Understanding a Vocera XMPP Adapter Configuration / Viewing the Vocera XMPP Adapter Requirements |
External and internal port information is provided in tables, including required and optional port information for platform, adapter, voice service, SIP telephony gateway, Badge, and Vina.
Users should access the application with a Fully Qualified Domain Name (FQDN). Sites using TLS should install a trusted certificate with a matching FQDN.
The following table describes the firewall requirements which should be configured in order to successfully install, update, and support the Vocera Platform and its operating system.
Port Number | Protocol | Source | Destination | Feature | Purpose |
---|---|---|---|---|---|
443 | TCP | Vocera Platform |
svc.ext-inc.com 199.180.201.227 |
Provisioning |
Provisioning APNS certificate retrieval |
22 | TCP | Vocera Platform |
svc.ext-inc.com 199.180.201.227 |
Remote Support | Remote Support |
443 | TCP | Vocera Platform |
box.voceracommunications.com address subject to change or for legacy installations: yum.ext-inc.com 38.99.68.43 |
Software Update | Repository access for installing Redhat and Vocera software updates |
The following table lists optional external ports that may be needed depending on the configured software and desired functionality.
Port Number | Protocol | Source | Destination | Feature | Purpose |
---|---|---|---|---|---|
443 | TCP | Vocera Platform | api.push.apple.com17.0.0.0/8 | XMPP | Send notifications for data and calls via the Apple Push Notification Service (APNS). |
5223 | TCP |
Vina (iOS only) |
*.push.apple.com17.0.0.0/8 | XMPP | Receive push notifications on iOS device. According to Apple, the iOS device is using Wi-Fi, port 5223 must be open outbound and inbound to the Wi-Fi. |
443 | TCP | Vocera Platform |
Google's ASN of 15169 |
XMPP | Send notifications for data and calls via Firebase Cloud Messaging (FCM) |
5228, 5229, 5230 | TCP |
Vina (Android only) |
Firebase Google's ASN of 15169 |
XMPP | Receive push notifications on Android device |
443 | TCP |
External browser access (all networks) |
Reverse proxy → Vocera Platform Firewall pinhole → Vocera Platform Port forwarder → Vocera Platform |
When workflow page access for browsers outside the network is desired using a reverse proxy in a DMZ, traffic from any address to the proxy on port 443 must be open. Using a reverse proxy also has an internal requirement for the proxy to access Vocera. | |
5222 | TCP | Vina |
Vocera Edge → Vocera Platform Firewall pinhole → Vocera Platform Port forwarder → Vocera Platform |
XMPP | External XMPP traffic communicates with Vocera Platform via the Vocera Edge XMPP proxy |
443 | TCP | Vocera Platform | www.amion.com | Amion Adapter | Download Amion schedule updates from the Amion cloud service |
443 | TCP | Vocera Platform | api.qgenda.com | Qgenda Adapter | Download Qgenda schedule updates from the Qgenda cloud service |
It is assumed that the following sources or destinations are on the internal network. If a listed item has a source or destination outside the internal network, then it must also be opened in the external firewall.
Port Number | Protocol | Source | Destination | Feature | Purpose |
---|---|---|---|---|---|
22 | TCP | Any SSH client | Vocera Platform | SSH access | Command line administration |
80 | TCP |
Cisco Phones SpectraLink Phones |
Vocera Platform | Multiple | Workflow access from mobile devices |
443 | TCP | Any HTTPS client | Vocera Platform | Multiple | Admin Console and workflow access via HTTPS |
161 | UDP | SNMP Client | Vocera Platform | SNMP | Query Vocera Platform for SNMP parameters |
161 | UDP | Vocera Platform | SNMP Manager | SNMP | Send SNMP traps for audit events |
25 | TCP | Vocera Platform | SMTP Server | SMTP | Send SMTP messages for audit events |
IP packets of type 112 must be allowed for VRRP; the Virtual Router Redundancy Protocol
Port Number | Protocol | Source (Client) | Destination (Server) | Feature | Purpose |
---|---|---|---|---|---|
22 | TCP | Master | Slave | Rsync over SSH | Filesystem replication |
5432 | TCP | Slave | Master | Postgres | Database replication |
5433 | TCP | Slave | Master | Postgres | Database replication |
61616 | TCP | Master Slave | Slave Master | Apache Artemis | JMS broker clustering |
61617 | TCP | Master Slave | Slave Master | Apache Artemis | JMS broker replication |
The following port usage depends on the configured integrations.
Port Number | Protocol | Source | Destination | Feature | Purpose |
---|---|---|---|---|---|
9443 | HTTPS | Vocera Platform | Vocera Platform | Austco | Request to register a subscription |
9443 | WSS | Vocera Platform | Austco | Austco | Persistent connection to receive Austco alerts |
443 | TCP | Multiple inbound integrations | Vocera Platform | Multiple | Inbound adapter integrations that support HTTPS; e.g., ResponderSync, Hill-Rom Clinical API, SOAP Publisher |
80 | TCP | Multiple inbound integrations | Vocera Platform | Multiple | Available for inbound adapter integration\ support for HTTP when HTTPS is not supported |
443 | TCP | Vocera Platform | Multiple outbound integrations | Multiple | Outbound adapter integrations that support HTTPS; e.g., ResponderSync, Hill-Rom Clinical API, SOAP Publisher |
80 | TCP | Vocera Platform | Multiple outbound integrations | Multiple | Available for outbound adapter integration\ support for HTTP when HTTPS is not supported |
80 | TCP |
Cisco Phones SpectraLink Phones |
Vocera Platform | Multiple | Workflow access from mobile devices |
443 | TCP | Any HTTPS client | Vocera Platform | Multiple | Admin Console and workflow access via HTTPS |
5222 | TCP | Vina | Vocera Platform | XMPP | Client to server XMPP traffic for all data, messaging, presence |
389 | TCP | Vocera Platform | LDAP Server | LDAP | Authentication and user synchronization via LDAP |
686 | TCP | Vocera Platform | LDAP Server | LDAP | Authentication and user synchronization via LDAP over SSL |
1322 | TCP | Vocera Platform | Unite Connectivity Manager (UCM) | Ascom | Push interactive messages to Ascom devices |
5000-5004 * | TCP | UCM | Vocera Platform | Ascom | UCM responses to message delivery |
5005 * | TCP | Vocera Messaging Interface (VMI) Client | Vocera Platform | VMI | Inbound VMI integrations |
5007 * | TCP | Vocera Messaging Interface (VMI) Client | Vocera Platform | VMI | Inbound VMI integrations using TLS |
25 * | TCP | SMTP Client | Vocera Platform | Incoming Email | Inbound SMTP messages for the Incoming Email interface |
25 * | TCP | Vocera Platform | SMTP Server | Outgoing Email | Outbound SMTP messages from the Outgoing Email interface |
6661-6664 ** | TCP | HL7 | Vocera Platform | HL7 (ADT) | Inbound HL7 ADT messages via LLP |
7000,8000-8010 ** | TCP | HL7 | Vocera Platform | HL7 (Alarms) | Inbound HL7 Philips, Capsule or IHE compliant Alarm messages via LLP |
12000 | TCP | Navicare Server | Vocera Platform | Navicare | Inbound Hill-Rom Navicare messages |
2000 * | UDP | Carescape Network | Vocera Platform | Carescape | Time synchronization |
70001 | UDP | Carescape Network | Vocera Platform | Carescape | Device discovery |
7001 * | UDP | Carescape Network | Vocera Platform | Carescape | Monitor Alarm Messages |
5050 * | EarlySense Gateway | Vocera Platform |
Port Number | Protocol | Source | Destination/Feature | Direction |
---|---|---|---|---|
5002 | UDP | Badge | Vocera Server Signaling | Bidirectional |
5001 | TCP | Vocera SIP Telephony Gateway | Vocera Server Signaling | Outbound |
5400 | UDP | Badge/Badge Property Editor | Updater Signaling | Bidirectional |
5100 | UDP | Badge | Vocera Server Audio | Outbound |
7200-7263 | UDP | Badge | Vocera Server Audio Recording | Inbound |
7892 - 9100 1 | UDP | Vocera Server | Badge/VSTG Audio | Outbound |
3306 | TCP | MySQL Signaling | (Listening) | Inbound |
5251 | TCP | Vocera Server Cluster Signaling | (Listening) | Inbound |
5555-5556 | UDP | Badge | Vconfig (Vch) Signaling during Discovery | Bidirectional |
5555-5556 | TCP | Badge | Vconfig (Vch) Signaling during Discovery | Bidirectional |
7023 | TCP | Nuance Watcher Telnet Client | (Listening) | Inbound |
7890 | UDP | Nuance Watcher | (Listening) | Inbound |
27000 | TCP | Nuance License Manager | (Listening) | Inbound |
5059, 5058 | TCP | Nuance Speech Server (allows UDP connections) | (Listening) | Inbound |
8200 | TCP | Nuance Recognition Server | (Listening) | Inbound |
32768-60999 | TCP |
Vina (iOS only) |
Signaling Gateway | Bidirectional |
32768-60999 | UDP |
Vina (Android only) |
Signaling Gateway | Bidirectional |
This section provides information on ports supported for Vocera SIP Telephony Gateway (VSTG).
Port Number | Protocol | Source | Destination/Feature | Direction |
---|---|---|---|---|
5060 | UDP | IP PBX | Vocera SIP Telephony Gateway Signaling | Bidirectional |
5300-55552 | UDP | Vocera Platform | Vocera SIP Telephony Gateway Audio | Outbound |
9200 - 9399 4000 - 4049 |
UDP | IP PBX | Vocera SIP Telephony Gateway Audio (RTP/RTCP) | Outbound |
Any free port | UDP | Vocera Platform | Vocera SIP Telephony Gateway Signaling | Outbound |
Port Number | Protocol | Source | Destination/Feature | Direction |
---|---|---|---|---|
5002 | UDP | Badge | Server Signaling | Bidirectional |
5200 | UDP | Vocera SIP Telephony Gateway | Badge Audio | Outbound |
5400 | UDP | Badge | Updater | Outbound |
5555-5556 | UDP | Badge | Updater Signaling | Bidirectional |
5555-5556 | UDP | Badge | Vconfig (Vch) Signaling during Discovery | Bidirectional |
5555-5556 | TCP | Badge | Vconfig (Vch) Signaling during Discovery | Bidirectional |
Port Number | Protocol | Source | Destination | Feature | Purpose |
---|---|---|---|---|---|
5222 | TCP | Vina |
Vocera Platform Vocera Edge Firewall pinhole Port forwarding |
XMPP | Client to server XMPP traffic for all data, messaging, presence. Communication with Edge proxy or other customer configured port 5222 access will off-premise. |
32768-60999 | TCP |
Vina (iOS only) |
Vocera Platform | Signaling Gateway | Call signaling and notifications |
32768-60999 | UDP |
Vina (Android only) |
Vocera Platform | Signaling Gateway | Call signaling and notifications |
5800-5899 | UDP | Vina | Vina | RTP | Client to client VoIP |
This section provides information on ports supported for Vocera Analytics.
Port Number | Protocol | Source | Destination | Direction |
---|---|---|---|---|
9445 | TCP | Voice Server (Remote Agent) | (Listening) | Inbound |
4040 | TCP | VA Server | Spark UI | Inbound |
7778 | TCP | VA Server (VMP Flume agent) | Spark | Bidirectional |
7779 | TCP | VA Server (Engage Flume agent) | Spark | Bidirectional |
7780 | TCP | Voice Server (VS Flume Agent) | Spark | Bidirectional |
8443 (default) or user defined | TCP | VA Server (Reporting service) | (Listening) | Inbound |
3306 | TCP | Maria DB Signaling | (Listening) | Inbound |
* These are the default values. The installer can choose a different port when configuring the adapter.
** These are the default values. The installer can choose a different port or add more ports when configuring the adapter.