port Usage for Firewall Traversal. Cisco Expressway X8.1 D December 2013

Cisco TelePresence Video Communication Server (Cisco VCS) IP Port Usage for Firewall Traversal. Cisco VCS X8.5 December 2014

Ports Reference Guide for Cisco Virtualization Experience Media Engine for SUSE Linux Release 9.0

IBM Security QRadar Version Common Ports Guide

Cisco Collaboration with Microsoft Interoperability

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

BrainDumps Q.A

High Availability Configuration Guide Version 9

Administrator Guide for Avaya Scopia Management for Aura Collaboration Suite

Configuring a SIP Trunk between Avaya Aura Session Manager Release 6.1 and Avaya Communication Server 1000E Release 7.5 Issue 1.0

Application Note: GateManager Internet requirement and port settings

Cisco Expressway Basic Configuration

Polycom RealPresence Access Director System Administrator s Guide

BlackBerry Enterprise Service 10. Version: Configuration Guide

LifeSize Transit Deployment Guide June 2011

Lotus Sametime. FIPS Support for IBM Lotus Sametime 8.0. Version 8.0 SC

Setup Guide Access Manager 3.2 SP3

Application Notes for Microsoft Office Communicator R2 Client integration with Avaya one-x Portal and Intelligent Presence Server - Issue 1.

Cisco WebEx Meetings Server Administration Guide

Optional VBP-E at the Headquarters Location

The Bomgar Appliance in the Network

MS Skype for Business and Lync. Integration Guide

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Deployment Guide. AX Series for Microsoft Lync Server 2010

Remote Access Platform. Architecture and Security Overview

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

Securing Networks with PIX and ASA

SolarWinds Log & Event Manager

Cisco TelePresence VCR MSE 8220

DameWare Server. Administrator Guide

Getting Started Guide Polycom RealPresence Resource Manager System, Appliance Edition

Deploying F5 to Replace Microsoft TMG or ISA Server

Application Note: Cisco Integration with Onsight Connect

Configuration Guide. BES12 Cloud

VMware vcenter Log Insight Security Guide

Deploying the BIG-IP System with Microsoft Lync Server 2010 and 2013 for Site Resiliency

Port Utilization Guide for Cisco Unified Contact Center Express, Release 8.5(1)

SSL VPN Technology White Paper

HP A-IMC Firewall Manager

Server Installation ZENworks Mobile Management 2.7.x August 2013

Configuration Guide BES12. Version 12.3

F-Secure Messaging Security Gateway. Deployment Guide

User Manual. Page 2 of 38

Avaya Video Conferencing Manager Deployment Guide

Required Ports and Protocols. Communication Direction Protocol and Port Purpose Enterprise Controller Port 443, then Port Port 8005

Acano solution. Third Party Call Control Guide. March E

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Dell One Identity Cloud Access Manager How to Configure for High Availability

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

Troubleshooting Procedures for Cisco TelePresence Video Communication Server

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

BROADSOFT PARTNER CONFIGURATION GUIDE VEGASTREAM VEGA 100

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

eprism Security Suite

Application Note. Onsight Connect Network Requirements v6.3

Installation Guide Supplement

Interwise Connect. Working with Reverse Proxy Version 7.x

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

TCP/IP ports on the CMM, IMM, IMM2, RSA II, BMC, and AMM management processors 1

CA Nimsoft Monitor Snap

Cisco TelePresence VCS Cluster Creation and Maintenance

Web Application Firewall

How to Make the Client IP Address Available to the Back-end Server

Unified Communications in RealPresence Access Director System Environments

Application Notes for Avaya Aura Conferencing 7.2 and Radvision SCOPIA Elite MCU Issue 1.0

Configuration Guide BES12. Version 12.2

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

CA Process Automation

HP IMC User Behavior Auditor

Pre Sales Communications

Migrating, Installing, and Configuring ADOBE CONNECT 7.5 SERVICE PACK 1

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

IP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online

SapphireIMS 4.0 BSM Feature Specification

CUSTOMER SAP Afaria Overview

LifeSize ClearSea Administrator Guide

Hardening Guide. Installation Guide

Introduction to the EIS Guide

Connectivity Security White Paper. Electronic Service Agent for AIX and Virtual I/O Server (VIOS)

Polycom Unified Communications in RealPresence Access Director System Environments

SIP Trunking Configuration with

This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1.

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

SIP Trunking with Microsoft Office Communication Server 2007 R2

Virtual Appliance Setup Guide

NETASQ MIGRATING FROM V8 TO V9

CA Nimsoft Monitor. snmptd Guide. v3.0 series

Configuration Guide BES12. Version 12.1

Avaya one-x Client Enablement Services Overview

ETM System SIP Trunk Support Technical Discussion

EXPLORER. TFT Filter CONFIGURATION

IBM. Vulnerability scanning and best practices

How To Configure SSL VPN in Cyberoam

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Foglight Experience Monitor and Foglight Experience Viewer

Transcription:

Avaya Matrix: Avaya Aura Conferencing 8.0 Issue 1.3 April 12, 2016 Avaya Matrix: Avaya Aura Conferencing 8.0. April 2016

ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED "AS IS". AVAYA INC. DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND FURTHERMORE, AVAYA INC. MAKES NO REPRESENTATIONS OR WARRANTIES THAT THE INFORMATION PROVIDED HEREIN WILL ELIMINATE SECURITY THREATS TO CUSTOMERS SYSTEMS. AVAYA INC., ITS RELATED COMPANIES, DIRECTORS, EMPLOYEES, REPRESENTATIVES, SUPPLIERS OR AGENTS MAY NOT, UNDER ANY CIRCUMSTANCES BE HELD LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE, EXEMPLARY, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THE INFORMATION PROVIDED HEREIN. THIS INCLUDES, BUT IS NOT LIMITED TO, THE LOSS OF DATA OR LOSS OF PROFIT, EVEN IF AVAYA WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR USE OF THIS INFORMATION CONSTITUTES ACCEPTANCE OF THESE TERMS. 2014 Avaya Inc. All Rights Reserved. All trademarks identified by the or are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. 2 Avaya Matrix: Avaya Aura Conferencing 8.0

1 Conferencing Components The Avaya Aura Conferencing server platform supports the configuration of a single bonded network interface. Each bonded interface consists of two physical Ethernet network interfaces operating in active/standby mode. The server attaches to only one subnet and uses only one server IP address for the bond0 interface. The Avaya Aura Conferencing server platform supports the configuration of multiple IPv4 addresses in one subnet. Depending on the deployment model selected for deployment, one or more components may share the same server, along with the server IP address. Please refer to Deploying Avaya Aura Conferencing 8.0 for supported configurations. Component Description Database The Database is the component that stores configuration data for the Avaya Aura Conferencing Network Elements. Element Manager (EM) The Element Manager is the component that manages all the Avaya Aura Conferencing Network Elements. Accounting Manager The Accounting Manager is the component that manages all the billing (AM) and account details. Provisioning Manager The Provisioning Manager is the component that manages configuration procedures via a web interface for configuring system wide conferencing details and templates, and managing user configuration specific to conferencing. Collaboration Agent (CA) The Collaboration Agent Manager is the component that hosts the Manager Collaboration Agent which is a web interface for users to see their conference status, perform actions on the conference, and share a web collaboration session. Server (AS) The Server is the component that manages conferencing signaling. Media Server (MS) The Media Server is the component that host conferencing, relay media, and optionally records and stores recorded content for playback retrieval when configured in a Recording Media Server Cluster. When used in the co-resident deployment model, the Media Server requires an additional IPv4 network address on the bond0 interface for media due to the number of ports used by media flows. Web Conferencing Management Server (WCMS) Web Conferencing Server (WCS) Document Conversion Server (DCS) Flash Media Gateway (FMG) Flash Media Management Server Audio/Video in Collaboration Management al Client The Web Conferencing Management Server is the component that manages Web Conferencing Servers and relays documents to the Document Conversion Server when document conversion is requested. The Web Conferencing Server is the component that handles user actions and media during web collaboration. The Document Conversion Server it the component that converts Office documents into the format required for document sharing during a web conference session. The FMG component converts sessions between the Flash-domain (RTMP signaling and media) and the Multimedia-domain (SIP signaling and RTP/RTCP media). The Flash Media Management Server component provides OAM&P functions for configuration, administration, and management of Audio/Video in Collaboration Agent. This is a Flash-based client that connects to the Flash Media Management Server and provides access to OAM&P functions for configuration, administration, and management of Audio/Video in Collaboration systems. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 3

Component Avaya Aura Session Manager Avaya Aura System Manager Avaya Session Border Controller (SBC) Description The Avaya Aura Session Manager is the SIP routing and core component of the Avaya Aura solution. The Avaya Aura System Manager is the central management system component of the Avaya Aura solution. The Avaya Session Border Controller is a secure interface for SIP trunking and remote worker connectivity. 4 Avaya Matrix: Avaya Aura Conferencing 8.0

2 Usage Tables 2.1 Usage Table Heading Definitions Ingress Connections (In): This indicates connection requests that are initiated from external devices to open ports on this product. From the point of view of the product, the connection request is coming In. (Note that in most cases, traffic will flow in both directions.) Egress Connections (Out): This indicates connection requests that are initiated from this product to known ports on a remote device. From the point of view of the product, the connection requests is going Out. (Note that in most cases, traffic will flow in both directions.) Intra-Device Connections: This indicates connection requests that both originate and terminate on this product. Normally these would be handled on the loopback interface, but there may be some exceptions where modules within this product must communicate on ports open on one of the physical Ethernet interfaces. These ports would not need to be configured on an external firewall, but may show up on a port scan of the product. Destination : This is the default layer-4 port number to which the connection request is sent. Valid values include: 0 65535. A (C) next to the port number means that the port number is configurable. Refer to the Notes section after each table for specifics on valid port ranges. Network/ : This is the name associated with the layer-4 protocol and layers-5-7 application. Disabled: This field indicates whether customers can enable or disable a layer-4 port changing its default port setting. Valid values include: Yes or No No means the default port state cannot be changed (e.g. enabled or disabled). Yes means the default port state can be changed and that the port can either be enabled or disabled. : A port is either open, closed, filtered or N/A. Open ports will respond to queries. Closed ports may or may not respond to queries and are only listed when they can be optionally enabled. Filtered ports can be open or closed. Filtered UDP ports will not respond to queries. Filtered TCP will respond to queries, but will not allow connectivity. N/A is used for the egress default port state since these are not listening ports on the product. External Device: This is the remote device that is initiating a connection request (Ingress Connections) or receiving a connection request (Egress Connections). Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 5

2.2 Tables Below are the tables which document the port usage for this product. Each component is represented by a separate table. For components that use more than one IP Address, that component has a table for each address separating the ingress/egress traffic per IP Address. Most components share a server IP Address with other components therefore there will be some duplication of ports, for example each server IP address will have the SSH TCP 22 open. For communication between components, egress traffic will be ingress traffic for the other component. In addition, unless otherwise noted, the source port of the data flows is the ephemeral port range (49152 65535) as suggested by the IANA. 2.2.1 Firewall Boundary Legend Notes If communication may cross an optional firewall boundary, it is noted in the note column for that table using the following symbols: δ Used to note communication crossing Firewall boundary between a DMZ and the Core Data Center Network. δ Used to note communication crossing Firewall boundary between a DMZ and the Core Data Center that exists due to initial installation having the WCMS in the DMZ and has not been moved to the Core Data Center Network. ε Used to note communication crossing DMZ Firewall boundary from the Internet. ρ Used to note communication crossing Firewall boundary between the Core Data Center Network and a Remote Hosting Location Network. Figure 1 below shows a high level diagram where these firewall boundaries may exist and the corresponding symbol use to correlate using the notes column in the respective tables that follow. ε δ ρ Internet DMZ Enterprise Network Remote Location Figure 1: Firewall Boundaries 6 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

2.2.2 Conferencing Database Servers No. Destination Table 1 s for Database (DB) Server IP Addresses 1.1.1 22 TCP/SSH No Open Admin Terminal, SAL Gateway System Management requiring shell access 1.1.2 4891 TCP/TLS No Open EM Server NED 1.1.3 5432 TCP/TLS No Open EM Server Database SQL 1.1.4 5432 TCP/TLS No Open AM Server Database SQL 1.1.5 5432 TCP/TLS No Open Provisioning Manager Server Database SQL 1.1.6 5432 TCP/TLS No Open CA Manager Server Database SQL δ 1.1.7 5432 TCP/TLS No Open AS Server Database SQL 1.1.8 5432 TCP/TLS No Open MS Server Database SQL ρ 1.1.9 5432 TCP/TLS No Open WCMS Server Database SQL δ 1.1.10 5432 TCP/TLS No Open WCS Server Database SQL δ 1.1.11 5432 TCP/TLS No Open DCS Server Database SQL 1.1.12 5438-5439 TCP/TLS No Open Redundant Database server Database synchronization 1.2.1 123 UDP No N/A NTP Source NTP 1 1.2.2 514 UDP Yes N/A Syslog server Remote Syslog Server 1.2.3 2100 TCP/TLS No N/A All Network Element servers NED FTP pull passive mode (control) 2 1.2.4 2101 2151 TCP/TLS No N/A All Network Element servers NED FTP pull passive mode (data) 2 1.2.5 5438 5439 TCP/TLS No N/A Redundant Database server Database synchronization INTRA-DEVICE CONNECTIONS 1.3.1 NONE Notes: 1. Source port 123 2. Uses SSL FTP (RFC 4217) Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 7

2.2.3 Element Manager No. Destination Table 2: s for EM Server IP Address 2.1.1 22 TCP/SSH No Open Admin Terminal, SAL Gateway System Management requiring shell access 2.1.2 123 UDP No Open NTP Source NTP 1 2.1.3 161 UDP No Open All Network Element servers SMNP (GET) δ,δ,ρ 2.1.4 2100 TCP/TLS No Open All Network Element servers NED FTP pull passive mode (control) δ,δ,ρ,2 2.1.5 2101 2151 TCP/TLS No Open All Network Element servers NED FTP pull passive mode (data) δ,δ,ρ,2 2.1.6 4891 TCP/TLS No Open All Network Element servers NED δ,δ,ρ 2.1.7 12102 TCP/TLS No Open EM Service Config. Mtce (perfect channel) 2.1.8 12102 UDP No Open EM Service Config. Mtce (perfect channel) and associated heartbeat to the TCP Perfect Channel. 2.1.9 12113 TCP No Open EM Service Logs (perfect channel) 2.1.10 12113 UDP No Open EM Service Logs (perfect channel), Associated Heartbeat to TCP Perfect Channel 4 2.1.11 12115 TCP No Open EM Service OMs (perfect channel) 2.1.12 12115 UDP No Open EM Service OMs (perfect channel), Associated Heartbeat to TCP Perfect Channel 5 2.1.13 12150 UDP No Open Redundant EM Server FT heartbeat 6,7 2.1.14 12153 TCP No Open Redundant EM Server FT Sync Channel 6 2.1.15 49152 65535 UDP No Open Redundant EM Server FT Sync Channel 6 2.1.16 49152 65535 UDP No Open EM Service Alarms (sync channel) 2.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 2.2.2 123 UDP No N/A NTP Source NTP 1 2.2.3 161 UDP No N/A Media Server SNMP (GET) 2.2.4 443 TCP/HTTPS No N/A Avaya Aura System Manager Trust Management 2.2.5 514 UDP Yes N/A Syslog Server Remote Syslog Server 2.2.6 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 2 2.2.7 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 2 2.2.8 5432 TCP/TLS No N/A DB Server Database SQL 2.2.9 12112 UDP No N/A EM Service Logs (perfect channel) 9 2.2.10 12114 UDP No N/A EM Service OMs (perfect channel) 10 2.2.11 12125 TCP/TLS No N/A EM Service Alarm Sync 11 8 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 3

No. Destination 2.2.12 12150 UDP No N/A Redundant EM Server FT heartbeat 6,7 2.2.13 12153 TCP No N/A Redundant EM Server FT Sync Channel 6 2.2.14 49152 65535 UDP No N/A Redundant EM Server FT Sync Channel 6 2.2.15 49152 65535 UDP No N/A EM Service Alarm Sync 11 INTRA- DEVICE CONNE CTIONS 2.3.1 NONE Notes: 1. Source port 123 2. Uses SSL FTP (RFC 4217) 3. Source port is 12101, 49152 65535 4. Source port is 12112, 49152 65535 5. Source port is 12114, 49152 65535 6. Sync between active and standby instance 7. Source 12150 8. Source 12153 9. Source port 12113 10. Source port 12115 11. Source port 12104 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 9

No. Destination Table 3: s for EM Service IP Address 3.1.1 12101 TCP/TLS No Open Network Element Servers Config. Mtce (perfect channel) δ,δ,ρ 3.1.2 12101 UDP No Open Network Element Servers Config. Mtce (perfect channel) δ,δ,ρ,1 3.1.3 12106 UDP No Open Redundant ADR EM Service ADR Inter-system Heartbeat ρ 3.1.4 12112 TCP/TLS No Open Network Element Servers Logs (perfect channel) δ,δ,ρ 3.1.5 12112 UDP No Open Network Element Servers Logs (perfect channel) δ,δ,ρ,2 3.1.6 12114 TCP/TLS No Open Network Element Servers OMs (perfect channel) δ,δ,ρ 3.1.7 12114 UDP No Open Network Element Servers OMs (perfect channel) δ,δ,ρ,3 3.1.8 12120 TCP Yes Open EM Console 3.1.9 12121 TCP/TLS No Open EM Console EM Console connection to the EM Service Address. EM Console secure connection to the EM Service Address 3.1.10 12125 TCP/TLS No Open Network Element Servers Alarms (sync channel) δ,δ,ρ,4 3.1.11 12126 TCP/TLS No Open EM Console EM Console Log Browser Stream 3.1.12 49152 65535 UDP No Open Network Element Servers Alarms Sync δ,δ,ρ,4 3.2.1 10162 TCP No N/A Avaya Aura System Manager SNMP (TRAP) 9 3.2.2 162, 1024-65535 TCP No N/A External SNMP Manager SNMP (TRAP) 10 3.2.3 12106 UDP No N/A Redundant ADR EM Service ADR Inter-system Heartbeat ρ 3.2.4 12302 TCP/TLS No N/A AM Server Config. Mtce (Perfect Channel) 3.2.5 12302 UDP No N/A AM Server Config. Mtce (Perfect Channel) and associated heartbeat to TCP Perfect Channel 3.2.6 12313 TCP/TLS No N/A AM Server Logs (Perfect Channel) 3.2.7 12313 UDP No N/A AM Server Logs (Perfect Channel) and associated heartbeat to TCP Perfect Channel 3.2.8 12315 TCP/TLS No N/A AM Server OMs (Perfect Channel) 3.2.9 12315 UDP No N/A AM Server OMs (Perfect Channel) and associated heartbeat to TCP Perfect Channel 3.2.10 15002 TCP/TLS No N/A AS Server Config. Mtce (Perfect Channel) Config. Mtce (Perfect Channel) and 3.2.11 15002 UDP No N/A AS Server associated heartbeat to TCP Perfect Channel 3.2.12 15013 TCP/TLS No N/A AS Server Logs (Perfect Channel) 3.2.13 15013 UDP No N/A AS Server Logs (Perfect Channel) and associated heartbeat to TCP Perfect Channel 3.2.14 15015 TCP/TLS No N/A AS Server OMs (perfect channel) 10 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 5 6 7 5 6

No. Destination 3.2.15 15015 UDP No N/A AS Server OMs (perfect channel), Associated Heartbeat to TCP Perfect Channel 7 3.2.16 17002 TCP/TLS No N/A WCMS Server Config. Mtce (Perfect Channel) δ 3.2.17 17002 UDP No N/A WCMS Server Config. Mtce (Perfect Channel) and associated heartbeat to TCP Perfect Channel δ,5 3.2.18 17013 TCP/TLS No N/A WCMS Server Logs (Perfect Channel) δ 3.2.19 17013 UDP No N/A WCMS Server Logs (Perfect Channel) and associated heartbeat to TCP Perfect Channel δ,6 3.2.20 17015 TCP/TLS No N/A WCMS Server OMs (perfect channel) δ 3.2.21 17015 UDP No N/A WCMS Server OMs (Perfect Channel) and associated heartbeat to TCP Perfect Channel δ,7 3.2.22 24002 TCP/TLS No N/A 3.2.23 24002 UDP No N/A Provisioning or CA Manager Server Provisioning or CA Manager Server Config. Mtce (Perfect Channel) Config. Mtce (Perfect Channel) and associated heartbeat to TCP Perfect Channel 3.2.24 24013 TCP/TLS No N/A Provisioning or CA Manager Server Logs (Perfect Channel) 3.2.25 24013 UDP No N/A Provisioning or CA Manager Logs (Perfect Channel) and associated Server heartbeat to TCP Perfect Channel 3.2.26 24015 TCP/TLS No N/A Provisioning or CA Manager Server OMs (perfect channel) 3.2.27 24015 UDP No N/A Provisioning or CA Manager OMs (perfect channel), Associated Server Heartbeat to TCP Perfect Channel 3.2.28 46002 TCP/TLS No N/A DCS Config. Mtce (Perfect Channel) Config Mtce (Perfect Channel) and 3.2.29 46002 UDP No N/A DCS associated heartbeat to TCP Perfect Channel 3.2.30 46013 TCP/TLS No N/A DCS Logs (Perfect Channel) 3.2.31 46013 UDP No N/A DCS Logs (Perfect Channel) and associated heartbeat to TCP Perfect Channel 6 3.2.32 46015 TCP/TLS No N/A DCS OMs (perfect channel) 7 3.2.33 46015 UDP No N/A DCS OMs (perfect channel) and associated heartbeat to TCP Perfect Channel 3.2.34 48902 TCP/TLS No N/A WCS Server Config. Mtce (Perfect Channel) δ 3.2.35 48902 UDP No N/A WCS Server Config. Mtce (Perfect Channel) and associated heartbeat to TCP Perfect Channel Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 11 δ δ,5 δ δ,6 δ δ,7 5 δ,5

No. Destination 3.2.36 48913 TCP/TLS No N/A WCS Server Logs (Perfect Channel) δ 3.2.37 48913 UDP No N/A WCS Server Logs (Perfect Channel) and associated heartbeat to TCP Perfect Channel δ,6 3.2.38 48915 TCP/TLS No N/A WCS Server OMs (perfect channel) δ 3.2.39 48915 UDP No N/A WCS Server OMs (Perfect Channel) and associated heartbeat to TCP Perfect Channel δ,7 3.2.40 49002 TCP/TLS No N/A MS Server Config. Mtce (Perfect Channel) ρ 3.2.41 49002 UDP No N/A MS Server Config. Mtce (Perfect Channel) and associated heartbeat to TCP Perfect Channel ρ,5 3.2.42 49013 TCP/TLS No N/A MS Server Logs (Perfect Channel) ρ 3.2.43 49013 UDP No N/A MS Server Logs (Perfect Channel) and associated heartbeat to TCP Perfect Channel ρ,6 3.2.44 49015 TCP/TLS No N/A MS Server OMs (perfect channel) ρ 3.2.45 49015 UDP No N/A MS Server OMs (Perfect Channel) and associated heartbeat to TCP Perfect Channel ρ,7 INTRA-DEVICE CONNECTIONS 3.3.1 514 UDP No Open N/A EM Service to local syslog 8 Notes: 1. Source port is External Device Network Element Base + NE Config. Maintenance Perfect Channel Offset. Refer to Table 28, Table 29. 2. Source port is External Device Network Element Base + Log Offset. Refer to Table 28, Table 29. 3. Source port is External Device Network Element Base + OM Offset. Refer to Table 28, Table 29. 4. Source port is External Device Network Element Base + Alarm Offset. Refer to Table 28, Table 29. 5. Source port is 12101, 49152 65535 6. Source port is 12112, 49152 65535 7. Source port is 12114, 49152 65535 8. Source port is 12191 9. Source port 10162. Trap port value must be either 162 or between 1024 and 65535. 10. No default source port value. Trap port value must be either 162 or between 1024 and 65535. 12 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

2.2.4 Accounting Manager No. Destination Table 4: s for Accounting Manager (AM) Server IP Address 4.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System Management requiring shell access 4.1.2 161 UDP No Open EM Server SNMP (GET) 4.1.3 4891 TCP/TLS No Open EM Server NED 4.1.4 12302 TCP/TLS No Open EM Service Config. Mtce (perfect channel) 4.1.5 12302 UDP No Open EM Service Config. Mtce (perfect channel) and associated heartbeat to the TCP Perfect Channel. 4.1.6 12313 TCP No Open EM Service Logs (perfect channel) 4.1.7 12313 UDP No Open EM Service Logs (perfect channel), Associated Heartbeat to TCP Perfect Channel 2 4.1.8 12315 TCP No Open EM Service OMs (perfect channel) 4.1.9 12315 UDP No Open EM Service OMs (perfect channel), Associated Heartbeat to TCP Perfect Channel 3 4.1.10 12350 UDP No Open Redundant AM Server FT heartbeat 4,5 4.1.11 12353 TCP No Open Redundant AM Server FT Sync Channel 4 4.1.12 49152 65535 UDP No Open Redundant AM Server FT Sync Channel 4 4.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 4.2.2 123 UDP No N/A NTP source NTP 4.2.3 514 UDP Yes N/A Syslog Server Remote Syslog Server 4.2.4 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 6 4.2.5 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 6 4.2.6 5432 TCP/TLS No N/A DB Server Database SQL 4.2.7 12112 UDP No N/A EM Service Logs (perfect channel) 4.2.8 12114 UDP No N/A EM Service OMs (perfect channel) 4.2.9 12125 TCP/TLS No N/A EM Service Alarm Sync 7 4.2.10 12350 UDP No N/A Redundant AM Server FT Heartbeat 4,5 4.2.11 12353 TCP No N/A Redundant AM Server FT Sync Channel 4 4.2.12 49152 65535 UDP No N/A Redundant AM Server FT Sync Channel 4 4.2.11 >1023 TCP Yes N/A Back office billing processing system Billing Stream 4.2.12 49152 65535 UDP No N/A EM Service Alarm Sync 7 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 13 1

Destination No. INTRA-DEVICE CONNECTIONS 4.3.1 NONE Notes: 1. Source port is 12101, 49152 65535 2. Source port is 12112, 49152 65535 3. Source port is 12114, 49152 65535 4. Sync between active and standby 5. Source port is 12350 6. Uses SSL FTP (RFC 4217) 7. Source port is 12304 14 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

No. Destination Table 5: s for Accounting Manager (AM) Service IP Address 5.1.1 12318 TCP/TLS No Open AS Server Billing Stream (perfect channel) 5.1.2 12318 UDP No Open AS Server Billing Stream (perfect channel) 1 5.2.1 15019 TCP/TLS No N/A AS Server Billing Stream (perfect channel) 5.2.2 15019 UDP No N/A AS Server Billing Stream (perfect channel) 2 INTRA-DEVICE CONNECTIONS 5.3.1 NONE Notes: 1. Source port is 15019 2. Source port is 12318 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 15

2.2.5 Provisioning Manager Table 6: s for Provisioning Manager Server IP Address No. Destination 6.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System Management requiring shell access 6.1.2 161 UDP No Open EM Server SNMP (GET) 6.1.3 443 TCP/HTTPS No Open Intranet Web Client Client access to the Collaboration Agent 1,2 6.1.4 4891 TCP/TLS No Open EM Server NED 6.1.5 8043 TCP/HTTPS No Open WCMS Server SIP Bridge δ,3 6.1.6 8443 TCP/HTTPS No Open Admin subnet, Avaya Aura Administrative access for System System Manager Provisioning 6.1.7 24002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) 6.1.8 24002 UDP No Open EM Service Config. Mtce (perfect channel), Associated Heartbeat to TCP Perfect Channel 6.1.9 24013 TCP/TLS No Open EM Service Logs (perfect channel) 6.1.10 24013 UDP No Open EM Service Logs (perfect channel), Associated Heartbeat to TCP Perfect Channel 6.1.11 24015 TCP/TLS No Open EM Service OMs (perfect channel) 6.1.12 24015 UDP No Open EM Service OMs (perfect channel), Associated Heartbeat to TCP Perfect Channel 6.1.13 24052 TCP/SIP Yes Closed AS Service AS SIP connection to the Provisioning or Personal Agent Manager Server 6.1.14 24053 TCP/TLS/SIP(S) Yes Open AS Service AS SIP connection to the Provisioning or Personal Agent Manager Server 6.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 6.2.2 123 UDP No N/A NTP source NTP 7 6.2.3 389 TCP/LDAP Yes N/A LDAP Servers Used to sync/authenticate with a Directory Server 6.2.4 514 UDP Yes N/A Syslog server Remote Syslog Server 6.2.5 636 TCP/TLS/LDAPS Yes N/A LDAPS Servers Used to sync/authenticate with a Directory Server over TLS 6.2.6 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 8 6.2.7 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 8 6.2.8 5060 TCP/SIP Yes N/A AS Service SIP to AS Service 6.2.9 5061 TCP/TLS/SIP(S) Yes N/A AS Service SIP(S)/TLS to AS Service 6.2.10 5432 TCP/TLS No N/A DB Server Database SQL 6.2.11 12112 UDP No N/A EM Service Logs (perfect channel) 9 16 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 4 5 6

No. Destination 6.2.12 12114 UDP No N/A EM Service OMs (perfect channel) 10 6.2.13 12125 TCP/TLS No N/A EM Service Alarm Sync 11 6.2.14 49152 65535 UDP No N/A EM Service Alarm Sync 12 INTRA-DEVICE CONNECTIONS 6.3.1 NONE Notes: 1. Server redirects to port 8043 2. The Provisioning Manager also includes the Collaboration Agent (CA). 3. SIP Bridge between the Web Conferencing Management Server and either the Provisioning Manager or CA Manager that is configured to be the Meeting Event Processor. 4. Source port is 12101, 49152 65535 5. Source port is 12112, 49152 65535 6. Source port is 12114, 49152 65535 7. Source port 123 8. Uses SSL FTP (RFC 4217) 9. Source port is 24013 10. Source port is 24015 11. Source port is 24004 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 17

2.2.6 Collaboration Agent Manager No. Destination Table 7: s for Collaboration Agent (CA) Manager Server IP Address 7.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System Management requiring shell access δ 7.1.2 161 UDP No Open EM Server SNMP (GET) δ 7.1.3 443 TCP/HTTPS No Open Internet/Intranet Web Client Client access to the Collaboration Agent ε, 1 7.1.4 4891 TCP/TLS No Open EM Server NED δ 7.1.5 8043 TCP/HTTPS No Open WCMS Server SIP Bridge δ, 2 7.1.6 24002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) δ 7.1.7 24002 UDP No Open EM Service Config. Mtce (perfect channel), Associated Heartbeat to TCP Perfect Channel δ, 3 7.1.8 24013 TCP/TLS No Open EM Service Logs (perfect channel) δ 7.1.9 24013 UDP No Open EM Service Logs (perfect channel), Associated Heartbeat to TCP Perfect Channel δ, 4 7.1.10 24015 TCP/TLS No Open EM Service OMs (perfect channel) δ 7.1.11 24015 UDP No Open EM Service OMs (perfect channel), Associated Heartbeat to TCP Perfect Channel δ, 5 7.1.12 24052 TCP/SIP Yes Closed AS Service AS SIP connection to the Provisioning or Personal Agent Manager Server δ, 6 7.1.13 24053 TCP/TLS/SIP(S) Yes Open AS Service AS SIP/TLS connection to the Provisioning or Personal Agent Manager Server δ, 6 7.1.14 24052 TCP/SIP Yes Closed SBC Avaya SBC SIP connection to the Provisioning or Collaboration Agent Manager Server for the Mobile App. δ,6,13 7.1.15 24053 TCP/TLS/SIP(S) Yes Open SBC Avaya SBC SIP/TLS connection to the Provisioning or Collaboration Agent Manager Server for the Mobile App. 7.2.1 53 UDP/TCP Yes N/A DNS Servers DNS δ, ε, 7 7.2.2 123 UDP No N/A NTP source NTP δ, 8 7.2.3 389 TCP/LDAP Yes N/A LDAP Servers Used to authenticate with a Directory Server δ 7.2.4 514 UDP Yes N/A Syslog server Remote Syslog Server δ 7.2.5 636 TCP/TLS/LDAPS Yes N/A LDAPS Servers Used to authenticate with a Directory Server over TLS δ 7.2.6 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) δ, 9 18 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 δ,6,13

No. Destination 7.2.7 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) δ, 9 7.2.8 5060 TCP/SIP Yes N/A AS Service SIP to AS Service δ 7.2.9 5060 TCP/SIP Yes N/A SBC SIP to SBC δ 7.2.10 5061 TCP/TLS/SIP(S) Yes N/A AS Service SIP(S)/TLS to AS Service δ 7.2.11 5061 TCP/TLS/SIP(S) Yes N/A SBC SIP(S)/TLS to SBC δ 7.2.12 5432 TCP/TLS No N/A DB Server Database SQL δ 7.2.13 12112 TCP/TLS No N/A EM Service Log (perfect channel) δ 7.2.14 12112 UDP No N/A EM Service Logs (perfect channel) δ,10 7.2.15 12114 TCP/TLS No N/A EM Service OMs (perfect channel) δ 7.2.16 12114 UDP No N/A EM Service OMs (perfect channel) δ, 11 7.2.17 12125 TCP/TLS No N/A EM Service Alarm Sync δ,12 7.2.18 49152 65535 UDP No N/A EM Service Alarm Sync δ INTRA-DEVICE CONNECTIONS 7.3.1 NONE 1. Server redirects to port 8043 2. SIP Bridge between the Web Conferencing Management Server and either the Provisioning Manager or CA Manager that is configured to be the Meeting Event Processor. 3. Source port is 12101, 49152 65535 4. Source port is 12112, 49152 65535 5. Source port is 12114, 49152 65535 6. The use of SIP and SIP/TLS is mutually exclusive. 7. Depending on if Split-Horizon DNS is used will dictate if a firewall rule to the Enterprise DNS is required. If not using Split-Horizon DNS it is recommended that /etc/hosts is used instead on any servers in the DMZ such that external access to internal DNS is restricted. 8. Source port 123 9. Uses SSL FTP (RFC 4217) 10. Source port is 24013 11. Source port is 24015 12. Source port is 24004 13. For the Enhanced Audio/Video in Collaboration Agent feature, make sure that SIP trunk traffic flows between the SBC and Avaya Session Manager is configured in both directions. They are either SIP TLS 5061 or SIP TCP 5060 in both directions. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 19

20 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

2.2.7 Server No. Destination Table 8: s for Server (AS) Server IP Address 8.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System Management requiring shell access 8.1.2 161 UDP No Open EM Server SNMP (GET) 8.1.3 4891 TCP/TLS No Open EM Server NED 8.1.4 15002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) 8.1.5 15002 UDP No Open EM Service Config. Mtce (perfect channel) and associated heartbeat to TCP Perfect Channel 8.1.6 15013 TCP/TLS No Open EM Service Logs (perfect channel) 8.1.7 15013 UDP No Open EM Service Logs (perfect channel) and associated heartbeat to TCP Perfect Channel 2 8.1.8 15015 TCP/TLS No Open EM Service OMs (perfect channel) 8.1.9 15015 UDP No Open EM Service OMs (perfect channel) and associated heartbeat to TCP Perfect Channel 3 8.1.10 15019 TCP/TLS No Open AM Service Billing Stream (perfect channel) 8.1.11 15019 UDP No Open AM Service Billing Stream (perfect channel) 4 8.1.12 15050 TCP No Open Redundant AS Server FT heartbeat 5,6 8.1.13 15053 TCP Yes Open Redundant AS Server FT Sync Channel 5 8.1.14 49152 65535 UDP No Open Redundant AS Server FT Sync Channel 5 8.1.15 15054 TCP/TLS No Open Redundant AS Server FT Secure Sync Channel 12 8.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 8.2.2 123 UDP No N/A NTP source NTP 7 8.2.3 389 TCP/LDAP Yes N/A LDAP Server Used to authenticate with a Directory Server 8.2.4 443 TCP/HTTPS No N/A Avaya Aura System Manager WebLM Licensing 8.2.5 443 TCP/HTTPS No N/A WCS Service Server REST service call to control start/stop of recordings 8.2.6 514 UDP No N/A Syslog Server Remote Syslog Server 8.2.7 636 TCP/LDAPS Yes N/A LDAPS Server Used to authenticate with a Directory Server over TLS. 8.2.8 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 8 8.2.9 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 8 8.2.10 5432 TCP/TLS No N/A DB Server Database SQL Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 21 1 δ

No. Destination 8.2.11 8444 TCP/TLS No N/A WCMS Server Server ping of the SIP Bridge through the WCMS δ 8.2.12 12112 TCP/TLS No N/A EM Service Logs (perfect channel) 8.2.13 12112 UDP No N/A EM Service Logs (perfect channel) 9 8.2.14 12114 TCP/TLS No N/A EM Service OMs (perfect channel) 8.2.15 12114 UDP No N/A EM Service OMs (perfect channel) 10 8.2.16 12125 TCP/TLS No N/A EM Service Alarm Sync 11 8.2.17 15050 UDP No N/A Redundant AS Server FT heartbeat 5,6 8.2.18 15053 TCP Yes N/A Redundant AS Server FT Sync Channel 5 8.2.19 49152 65535 UDP No N/A Redundant AS Server FT Sync Channel 5 8.2.20 49152 65535 UDP No N/A EM Service Alarm Sync 11 8.2.21 15054 TCP/TLS No N/A Redundant AS Server FT Secure Sync Channel 12 INTRA-DEVICE CONNECTIONS 8.3.1 NONE Notes: 1. Source port is 12101, 49152 65535 2. Source port is 12112, 49152 65535 3. Source port is 12114, 49152 65535 4. Source port is 12318 5. Sync between active and standby, may be disabled after upgrade to AAC 8.0 SP2 6. Source port is 15050 7. Source port is 123 8. Uses SSL FTP (RFC 4217) 9. Source port is 15013 10. Source port is 15015 11. Source port is 15004 12. As of AAC 8.0 SP2 22 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Table 9: s for Server (AS) Service IP Address Destination No. 9.1.1 5060 TCP/SIP Yes Closed MS Server SIP ρ,3 9.1.2 5060 TCP/SIP Yes Closed Avaya Aura Session Manager (SM100) SIP 3 9.1.3 5060 TCP/SIP Yes Closed Provisioning or CA Manager Server SIP δ,3 9.1.4 5060 TCP/SIP Yes Closed AAC Mobile App Client (ios and Android) SIP within Enterprise from Client 2,3 9.1.5 5060 TCP/SIP Yes Closed SBC SIP trunk from SBC δ,3 9.1.6 5061 TCP/TLS/SIP(S) Yes Open MS Server SIP or SIPS over TLS ρ,3 9.1.7 5061 TCP/TLS/SIP(S) Yes Open Provisioning or CA Manager Server SIP or SIPS over TLS δ,3 9.1.8 5061 TCP/TLS/SIP(S) Yes Open Avaya Aura Session Manager (SM100) SIP or SIPS over TLS 3 9.1.9 5061 TCP/TLS/SIP(S) Yes Open AAC Mobile App Client (ios SIP or SIPS over TLS within Enterprise from and Android) Client 2,3 9.1.10 5061 TCP/TLS/SIP(S) Yes Open SBC SIP or SIPS trunk from SBC over TLS δ,3 9.2.1 5060 TCP/SIP Yes N/A MS Server SIP ρ,3 9.2.2 5060 TCP/SIP Yes N/A Avaya Aura Session Manager (SM100) SIP 3 5060 TCP/SIP Yes N/A SBC SIP Trunk to SBC δ,3 9.2.3 5061 TCP/TLS/SIP(S) Yes N/A MS Server SIP or SIPS over TLS ρ,3 9.2.4 5061 TCP/TLS/SIP(S) Yes N/A Avaya Aura Session Manager (SM100) SIP or SIPS over TLS 3 5061 TCP/TLS/SIP(S) Yes N/A SBC SIP or SIPS Trunk to SBC over TLS δ,3 9.2.5 5062 TCP/SIP Yes N/A Co-Res MS Server SIP 3 9.2.6 5063 TCP/TLS/SIP(S) Yes N/A Co-Res MS Server SIP or SIPS over TLS 3 9.2.7 24052 TCP/SIP Yes N/A 9.2.8 24053 TCP/TLS/SIP(S) Yes N/A INTRA-DEVICE CONNECTIONS 9.3.1 NONE Provisioning or CA Manager Server Provisioning or CA Manager Server Server SIP connection to the Provisioning or CA Manager Server SIP(S)/TLS connection to the Provisioning or CA Manager δ,1,3 δ,1,3 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 23

Notes: 1. Dependent on Meeting Event Processor configuration. 2. Client supports Connection Reuse such that additional outbound connection is not required. 3. The use of SIP and SIP/TLS is mutually exclusive. 24 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

2.2.8 Media Server No. Destination Table 10: s for Media Server (MS) Server IP Address 10.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access ρ 10.1.2 161 UDP No Open EM Server SNMP(GET) ρ 10.1.3 3306 TCP/TLS No Open MS Servers in the same cluster Media Server Configuration DB 10.1.4 4005 TCP No Open Provisioning Manager External Session API (ESA) UComm service only. ρ 10.1.5 4891 TCP/TLS No Open EM Server NED ρ 10.1.6 5060 TCP/SIP Yes Closed AS Service Server SIP connection to the Media Server ρ 10.1.7 5061 TCP/TLS/SIP(S) Yes Open AS Service Server SIP(S)/TLS connection to the Media Server ρ 10.1.8 5062 TCP/SIP Yes Closed AS Service Server SIP connection to the Co- Res Media Server 10.1.9 5063 TCP/TLS/SIP(S) No Open AS Service Server SIP(S)/TLS connection to the Co-Res Media Server 10.1.10 5997 5999 TCP No Open MS Servers in the same cluster Cluster AMS Management 10.1.11 7410 TCP/HTTP Yes Closed Admin subnet Also used for KPI Monitoring via Administrator Web Client access. 10.1.12 7410 TCP/HTTP Yes Closed WCS Server, WCMS Server 10.1.13 7411 TCP/HTTPS Yes Open Admin subnet 10.1.14 7411 TCP/HTTPS Yes Open WCS Server, WCMS Server 10.1.15 8082 TCP/HTTP/S No Open EM KPI/SDR Browser Client Web Conferencing Server and Web Conferencing Management Server signaling to the Media Server for recording media storage/retrieval. Web Conferencing Server and Web Conferencing Management Server signaling to the Media Server for recording media storage/retrieval. Also used for KPI Monitoring via Administrator Web Client access Web Conferencing Server and Web Conferencing Management Server signaling to the Media Server for recording media storage/retrieval. SOAP request from Admin client, defaults to over TLS. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 25 1 δ, ρ,1,12 2 δ, ρ, 2,12 ρ

No. Destination 10.1.16 19899 TCP No Open MS Servers in the same cluster Cluster Inter-SC Communication 10.1.17 19999 TCP No Open MS Servers in the same cluster Cluster IVR Management 10.1.18 49002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) ρ 10.1.19 49002 UDP No Open EM Service Config. Mtce (perfect channel), and the associated heartbeat to TCP Perfect Channel 10.1.20 49013 TCP/TLS No Open EM Service Logs (perfect channel) ρ 10.1.21 49013 UDP No Open EM Service Logs (perfect channel), and the associated heartbeat to TCP Perfect Channel ρ, 4 10.1.22 49015 TCP/TLS No Open EM Service OMs (perfect channel) ρ 10.1.23 49015 UDP No Open EM Service OMs (perfect channel), and the associated heartbeat to TCP Perfect Channel ρ, 5 10.1.24 51000 TCP No Open MS Servers in the same cluster Cluster SC Management 10.1.25 51001 TCP No Open MS Servers in the same cluster Cluster Inter-process alarm monitoring 10.1.26 52005 TCP No Open Provisioning Manager Multimedia Content Store ρ 10.1.27 52007 TCP No Open MS Servers in the same cluster Cluster CStore Management 10.1.28 52009 TCP No Open MS Servers in the same cluster Cluster IVR Management 10.1.29 6000 13998 UDP/RTP No Open Intranet Client RTP Media (IVR) 6 10.1.30 14000 42599 UDP/RTP No Open Intranet Client RTP Media (Conf) 6 10.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 10.2.2 123 UDP No N/A NTP source NTP 7 10.2.3 443 TCP/HTTPS No N/A Avaya Aura System Manager WebLM Licensing ρ 10.2.4 443 TCP/HTTPS No N/A WCS Service Media Server download of encoded recording media for storage δ, ρ, 12 10.2.5 514 UDP Yes N/A Syslog server Remote Syslog Server ρ 10.2.6 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) ρ, 8 10.2.7 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) ρ, 8 10.2.8 5432 TCP/TLS No N/A DB Server Database SQL ρ 10.2.9 5060 TCP/SIP Yes N/A AS Service SIP to AS Service ρ 10.2.10 5061 TCP/TLS/SIP Yes N/A AS Service SIP(S)/TLS to AS Service ρ 10.2.11 12112 TCP/TLS No N/A EM Service Logs (perfect channel) ρ 10.2.12 12112 UDP No N/A EM Service Logs (perfect channel) ρ, 9 10.2.13 12114 TCP/TLS No N/A EM Service OMs (perfect channel) ρ 10.2.14 12114 UDP No N/A EM Service OMs (perfect channel) ρ, 10 10.2.15 12125 TCP/TLS No N/A EM Service Alarm Sync ρ, 11 10.2.16 6000 13998 UDP/RTP No N/A Intranet Client RTP Media (IVR) 6,13 10.2.17 14000 42599 UDP/RTP No N/A Intranet Client RTP Media (Conf) 6,13 26 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 ρ, 3

No. Destination 10.2.18 49152 65535 UDP No N/A EM Service Alarms (sync channel) ρ INTRA-DEVICE CONNECTIONS 10.3.1 3306 TCP No Open N/A Media Server Configuration DB Notes: 1. SOAP interface 2. SOAP over TLS interface, when enabled non TLS interface is disabled. 3. Source port is 12101, 49152 65535 4. Source port is 12112, 49152 65535 5. Source port is 12114, 49152 65535 6. Not used in Co-Res deployment. Separate IP address used instead for media streams, refer to Table 11. 7. Source port is 123 8. Uses SSL FTP (RFC 4217) 9. Source port is 49013 10. Source port is 49015 11. Source port is 49004 12. Only required for Media Servers configured for Recording 13. If the Client is the eavica plugin, the client s source port is restricted to the range configured in the EM Console. The default range is 51,000 53,000. If the client is connecting through the SBC, refer to the SBC port matrix for the source port range for media. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 27

No. Destination Table 11: s for Media Server Media IP Address for Co-Res Media Server deployment 11.1.1 6000 13998 UDP/RTP No Open Intranet Client RTP Media (IVR) 1 11.1.2 14000 42599 UDP/RTP No Open Intranet Client RTP Media (Conf) 1 11.2.1 6000 13998 UDP/RTP No N/A Intranet Client RTP Media (IVR) 1 11.2.2 14000 42599 UDP/RTP No N/A Intranet Client RTP Media (Conf) 1 INTRA-DEVICE CONNECTIONS 11.3.1 NONE Notes: 1. If the Client is the eavica plugin, the client s source port is restricted to the range configured in the EM Console. The default range is 51,000 53,000. If the client is connecting through the SBC, refer to the SBC port matrix for the source port range for media. 28 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

2.2.9 Web Conferencing Management Destination No. Table 12: s for Web Conferencing Management Server (WCMS) Server IP Address 12.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access 12.1.2 22 TCP/SSH No Open Redundant WCMS Server rsync of document library between WCMS servers 12.1.3 161 UDP No Open EM Server SNMP (GET) 12.1.4 4891 TCP/TLS No Open EM Server NED 12.1.5 8444 TCP/HTTPS No Open WCS Server Reverse Proxy (HTTPS) δ 12.1.6 8444 TCP/TLS No Open AS Server Server REST server call to the WCMS Server for recordings and Server ping of the SIP Bridge through the WCMS 12.1.7 17002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) 12.1.8 17002 UDP No Open EM Service Config. Mtce (perfect channel), and associated heartbeat to TCP Perfect Channel. 12.1.9 17013 TCP/TLS No Open EM Service Logs (perfect channel) 12.1.10 17013 UDP No Open EM Service Logs (perfect channel), and associated heartbeat to TCP Perfect Channel 12.1.11 17015 TCP/TLS No Open EM Service OMs (perfect channel) 12.1.12 17015 UDP No Open EM Service OMs (perfect channel), and associated heartbeat to TCP Perfect Channel 12.2.1 22 TCP/SSH No N/A Redundant WCMS Server rsync of document library between WCMS servers 12.2.2 53 UDP/TCP Yes N/A DNS Servers DNS 12.2.3 123 UDP No N/A NTP source NTP 4 12.2.4 514 UDP Yes N/A Syslog Server Remote Syslog Server 12.2.5 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 5 12.2.6 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 5 12.2.7 5432 TCP/TLS No N/A DB Server Database SQL 1 2 3 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 29

No. Destination 12.2.8 8043 TCP/HTTPS No N/A Provisioning or CA Manager Server WCMS communication with the SIP Bridge dependent on whether or not the Provisioning or PA Manager is configured to be the SIP Bridge. 12.2.9 46021 TCP/HTTPS Yes N/A DCS Document Conversion via TLS 12.2.10 12112 TCP/TLS No N/A EM Service Logs (perfect channel) 12.2.11 12112 UDP No N/A EM Service Logs (perfect channel) 6 12.2.12 12114 TCP/TLS No N/A EM Service OMs (perfect channel) 12.2.13 12114 UDP No N/A EM Service OMs (perfect channel) 7 12.2.14 12125 TCP/TLS No N/A EM Service Alarm Sync 8 12.2.15 49152 65535 UDP No N/A EM Service Alarm Sync (sync channel) 8 INTRA-DEVICE CONNECTIONS 12.3.1 NONE δ Notes: 1. Source port is 12101, 49152 65535 2. Source port is 12112, 49152 65535 3. Source port is 12114, 49152 65535 4. Source port is 123 5. Uses SSL FTP (RFC 4217) 6. Source port is 17013 7. Source port is 17015 8. Source port is 17004 30 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

2.2.10 Web Conferencing Server No. Destination Table 13: s for Web Conferencing Server (WCS) Server IP Address 13.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access δ 13.1.2 161 UDP No Open EM Server SNMP (GET) δ 13.1.3 4891 TCP/TLS No Open EM Server NED δ 13.1.4 48902 TCP/TLS No Open EM Service Config. Mtce (perfect channel) δ 13.1.5 48902 UDP No Open EM Service Config. Mtce (perfect channel), and associated heartbeat to TCP Perfect Channel. 13.1.6 48913 TCP/TLS No Open EM Service Logs (perfect channel) δ 13.1.7 48913 UDP No Open EM Service Logs (perfect channel), and associated heartbeat to TCP Perfect Channel δ, 2 13.1.8 48915 TCP/TLS No Open EM Service OMs (perfect channel) δ 13.1.9 48915 UDP No Open EM Service OMs (perfect channel), and associated heartbeat to TCP Perfect Channel δ, 3 13.2.1 53 UDP/TCP Yes N/A DNS Servers DNS δ, ε, 4 13.2.2 123 UDP No N/A NTP source NTP δ, 5 13.2.3 514 UDP Yes N/A Syslog Server Remote Syslog Server δ 13.2.4 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) δ, 6 13.2.5 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) δ, 6 13.2.6 5432 TCP/TLS No N/A DB Server Database SQL δ 13.2.7 8444 TCP/HTTPS No N/A WCMS Server Reverse Proxy from WCS to WCMS δ, δ 13.2.8 12112 TCP/TLS No N/A EM Service Logs (perfect channel) δ 13.2.9 12112 UDP No N/A EM Service Logs (perfect channel) δ, 7 13.2.10 12114 TCP/TLS No N/A EM Service OMs (perfect channel) δ 13.2.11 12114 UDP No N/A EM Service OMs (perfect channel) δ, 8 13.2.12 12125 TCP/TLS No N/A EM Service Alarm Sync δ, 9 13.2.13 49152 65535 UDP No N/A EM Service Alarm Sync δ 13.2.14 46021 TCP/HTTPS No N/A DCS Server Reverse Proxy from WCS to DCS δ INTRA-DEVICE CONNECTIONS 13.3.1 NONE δ, 1 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 31

Notes: 1. Source port is 12101, 49152 65535 2. Source port is 12112, 49152 65535 3. Source port is 12114, 49152 65535 4. Depending on if Split-Horizon DNS is used will dictate if a firewall rule to the Enterprise DNS is required. If not using Split-Horizon DNS it is recommended that /etc/hosts is used instead on any servers in the DMZ such that external access to internal DNS is restricted. 5. Source port is 123 6. Uses SSL FTP (RFC 4217) 7. Source port is 48913 8. Source port is 48915 9. Source port is 48904 32 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Destination No. Table 14: s for Web Conferencing Server (WCS) Service IP Address 14.1.1 443 TCP/HTTPS Yes Open Internet/Intranet Web Client Client access to web conferencing sessions ε 14.1.2 443 TCP/HTTPS Yes Open AS Server Server REST service call to control start/stop of recordings δ 14.1.3 443 TCP/HTTPS Yes Open Document Conversion Server Document Conversion Server access through the WCS δ 14.1.4 443 TCP/HTTPS Yes Open WCMS Server REST API (HTTPS) δ, δ 14.1.5 443 TCP/HTTPS Yes Open Recording MS Server Media Server downloads of encoded recording media for storage. δ, 1 14.1.6 843 TCP No Open Internet/Intranet Web Client Flash Policy Server for Web Client Web socket access. ε 14.2.1 NONE INTRA-DEVICE CONNECTIONS 14.3.1 8143 TCP/HTTPS No Open N/A 14.3.2 48920 TCP/HTTP Yes Closed N/A 14.3.3 48921 TCP/HTTPS No Open N/A Used for internal communication between the WCS Tomcat and Apache processes. Internal port for the WCS Tomcat Server when HTTP is enabled. Internal port for the WCS Tomcat Server. 14.3.4 48943 TCP No Open N/A Internal port for the Flash Policy Server. 2 2 2 2 Notes: 1. Only required for Media Servers that are part of a Recording Media Server Cluster. 2. Server ACL rules must allow these ports as trusted ports due to the pre-routing from the public ports. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 33

2.2.11 Document Conversion Server No. Destination Table 15: s for Document Conversion Server (DCS) Server IP Address 15.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access 15.1.2 161 UDP No Open EM Server SNMP (GET) 15.1.3 4891 TCP/TLS No Open EM Server NED 15.1.4 46002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) 15.1.5 46002 UDP No Open EM Service Config. Mtce (perfect channel), and associated heartbeat to TCP Perfect Channel 15.1.6 46013 TCP/TLS No Open EM Service Logs (perfect channel) 15.1.7 46013 UDP No Open EM Service Logs (perfect channel), and associated heartbeat to TCP Perfect Channel 15.1.8 46015 TCP/TLS No Open EM Service OMs (perfect channel) 15.1.9 46015 UDP No Open EM Service OMs (perfect channel), and associated heartbeat to TCP Perfect Channel 15.1.10 46021 TCP/HTTPS No Open WCS Server Document Conversion Service via WCS reverse proxy for document conversions 15.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 15.2.2 123 UDP No N/A NTP Servers NTP 15.2.3 443 TCP/HTTPS Yes N/A WCS Service Upload of converted documents through WCS Reverse Proxy to the WCMS δ 15.2.4 514 UDP Yes N/A Syslog Server Remote Syslog Server 15.2.5 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 4 15.2.6 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 4 15.2.7 5432 TCP/TLS No N/A DB Server Database SQL 15.2.8 12112 TCP/TLS No N/A EM Service Logs (perfect channel) 15.2.9 12112 UDP No N/A EM Service Logs (perfect channel) 5 15.2.10 12114 TCP/TLS No N/A EM Service OMs (perfect channel) 15.2.11 12114 UDP No N/A EM Service OMs (perfect channel) 5 15.2.12 12125 TCP/TLS No N/A EM Service Alarm Sync 15.2.13 49152 65535 UDP No N/A EM Service Alarm Sync INTRA-DEVICE CONNECTIONS 15.3.1 NONE 34 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 1 2 3 δ

Notes: 1. Source port is 12101, 49152 65535 2. Source port is 12112, 49152 65535 3. Source is 12114, 49152 65535 4. Uses SSL FTP (RFC 4217) 5. Source port is 46004 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 35

2.2.12 Audio/Video in Collaboration Agent No. Destination Table 16: s for Flash Media Management Server IP Address 16.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access δ 16.1.2 161 UDP No Open EM Server SNMP (GET) δ 16.1.3 9443 TCP/RTMPS No Open Admin subnet, Web Administration Management of Flash Media Gateways 16.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 16.2.2 123 UDP No N/A NTP Source NTP δ, 1 16.2.3 514 UDP Yes N/A Syslog Server Remote Syslog Server δ 16.2.4 9444 TCP/JMX No N/A Flash Media Gateway Server JMX-RMI for clustering 16.2.5 9445 TCP/JMX Yes N/A Flash Media Gateway Server JMX-RMI for load balancer INTRA-DEVICE CONNECTIONS 16.3.1 NONE δ Notes: 1. Source port is 123 36 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Destination No. Table 17: s for Flash Media Gateway Server IP Address 17.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access δ Internet/Intranet A/V in 17.1.2 80 TCP/RTMPT Yes Open RTMPT Streams δ, ε Collaboration Agent Client 17.1.3 161 UDP No Open EM Server SNMP (GET) δ Internet/Intranet A/V in 17.1.4 443 TCP/RTMPS Yes Closed RTMPS Streams δ, ε Collaboration Agent Client Internet/Intranet A/V in 17.1.5 1935 TCP/RTMP Yes Closed RTMP Streams δ, ε Collaboration Agent Client Avaya Aura Session Manager SIP signaling from the Avaya Aura Session 17.1.6 5060 TCP/SIP Yes Open δ (SM100) Manager to the Flash Media Gateway Avaya Aura SIP/TLS signaling from the Avaya Aura Session Manager 17.1.7 5061 TCP/TLS/SIP Yes Closed Session Manager to the Flash Media δ (SM100) Gateway 17.1.8 9444 TCP/JMX No Open Flash Media Gateway Management Server JMX-RMI for clustering 17.1.9 9445 TCP/JMX Yes Closed Flash Media Gateway Management Server JMX-RMI for load balancer 17.1.10 49152 65535 UDP/RTP/RTCP No Open Media Server Media Streams δ 17.1.11 49152 65535 UDP/RTP/RTCP No Open Media Server Media IP Media Streams from Co-Res Media Server δ,1 17.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 17.2.2 123 UDP No N/A NTP Source NTP δ, 2 17.2.3 514 UDP Yes N/A Syslog Server Remote Syslog Server δ 17.2.4 6000 42598 UDP No N/A Media Server Media Streams δ 17.2.5 6000 42598 UDP No N/A Media Server Media IP Media Streams from Co-Res Media Server δ, 1 INTRA-DEVICE CONNECTIONS 17.3.1 5080 TCP/JMX No Open N/A 17.3.2 9999 TCP/JMX No Open N/A Internal Flash Media Gateway Communication Internal Flash Media Gateway Communication Notes: Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 37

1. For Co-Res, the Media Server uses a secondary IP address dedicated for Media Streams 2. Source port is 123 38 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

2.3 Table Changes No. Destination Table 18: Changes from AAC 7.0 to 7.2 for all Server IP Addresses 18.1.1 None 18.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 1 REMOVED 18.3.1 NONE Notes: 1. Only required for servers that enable DNS resolution, and is only required for the default server address and not for any service addresses that may also be enabled on the server. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 39

Destination No. 19.1.1 NONE Table 19: Changes from AAC 7.0 to 7.2 for the Provisioning and Collaboration Agent (CA) Manager Server IP Address 19.2.1 389 TCP/LDAP Yes N/A LDAP Servers 19.2.2 636 TCP/LDAPS Yes N/A LDAPS Servers REMOVED 19.3.1 80 TCP/HTTP Yes N/A 19.3.2 443 TCP/HTTPS Yes N/A Aura Session Manager (SM100) Aura Session Manager (SM100) Used to sync/authenticate with a Directory Server. Used to sync/authenticate with a Directory Server over TLS. Authentication using PPM service on the Avaya Aura Session Manager. Authentication using PPM service on the Avaya Aura Session Manager via TLS. δ δ Notes: N/A 40 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Destination No. 20.1.1 NONE Table 20: Changes from AAC 7.0 to 7.2 for the Server (AS) Server IP Address 20.2.1 389 TCP/LDAP Yes N/A LDAP Servers 20.2.2 443 TCP/HTTPS No N/A WCS Service 20.2.3 636 TCP/LDAPS Yes N/A LDAPS Servers 20.2.4 8444 TCP/HTTPS No N/A WCMS Server REMOVED 20.3.1 NONE Used to sync/authenticate with a Directory Server. Server REST service call to control start/stop of recordings Used to sync/authenticate with a Directory Server over TLS. Server REST service call to control start/stop of recordings δ δ Notes: N/A Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 41

Destination No. 21.1.1 NONE Table 21: Changes from AAC 7.0 to 7.2 (Web Conferencing Server IP Address) 21.2.1 7410 TCP/HTTP Yes N/A Media Server 21.2.2 7411 TCP/HTTPS Yes N/A Media Server REMOVED 21.3.1 NONE Web Conferencing Server Signaling to the Media Server for recording media storage/retrieval. Web Conferencing Server Signaling to the Media Server for recording media storage/retrieval. δ, ρ, 1, 2 δ, ρ, 1, 2 Notes: 1. The use of port 7410 and 7411 is mutually exclusive. By default port 7410 for non-secure HTTP access is enabled, but when disabled, port 7411 is used for secure HTTPS access. 2. Only required for Media Servers that are in a Recording Media Server Cluster 42 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Destination No. Table 22: Changes from AAC 7.0 to 7.2 (Web Conferencing Service Addresses) 22.1.1 443 TCP/HTTPS No Open AS Server 22.1.2 443 TCP/HTTPS No Open Media Server 22.2.1 NONE REMOVED 22.3.1 NONE Server REST services call to control start/stop of recordings. Media Server downloads of encoded recording media for storage. δ δ, ρ Notes: N/A Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 43

Destination No. Table 23: Changes from AAC 7.0 to 7.2 (Web Conferencing Manager Server Addresses) 23.1.1 8444 TCP/HTTPS No Open AS Server 23.2.1 7410 TCP/HTTP Yes Open Media Server 23.2.2 7411 TCP/HTTPS Yes Closed Media Server REMOVED 23.3.1 NONE Server REST server call for recordings Web Conferencing Server Signaling to the Media Server for recording media storage/retrieval. Web Conferencing Server Signaling to the Media Server for recording media storage/retrieval. δ ρ, 1 ρ, 1 Notes: 1. The use of port 7410 and 7411 is mutually exclusive. By default port 7410 for non-secure HTTP access is enabled, but when disabled, port 7411 is used for secure HTTPS access. 44 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Destination No. Table 24: Changes from AAC 7.0 to 7.2 (Media Server (MS) Server Addresses) 24.1.1 7410 TCP/HTTP Yes Open 24.1.2 7411 TCP/HTTPS Yes Closed Web Conferencing Server, Web Conferencing Manager Server Web Conferencing Server, Web Conferencing Manager Server 24.2.1 443 TCP/HTTPS No N/A Web Conferencing Service 24.2.2 49152 65535 UDP/RTP/RTCP No N/A FMG REMOVED 24.3.1 NONE Web Conferencing Server and Web Conferencing Management Server Signaling to the Media Server for recording media storage/retrieval. Web Conferencing Server and Web Conferencing Management Server signaling to the Media Server for recording media storage/retrieval. Media Server downloads of encoded recording media for storage. Media Streams to the Flash Media Gateways δ, δ, ρ, 1, 2 δ, δ, ρ,1, 2 δ, ρ, 1 δ Notes: 1. Only required for Media Servers designated for recording. 2. The use of port 7410 and 7411 is mutually exclusive. By default port 7410 for non-secure HTTP access is enabled, but when disabled, port 7411 is used for secure HTTPS access. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 45

No. Destination Table 25: Changes from AAC 7.0 to 7.2 (Document Conversion Server) 25.1.1 161 UDP No Open EM Server SNMP (GET) 25.2.1 NONE 46 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Destination No. Table 26: Changes from AAC 7.2 to 8. (Web Conferencing Server (WCS) Service Addresses) 26.1.1 443 TCP/HTTPS/WSS No Open Internet/Intranet Web Client 26.1.2 843 TCP No Open Internet/Intranet Web Client 26.2.1 NONE REMOVED 26.3.1 NONE INTRA-DEVICE CONNECTIONS Only change here is that the HTTPS session is upgraded to a secure web socket connect. Clients must access the Flash Policy Server component of the WCS for Web Collaboration. 26.4.1 8143 TCP/HTTPS No Open N/A Used for internal communication between the WCS sub-components. 3 26.4.2 48920 TCP/HTTP Yes Closed N/A Internal port for the WCS Tomcat Server when HTTP is enabled. 4 26.4.3 48921 TCP/HTTPS No Open N/A Used for internal communication between 5 the WCS sub-components. 26.4.4 48943 TCP No Open N/A Internal port for the Flash Policy Server. 6 ε,1 ε,2 Notes: 1. References rule 14.1.1 in Table 14. 2. References rule 14.1.6 in Table 14. 3. References rule 14.3.1 in Table 14. 4. References rule 14.3.2 in Table 14. 5. References rule 14.3.3 in Table 14. 6. References rule 14.3.4 in Table 14. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 47

No. Destination Table 27: Changes from AAC 7.2 to 8.0 (Document Conversion Server) 27.1.1 22 TCP/SSH No Open Admin terminal, SAL Gateway System management requiring shell access 1 27.1.2 161 UDP No Open EM Server SNMP (GET) 2 27.1.3 4891 TCP/TLS No Open EM Server NED 3 27.1.4 46002 TCP/TLS No Open EM Service Config. Mtce (perfect channel) 4 27.1.5 46002 UDP No Open EM Service Config. Mtce (perfect channel), and associated heartbeat to TCP Perfect Channel 27.1.6 46013 TCP/TLS No Open EM Service Logs (perfect channel) 7 27.1.7 46013 UDP No Open EM Service Logs (perfect channel), and associated heartbeat to TCP Perfect Channel 8,9 27.1.8 46015 TCP/TLS No Open EM Service OMs (perfect channel) 10 27.1.9 46015 UDP No Open EM Service OMs (perfect channel), and associated heartbeat to TCP Perfect Channel 11,12 27.1.10 46021 TCP/HTTPS No Open WCS Server Document Conversion Service via WCS reverse proxy for document conversions 13,δ 27.2.1 53 UDP/TCP Yes N/A DNS Servers DNS 14 27.2.2 123 UDP No N/A NTP Servers NTP 15 27.2.3 443 TCP/HTTPS Yes N/A WCS Service Upload of converted documents through WCS Reverse Proxy to the WCMS 16,δ 27.2.4 514 UDP Yes N/A Syslog Server Remote Syslog Server 17 27.2.5 2100 TCP/TLS No N/A EM Server NED FTP pull passive mode (control) 18,19 27.2.6 2101 2151 TCP/TLS No N/A EM Server NED FTP pull passive mode (data) 20,19 27.2.7 5432 TCP/TLS No N/A DB Server Database SQL 21 27.2.8 12112 TCP/TLS No N/A EM Service Logs (perfect channel) 22 27.2.9 12112 UDP No N/A EM Service Logs (perfect channel) 23,24 27.2.10 12114 TCP/TLS No N/A EM Service OMs (perfect channel) 25 27.2.11 12114 UDP No N/A EM Service OMs (perfect channel) 23,26 27.2.12 12125 TCP/TLS No N/A EM Service Alarm Sync 27 27.2.13 49152 65535 UDP No N/A EM Service Alarm Sync 28 REMOVED 27.3.1 8080 TCP/HTTP Yes N/A WCS Server HTTP no longer supported. 27.3.2 8443 TCP/HTTPS Yes N/A WCS Server HTTPS replaced by TCP/HTTPS 46021 5,6 29 48 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Notes: 1. References rule 15.1.1 in Table 15. 2. References rule 15.1.2 in Table 15. 3. References rule 15.1.3 in Table 15. 4. References rule 15.1.4 in Table 15. 5. References rule 15.1.5 in Table 15. 6. Source port is 12101, 49152 65535. 7. References rule 15.1.6 in Table 15. 8. References rule 15.1.7 in Table 15. 9. Source port is 12112, 49152 65535. 10. References rule 15.1.8 in Table 15. 11. References rule 15.1.9 in Table 15. 12. Source is 12114, 49152 65535. 13. References rule 15.1.10 in Table 15. 14. References rule 15.2.1 in Table 15. 15. References rule 15.2.2 in Table 15. 16. References rule 15.2.3 in Table 15. 17. References rule 15.2.4 in Table 15. 18. References rule 15.2.5 in Table 15. 19. Uses SSL FTP (RFC 4217). 20. References rule 15.2.6 in Table 15. 21. References rule 15.2.7 in Table 15. 22. References rule 15.2.8 in Table 15. 23. Source port is 46004. 24. References rule 15.2.9 in Table 15. 25. References rule 15.2.10 in Table 15. 26. References rule 15.2.11 in Table 15. 27. References rule 15.2.12 in Table 15. 28. References rule 15.2.13 in Table 15. 29. change required in order to support Co-Res deployments. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 49

Table 28: Changes from AAC 7.2 to 8. ( Server (AS) Service IP Address) Destination No. 28.1.1 5060 TCP/SIP Yes Closed 28.1.2 5061 TCP/TLS/SIP(S) Yes Open 28.2.1 NONE REMOVED 28.3.1 NONE AAC Mobile App Client (ios and Android) AAC Mobile App Client (ios and Android) SIP within Enterprise from Client 1,2,3 SIP or SIPS over TLS within Enterprise from Client 1,2,4 Notes: 1. Client supports Connection Reuse such that additional outbound connection is not required. 2. The use of SIP and SIP/TLS is mutually exclusive. 3. References rule 9.1.4 in Table 9. 4. References rule 9.1.9 in Table 9. 50 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Destination No. Table 29: Changes from AAC 7.2 to 8.0 for the Provisioning and Collaboration Agent (CA) Manager Server IP Address 29.1.1 24052 TCP/SIP Yes Closed SBC 29.1.2 24053 TCP/TLS/SIP(S) Yes Open SBC Avaya SBC SIP connection to the Provisioning or Collaboration Agent Manager Server for Enhanced Audio/Video in Collaboration Agent client. Avaya SBC SIP/TLS connection to the Provisioning or Collaboration Agent Manager Server for Enhanced Audio/Video in Collaboration Agent client. 29.2.1 5060 TCP/SIP Yes N/A SBC SIP to SBC δ,1,4 29.2.2 5061 TCP/TLS/SIP Yes N/A SBC SIP(S)/TLS to SBC δ,1,5 REMOVED 28.3.1 NONE δ,1,2,6 δ,1,3,6 Notes: 1. The use of SIP and SIP/TLS is mutually exclusive. 2. References rule 7.1.14 in Table 7. 3. References rule 7.1.15 in Table 7. 4. References rule 7.2.9 in Table 7. 5. References rule 7.2.11 in Table 7. 6. For the Enhanced Audio/Video in Collaboration Agent feature, make sure that SIP trunk traffic flows between the SBC and Avaya Session Manager is configured in both directions. They are either SIP TLS 5061 or SIP TCP 5060 in both directions. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 51

No. Destination Table 30: Changes from AAC 8.0 to 8.0 SP2 for the ( Server (AS) Server IP Address) 30.1.1 15054 TCP/TLS No Open Redundant AS Server FT Secure Sync Channel 1 30.2.1 15054 TCP/TLS No N/A Redundant AS Server FT Secure Sync Channel 2 REMOVED 28.3.1 NONE Notes: 1. Reference rule 8.1.15 in Table 8. 2. Reference rule 8.2.21 in Table 8.. 52 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Appendix A: Base s and Offsets Network Elements that are managed by the Avaya Aura Conferencing Element Manager use a base port + offset for different types of communication between each other and the Element Manager. The typical defaults for the base ports are shown in Table 28, but they can be changed as required. Base port offsets are not configurable on the system and are shown in Table 29. Network Element Table 28: Base s Base Element Manager 12100 Accounting Manager 12300 Server 15000 Web Conferencing Management Server 17000 Provisioning Manager 24000 Collaboration Agent Manager 24000 Web Conferencing Server 48900 Document Conversion Server 46000 Media Server 49000 Offset Name Table 29: Network Element Offset Definitions Offset Value Element Manager Perfect Channel Config Maintenance 1 NE Perfect Channel Config Maintenance 2 NE Alarms 4 ADR Element Manager Service Heartbeat 6 Element Manager Logs 12 NE Log 13 Element Manager OMs 14 NE OM 15 Accounting Manager Billing Stream 18 Server Billing Stream 19 Element Manager OMI 21 Element Manager SNMP Traps 24 Element Manager Alarms 25 Element Manager Log Browser 26 Fault-Tolerance Heartbeat 50 Fault-Tolerance Sync 53 SIP Listening 52 SIP TLS Listening 53 Fault-Tolerance Secure Sync 54 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 53

Appendix B: Overview of TCP/IP s What are ports and how are they used? TCP and UDP use ports (defined at http://www.iana.org/assignments/port-numbers) to route traffic arriving at a particular IP device to the correct upper layer application. These ports are logical descriptors (numbers) that help devices multiplex and de-multiplex information streams. Consider your desktop PC. Multiple applications may be simultaneously receiving information. In this example, email may use destination TCP port 25, a browser may use destination TCP port 80 and a telnet session may use destination TCP port 23. These logical ports allow the PC to de-multiplex a single incoming serial data packet stream into three mini-streams inside the PC. Furthermore, each of the mini-streams is directed to the correct high-level application because the port numbers identify which application each data ministream belongs. Every IP device has incoming (Ingress) and outgoing (Egress) data streams. s are used in TCP and UDP to name the ends of logical connections which carry data flows. TCP and UDP streams have an IP address and port number for both source and destination IP devices. The pairing of an IP address and a port number is called a socket (discussed later). Therefore, each data stream is uniquely identified with two sockets. Source and destination sockets must be known by the source before a data stream can be sent to the destination. Some destination ports are open to receive data streams and are called listening ports. Listening ports actively wait for a source (client) to make contact to a destination (server) using a specific port that has a known protocol associate with that port number. HTTPS, as an example, is assigned port number 443. When a destination IP device is contacted by a source device using port 443, the destination uses the HTTPS protocol for that data stream conversation. Type Ranges numbers are divided into three ranges: Well Known s, Registered s, and Dynamic s (sometimes called Private s). Well Known s are those numbered from 0 through 1023. Registered s are those numbered from 1024 through 49151 Dynamic s are those numbered from 49152 through 65535 The Well Known and Registered ports are assigned by IANA (Internet Assigned Numbers Authority) and are found here: http://www.iana.org/assignments/port-numbers. Well Known s For the purpose of providing services to unknown clients, a service listen port is defined. This port is used by the server process as its listen port. Common services often use listen ports in the well-known port range. A well-known port is normally active meaning that it is listening for any traffic destined for a specific application. For example, well known port 23 on a server is actively waiting for a data source to contact the server IP address using this port number to establish a Telnet session. Well known port 25 is waiting for an email session, etc. These ports are tied to a well understood application and range from 0 to 1023. In UNIX and Linux operating systems, only root may open or close a well-known port. Well Known ports are also commonly referred to as privileged ports. 54 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

Registered s Unlike well-known ports, these ports are not restricted to the root user. Less common services register ports in this range. Avaya uses ports in this range for call control. Some, but not all, ports used by Avaya in this range include: 1719/1720 for H.323, 5060/5061 for SIP, 2944 for H.248 and others. The registered port range is 1024 49151. Even though a port is registered with an application name, industry often uses these ports for different applications. Conflicts can occur in an enterprise when a port with one meaning is used by two servers with different meanings. Dynamic s Dynamic ports, sometimes called private ports, are available to use for any general purpose. This means there are no meanings associated with these ports (similar to RFC 1918 IP Address Usage). These are the safest ports to use because no application types are linked to these ports. The dynamic port range is 49152 65535. Sockets A socket is the pairing of an IP address with a port number. An example would be 192.168.5.17:3009, where 3009 is the socket number associated with the IP address. A data flow, or conversation, requires two sockets one at the source device and one at the destination device. The data flow then has two sockets with a total of four logical elements. Each data flow must be unique. If one of the four elements is unique, the data flow is unique. The following three data flows are uniquely identified by socket number and/or IP address. Data Flow 1: 172.16.16.14:1234-10.1.2.3:2345 Data Flow 2: 172.16.16.14.123-10.1.2.3:2345 Data Flow 3: 172.16.16.14:1234-10.1.2.4:2345 Data flow 1 has two different port numbers and two different IP addresses and is a valid and typical socket pair. Data flow 2 has the same IP addresses and the same port number on the second IP address as data flow 1, but since the port number on the first socket differs, the data flow is unique. Therefore, if one IP address octet changes, or one port number changes, the data flow is unique. Figure 1, below, is an example showing ingress and egress data flows from a PC to a web server. Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016 55

Socket Example Diagram Client HTTP-Get Source 192.168.1.10:1369 Destination 10.10.10.47:80 Web Server TCP-info Destination 192.168.1.10:1369 Source 10.10.10.47:80 ` Figure 2: Socket Example Notice the client egress stream includes the client s source IP and socket (1369) and the destination IP and socket (80). The ingress stream has the source and destination information reversed because the ingress is coming from the server. Understanding Firewall Types and Policy Creation Firewall Types There are three basic firewall types: Packet Filtering Level Gateways (Proxy Servers) Hybrid (ful Inspection) Packet Filtering is the most basic form of the firewalls. Each packet that arrives or leaves the network has its header fields examined against criterion to either drop the packet or let it through. Routers configured with Access Control Lists (ACL) use packet filtering. An example of packet filtering is preventing any source device on the Engineering subnet to telnet into any device in the Accounting subnet. level gateways (ALG) act as a proxy, preventing a direct connection between the foreign device and the internal destination device. ALGs filter each individual packet rather than blindly copying bytes. ALGs can also send alerts via email, alarms or other methods and keep log files to track significant events. Hybrid firewalls are dynamic systems, tracking each connection traversing all interfaces of the firewall and making sure they are valid. In addition to looking at headers, the content of the packet, up through the application layer, is examined. A stateful inspection firewall also monitors the state of the connection and compiles the information in a state table. ful inspection firewalls close off ports until the connection to the specific port is requested. This is an enhancement to security against port scanning. 1 1 scanning is the act of systematically scanning a computer s ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer. 56 Avaya Matrix: Avaya Aura Conferencing 8.0 April 2016

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information