This section presents a list of the TCP and UDP ports that Eleveo uses for intra-cluster connections and communication with external applications or devices. The ports are defaults and most can be changed by local administrators.
NOTE
In the tables below we use the following Eleveo service name format: Eleveo <service name> meaning the server on which a particular Eleveo service is running. For example, Eleveo configuration service is the Eleveo server on which your configuration service is operating. This information is crucial for multi-server deployments. If you have a single-server solution this server is always your Eleveo server.
When access is required to or from all Eleveo servers, the term Eleveo server is used.
Eleveo Server Port
External Connections
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
SSH client |
Eleveo server |
22 |
TCP |
Remote shell access
|
|
Workstation |
Eleveo web UI |
80 |
TCP |
Remote web access – HTTP |
|
Workstation |
Eleveo web UI |
443 |
TCP |
Remote secure web access – HTTPS |
|
Administrator workstation |
Eleveo web UI |
1443 |
TCP |
Web access to Rancher |
|
CIFS client |
Windows file sharing server |
UDP ports 137 and 138
|
TCP + UDP |
Sharing windows network drives |
|
NFS client |
NFS server |
NFSv4 (default) port 2049
|
TCP + UDP |
NFS file sharing If you encounter issues when creating mounts between recorders or between recorders and the replay, please modify the default setting to ensure that NFSv3 is used. There is a known limitation related to NFSv4 - symbolic link exports are not supported for NFS4. |
|
Archive tool/restore tool |
S3 instance |
443 or 80 |
TCP |
Archiving/restoration using S3 protocol |
|
Eleveo server |
SMTP server |
25 |
TCP |
SMTP port used for emailing from Eleveo server |
Ensure that the software firewall on the local device is disabled or configured to allow communication via the required ports.
Internal / Intracluster Communication Ports
The following ports are used for communication between multiple Quality Management components. In case you are running a cluster, you may need to allow some data to flow between cluster members. Some services are listed just for your information to better understand the port they will use upon starting.
|
Source |
Destination |
Source Port |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|---|
|
Eleveo server |
PostgreSQL server |
- |
5432 |
TCP |
PostgreSQL database |
|
NFS client |
NFS server |
- |
NFSv4 (default) port 2049
|
TCP + UDP |
NFS file sharing |
|
Eleveo server |
Eleveo RabbitMQ |
- |
5672 |
TCP |
Communication between the Eleveo core, recorder, and decoder services |
|
Eleveo server |
Eleveo server |
1024- 65535 |
30400 |
TCP |
Default RMI port for Eleveo service intercommunication |
|
Eleveo server |
Eleveo Key Manager RMI |
1024 - 65535 |
30401 |
TCP |
Communication with Key Manager |
|
Eleveo server |
Eleveo Key Manager REST |
- |
8083 |
TCP |
Communication with Key Manager |
|
Prometheus service monitor |
Eleveo Key Manager |
- |
8094 |
TCP |
Metrics endpoint for Key Manager monitoring |
|
Eleveo core |
Eleveo SIP |
1024 - 65535 |
30200 |
TCP |
Communication with the SIP service |
|
Eleveo core |
Eleveo JTAPI |
1024 - 65535 |
30300 |
TCP |
Communication with the JTAPI service |
|
Eleveo core |
Eleveo MSR |
1024 - 65535 |
30350 |
TCP |
Communication with the MSR service |
|
localhost |
localhost - Eleveo replay server |
N/A |
8190 |
TCP |
Audit service - The Quality Management frontend uses this connection within the localhost context to log audit events. |
|
Zipkin |
enc-zipkin |
- |
9411 |
TCP |
Communication for Zipkin |
|
Prometheus |
Spring Cloud Dataflow Prometheus Proxy pod |
|
7001 |
TCP |
Communication for Spring Cloud Dataflow Prometheus Proxy pod |
|
Interaction service/ Interaction service |
Media Storage Service |
- |
9003 |
TCP |
Communication with Media Storage Service |
Databases
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
Eleveo server |
PostgreSQL server |
5432 |
TCP |
PostgreSQL database |
|
Eleveo server |
Eleveo Solr server |
8983 |
TCP |
Eleveo Solr database |
|
Eleveo server |
Zookeeper |
9983 |
TCP |
Zookeeper used for Solr Cloud |
|
Eleveo server |
Solr |
7983 |
TCP |
Solr Stop port (local only) |
|
Eleveo server |
Eleveo server |
7788-7799 |
TCP |
DRBD for communication between DRBD nodes |
Live Monitoring
|
Source |
Destination |
Source Port |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|---|
|
Workstation |
Live Monitoring Service |
- |
80 or 443 |
TCP |
Live Monitoring Client -Service communication |
|
Live Monitoring Service |
Eleveo configuration service |
- |
30400, 30500, 30501 |
TCP |
Loading configuration |
|
Workstation |
Eleveo core |
40000-40100 |
37000-37100 |
TCP+UDP |
Audio stream port registration |
|
Eleveo core |
Workstation |
37000-37100 |
40000-40100 |
TCP+UDP |
Audio stream |
|
Eleveo recorders |
Eleveo core |
- |
4000-5000 |
TCP+UDP |
Audio stream |
|
Workstation |
Eleveo Screen Capture uploader |
- |
80 or 443 |
TCP |
Loading video stream |
Services/Modules utilize random TCP ports to communicate. If a service is restarted the port utilized will change. The Core uses port 30400 for the RMI Registry, services listen on ports ranging from 1024 to 65535.
In addition, ensure that the software firewall on the local device is disabled, or configured to allow communication via the required ports.
Screen Recording
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
Recorded workstation |
Eleveo Screen Capture server |
7003 |
TCP |
Client registration with server and control connection |
|
Recorded workstation |
Eleveo Screen Capture uploader |
80 or 443 |
TCP |
Uploading recorded screens |
CCaaS Platforms
|
Source |
Destination |
Destination Port
|
Internal Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|---|
|
Screen Capture for CCaaS |
Eleveo Server |
443 |
|
TCP |
Token retrieval and validation for data import, upload of media and client connection to server |
|
Webex CC |
Webex CC Integration |
443 |
8087 |
TCP |
Webex CC integration |
|
Amazon Connect Importer |
Amazon Connect |
443 |
|
TCP |
Connectivity with Amazon Connect (Kinesis Stream and S3) |
|
Cloud Connect |
User Management |
443 |
|
TCP |
Token retrieval for data import |
Screen Capture for CCaaS
Ensure that the software firewall on the local device is disabled, or configured to allow communication via the required ports.
Cisco Active and Passive Recording
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
Eleveo JTAPI |
CUCM server |
80 or 8443 |
TCP |
Downloading of the JTAPI.JAR library |
|
Eleveo JTAPI |
CUCM server |
2748 |
TCP |
Connection to the CTI Manager |
|
Eleveo Secure JTAPI |
CUCM server |
2749 |
TCP |
Secure Connection to the CTI Manager |
|
Eleveo Secure JTAPI |
CUCM server |
3804 |
TCP |
Certificate Authority Proxy Function (CAPF) |
|
Eleveo Secure JTAPI |
CUCM server |
69 |
UDP |
TFTP server |
|
Phone |
Eleveo active recorder |
16384 - 17984 |
UDP |
Forwarding RTP stream using BIB (4 ports per concurrent call) |
|
CUCM server |
Eleveo active recorder |
5060 |
TCP or UDP |
SIP Communication |
|
CUCM server |
Eleveo active recorder |
5061 |
TCP |
Secure SIP (SIPS) Communication |
|
Agent phone |
Eleveo web UI |
443 |
TCP |
Prerecording service and requesting call lists |
|
Eleveo web UI |
Agent phone |
443 |
TCP |
Prerecording service and requesting device information |
|
Eleveo active recorder |
Eleveo monitoring/ Prometeus |
8501-8506 (one per SBR instance |
TCP |
Eleveo Recording Monitoring |
|
CUCM server
|
Eleveo FTP server (Replay) |
20-21 |
TCP |
CDR Service (upload of CDR records to Eleveo FTP/SFTP server) |
|
Eleveo SFTP server (Replay) |
22 |
SIP Based Active Recording
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
RTP forking point |
Eleveo active recorder |
16384 - 17984 (second instance 26384 - 27984) |
UDP |
RTP streams |
|
SIP Active Call Service |
SIP Based Recorder |
8084 |
TCP |
Intracluster connectivity for Active recorder |
|
SIP Source |
Eleveo active recorder |
5060 (second instance 15060) |
TCP or UDP |
SIP Communication |
|
SIP Source |
Eleveo active recorder |
5061 (second instance 15061) |
TCP |
Secure Communication |
|
Eleveo active recorder |
Eleveo monitoring/ Prometeus |
8501-8506 (one per SBR instance) |
TCP |
Eleveo Recording Monitoring |
MS Teams Recording
Inbound Ports
The following ports must be open on the Azure Network Security Group:
|
Source IP |
Source port and protocol |
Destination Port and protocol |
|---|---|---|
|
Any |
9441/TCP |
|
|
Any |
8445/TCP |
|
|
2603:1063::/39 |
Any |
16384-65535 |
|
52.112.0.0/14 13.107.64.0/18 52.122.0.0/15 |
Any |
16384-65535 |
Internet Access
Please ensure that outbound Internet access is enabled from the Virtual network which is used for the Virtual Machine Scale Set (VMSS). Internet is required for the VM provisioning and self-configuration.
Unify OpenScape Xpert
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
OpenScape Xpert Multi Line Controller (MLC) |
SBR |
5060 (second instance 15060) |
TCP or UDP |
SIP Communication |
|
OpenScape Xpert Multi Line Controller (MLC) |
SBR |
16384 - 17984 |
UDP |
RTP streams |
CMS
|
Source |
Destination |
External Port |
Internal Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|---|
|
CMS Call Bridge |
CMS Integration |
443 |
8085 |
TCP |
CDR push |
|
CMS Recorder |
NFS Share storage |
2049 and 111 |
TCP and UDP |
MP4 file transfer |
|
Genesys Active Recording Media Stream Replication
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
Genesys Resource Manager |
Eleveo active recorder |
5060 |
TCP and UDP |
SIP communication |
|
Genesys Resource Manager |
Eleveo active recorder |
5061 |
TCP and UDP |
Secure SIP (SIPS) communication |
|
Eleveo active recorder |
Genesys Resource Manager |
Proxy and Monitor ports |
TCP and UDP |
SIP communication |
|
Genesys media control platform |
Eleveo active recorder |
16384 - 17984 |
UDP |
RTP streams (4 ports per concurrent call) |
|
Eleveo core |
Genesys configuration server |
2020 |
TCP |
Configuration service connection |
|
Eleveo core |
Genesys T-Server |
3000 |
TCP |
T-Server communication |
|
Eleveo core |
Eleveo recorder |
30350 |
TCP |
Media stream replication sniffer |
The Monitor port is used for SIP options pings, the Proxy port is used for recording session setup.
Integration Modules
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
Eleveo UCCE integration module |
UCCE AWDB |
1433 |
TCP |
UCCE database connection |
|
Eleveo UCCE integration module |
UCCE CTI |
42027 + (instance number * 40) |
TCP |
Connection to CTI Server Side A |
|
Eleveo UCCE integration module |
UCCE CTI |
42028 + (instance number * 40) |
TCP |
Connection to CTI Server Side B |
|
Eleveo UCCX integration module |
UCCX server |
12028 |
TCP |
UCCX integration |
|
Eleveo Genesys integration module |
Genesys configuration server |
2020 |
TCP |
Configuration service connection |
|
Eleveo Genesys integration module |
Genesys T-Server |
3000 |
TCP |
T-Server communication |
Cloud Connect
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
Cloud Connect |
User Management |
443 |
TCP |
token Import for data import |
User Management and User Data Importers
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
UCCE User Data Importer |
UCCE AWDB database |
1433 |
TCP |
Import of users from UCCE and authentication |
|
UCCE User Data Importer |
UCCE /unifiedconfig API |
443 |
TCP |
Import of users from UCCE |
|
UCCX User Data Importer |
UCCX /adminapi API |
443 |
TCP |
Import of users from UCCX |
|
UCCX User Data Importer |
CUCM AXL API |
443 |
TCP |
Import of users from UCCX and authentication |
|
CUCM User Data Importer |
CUCM AXL API |
443 |
TCP |
Import of users from CUCM and authentication |
|
Genesys User Data Importer |
Genesys server |
2020 |
TCP |
Import of users from Genesys and authentication |
|
User Management |
LDAP server |
389/636 |
TCP |
Import of users from LDAP to UM and authentication |
|
User Management |
Webex Contact Center API |
443 |
TCP |
Authentication of Webex CC users |
|
User Management |
domain controller |
443 |
TCP |
Configuring Active Directory Federation Services as an Identity Provider |
|
UCCE User Data Importer |
User Management |
443 |
TCP |
Import of users to UM and authentication |
|
UCCX User Data Importer |
User Management |
443 |
TCP |
Import of users to UM and authentication |
|
CUCM User Data Importer |
User Management |
443 |
TCP |
Import of users to UM and authentication |
|
Genesys User Data Importer |
User Management |
443 |
TCP |
Import of users to UM and authentication |
Workforce Management and Data Importers
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
UCCE Data Importer |
UCCE AWDB database |
1433 |
TCP |
Import of historical data from UCCE |
|
UCCE Data Importer |
UCCE /unifiedconfig API |
443 |
TCP |
Import of historical data from UCCE |
|
UCCE Data Importer |
UCCE Finesse /adminAPI |
443 |
TCP |
Import of historical and adherence data to Workforce Management |
|
UCCE Data Importer |
Workforce Management |
443 |
TCP |
Import of historical data to Workforce Management |
|
UCCX Data Importer |
UCCX /adminapi API |
443 |
TCP |
Import of historical data from UCCX |
|
UCCX Data Importer |
UCCX Finesse /adminAPI |
443, 8445 |
TCP |
Import of historical and adherence data to Workforce Management. In a case Finesse is co-located on ccx server, the port is 8445 |
|
UCCX Data Importer |
UCCX Database (Informix) |
1504 |
TCP |
Port on which database is running |
|
UCCX Data Importer |
Workforce Management |
443 |
TCP |
Import of historical data to Workforce Management |
|
Workforce Management |
Webex Contact Center |
443 |
TCP |
Import of historical and adherence data to Workforce Management |
WFO Analytics
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
WFO analytics service |
UCCX datasource JDBC URL |
1504 |
TCP |
UCCX Data Import functionality and scheduling (UCCX to L0 job settings) |
|
WFO analytics service |
UCCE datasource JDBC URL |
1433 |
TCP |
UCCE Data Import functionality and scheduling (UCCE to L0 job settings) |
|
Keycloak to L0 job settings |
Keycloak datasource JDBC URL |
5432 |
TCP |
Eleveo internal - Data Import functionality and scheduling |
|
WFO Analytics Core |
Keycloak Client Token Provider |
80 |
TCP |
Eleveo Internal - Keycloak token |
Other Services
Some of the services in the table below are listening on the internal port and incoming traffic from outside is coming through a proxy on the external port. Both of them are destination ports.
|
Source |
Destination |
External Port |
Internal Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|---|
|
Epic Integration |
Epic APR Adapter |
443 |
8078 |
TCP |
Epic APR Integration |
|
Cloud Connect |
Interaction service |
443 |
8081 |
TCP |
TLS connection between Cloud Connect and Interaction service |
|
CloudLift application |
cloudlift.zoomint.com |
443 |
TCP |
Upload of data using HTTPS protocol into AWS for Performance Analytics Deprecated in V 9 |
|
|
Multiple services |
Interaction service |
- |
8081 |
TCP |
Intracluster Quality Management communication |
|
External service |
Interactions API |
443 |
8081 |
TCP |
Interactions API - Media Access |
Monitoring Service
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
Eleveo Monitoring / Prometheus |
Prometheus-sql-exporter |
9399 |
TCP |
Exports tracking data from a database |
|
Eleveo Monitoring / Prometheus |
Prometheus Modules Status Exporter |
9101 |
TCP |
Exports status of modules |
|
Eleveo Monitoring / Prometheus |
Node Exporter |
9100 |
TCP |
Exports status of server nodes |
Quality Management Conversation Explorer
Ports are all within the cluster. They can be viewed from within the Rancher interface. Log into the Rancher UI and view Services.
|
Service |
Listening Port |
UDP or TCP |
Purpose |
|---|---|---|---|
|
Quality Management Email Mapper / Integration API |
8202 |
TCP |
Sales Force database or other integration |
|
Quality Management Call Recording Mapper |
8201 |
TCP |
Call Recording database connection |
|
Encourage Data - Framework |
8102 |
TCP |
Quality Management database |
|
Encourage Scheduler |
8105 |
TCP |
Scheduling service |
|
Conversations |
8107 |
TCP |
Encourage Conversations - enriching conversations by data from different sources. |
|
Correlation Service |
8108 |
TCP |
Encourage Correlation - combines segments based on correlation id and time gaps |
|
Encourage enrichment processor |
8303 |
TCP |
Loads transcription files from the segment service/interaction service and provides the Transcription object to the Conversations service. |
|
Data Access |
8300 |
TCP |
Encourage Data Access |
|
Eleveo Solr |
8301 |
TCP |
Encourage Data Solr (migration tool) |
|
Interaction Player |
8080 |
TCP |
Interaction Player |
Data Exporter
The data exporter is part of ETL Management and supports the direct export of data from the Eleveo solution.
|
Source |
Destination |
Destination Port |
UDP or TCP |
Purpose |
|---|---|---|---|---|
|
Quality Management Data Exporter |
Customer-specified FTP server |
installation dependent
|
TCP |
Destination folder of exported data |
Additional Firewall Requirements
Intracluster Communication
Additional rules must be followed for the correct functioning of Eleveo clusters:
-
Heartbeat messages are sent every 15 minutes between the core service and the active/passive recorders through the AMQP broker. Therefore, if there is a firewall between the active/passive recorders and the AMQP broker, the firewall must allow the idle TCP sessions to last for at least 15 minutes.
Additional Recommendations
Hybrid Deployments - Allow domain
It is recommended that you allow traffic from host.myeleveo.com if possible.
Hybrid Deployments - AWS Networking -
Fixed IP addresses are not supported for cloud/hybrid deployments. This is due to the fact that Elastic IP addresses are tied to a Region/Availability Zone, and in the case of recovery, Eleveo can not guarantee the same IP address will be assigned post recovery.
Determine which IP addresses must be open for communication on the firewall for Hybrid installations.
IP addresses are assigned by AWS from AWS prefixes. These prefixes are split by regions. Each region has multiple IP prefixes that may appear in the connection with Eleveo services.
As this service is not bound to fixed addresses, the customer must specify the entire defined range of prefixes listed in ip-ranges.json, which is available here: AWS IP address ranges.
Determine Your IP Range
For hybrid deployments without global accelerator IP addresses from EC2 service, you can extract a list of IP ranges by running the following two lines (please modify the region to suit your deployment):
-
bash, curl, jq
region="us-east-1" curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | jq --arg region "$region" -r '.prefixes[] | select(.region==$region) | select(.service=="EC2") | .ip_prefix'
-
PowerShell
$region="us-east-1" $url = "https://ip-ranges.amazonaws.com/ip-ranges.json";$json = Invoke-WebRequest -Uri $url | ConvertFrom-Json;Write-Output $json.prefixes | Where-Object {($_.region -contains "$region") -and ($_.service -eq "EC2")} | Select-Object ip_prefix
NOTE
This process must be performed regularly, as the values may change over time.