Vocera Edge IP Ports

Vocera Edge Servers

The Vocera Edge System servers do not require any outbound access to the Internet and all management, monitoring, and support access is managed over an IP specific site-to-site VPN tunnel.

If the organization wants users to be able to access the Vocera Edge System from outside the hospital network for cases such as BYOD mobile device users and/or Web Messenger, then outbound access can be configured just for those two application use cases. In these cases, Vocera Edge Solutions recommends the use of Multi-Factor Authentication (MFA). Device Authorization is available solely in the Vocera Edge system; however, integration with an MFA provider such as SecureAuth, ADFS, or Microsoft Azure AD using SAML 2.0 is recommended.

Vocera Edge Mobile Devices Running the Vocera Edge Mobile Application

While not required, Vocera Edge Solutions does recommend that several ports be allowed for outbound access to the internet in order to provide the most robust application experience. The ports that should be opened for outbound internet access allow Vocera Edge Solutions to provide functionality required by Apple Push Notification Services (APNS). The Vocera Edge mobile application uses APNS to provide notifications to devices that may be in a sleep state and to ensure that the mobile application automatically relaunches if the application crashes. The following ports should be open to the Internet to take full advantage of APNS functionality:

TCP port 5223 to communicate with APNS
TCP port 443 or 2197 to send notifications to APNS
TCP port 443 is required during Apple device activation, and afterwards for fallback (on Wi-Fi only) if devices cannot reach APNS on port 5223

In addition, if your facility is using Mobile Device Management (MDM), additional ports may be required to allow the mobile devices access to check into cloud-hosted MDM services. Ports are specific to your MDM vendor.

Note: To activate and configure software scanning functionality, devices must be able to externally access https://license.intermec.com on TCP port 443. This access is only necessary during the initial configuration of the device and is not required beyond initial activation.

Ports

Each managed server is configured with an active firewall. Certain ports are required to be open through the VPN tunnel, while others need to be accessible to the client or internal users.

Interface Ports
SQL Database Server Ports
Customer/Edge Access Ports
Edge Management Ports (Customer to Edge)
Edge Management Ports (Edge to Customer)
Cluster Ports
Client Ports (iOS and Android)

Interface Ports

Port	Protocol	Description
8131	GRPC	Voice Server outbound connection to Edge
8877	TCP	Interface Engine
8878	TCP	Interface Engine

SQL Database Server Ports

Access to SQL Database Server VIP from the Edge servers and across VPN.

Port	Protocol	Description
1433	TCP	MSSQL or custom port

Customer/Edge Access Ports

Port	Protocol	Description
137	TCP/UDP	File Sharing
138	TCP/UDP	File Sharing
443	TCP	Apache: Training Server Reset
4443	TCP	NGINX Proxy Pass: Load Balancer setup for BYOD external, if needed (NGINX > Tomcat)
5060	UDP	Voice Server (FreeSwitch): Load Balancer setup for external voice, if needed
5222*	TCP	Messaging: Load Balancer setup for external messaging, if needed (XMPP/Openfire)
7443	TPC	Web Messenger (BOSH): Load Balancer setup for Web Messaging external, if needed (XMPP/Openfire)
8091	TCP	Analytics Jasper (Tomcat)
8443*	TCP	PSS Web Applications: Load Balancer setup for Apps (NGINX > Tomcat)
10443	TCP	Messaging Attachments: Load Balancer setup for external messaging if needed (XMPP/Openfire)
16384–32767	UDP	VoIP RTP Port Range

Load Balancer should be configured to either send pass through traffic to port 8443 or proxy protocol traffic to port 4443.

* For application and messaging access outside of the hospital network, these ports must be accessible.

Edge Management Ports (Customer to Edge)

Accessible from customer servers to Edge across Support VPN.

Port	Protocol	Description
25	TCP	SMTP/Mail
53	TCP/UDP	DNS
80	TCP	Software Updates
123	UDP	NTP
389	TCP/UDP	Active Directory
445	TCP	Active Directory
464	TCP	Active Directory
636	TCP	Active Directory (LDAPS)
3268	TCP	Active Directory

Edge Management Ports (Edge to Customer)

Accessible to customer servers from Edge across Support VPN.

Port	Protocol	Description
22	TCP	SSH
631	TCP/UDP	CUPS Printer Server
2443	TCP	NGINX Admin Page
5601	TCP	Kibana
8090	TCP	Analytics Talend (Tomcat)
9000	TCP	Kafka Manager
9091	TCP	Openfire Admin Console
9300	TCP	Elastic Search
10050	TCP	Zabbix
10051	TCP	Zabbix
44444	TCP	Tomcat debug

Cluster Ports

Accessible between servers in a cluster.

Port	Protocol	Description
22	TCP	SSH
2181	TCP	ZooKeeper
5044	TCP	Logstash
5071	TCP	Hazelcast Clustering
5222*	TCP	Messaging
8200	TCP	Vault IO
8201	TCP	Vault IO Cluster
8443*	TCP	Edge Web Applications
9093	TCP	Kafka
30865	TCP	csync2: used to sync printer configuration for CUPS

* For application and messaging access outside of the hospital network, these ports must be accessible.

Client Ports (iOS and Android)

Port	Protocol	Description
5060	UDP	VoIP Communications
5066	SIP	SIP Client Listening
5151	TCP	Unified Messaging and Alerting for Edge Integration with Vocera Voice and Vocera Engage
5222*	TCP	Messaging
8443*	TCP	Edge Web Applications
16384–32767	UDP	VoIP RTP Port Range

* For application and messaging access outside of the hospital network, these ports must be accessible.