IBM® Sametime uses a number of ports on the servers in your deployment. This topic lists the default ports and their uses; a range of ports means that the application can select any port in that range, in case one or more of those ports are already in use by other applications.
Sametime System Console
The following ports are used on the Sametime® System Console.
Table 1. Sametime System Console ports
|
|
|
|
|
Installation manager utilities, post-registration utilities, and the Sametime Meeting Server access the Sametime System Console database port. The database port number is determined by the DB2® server configuration.
|
|
|
The Sametime Community Server accesses the Sametime System Console HTTP port. This is determined by the WebSphere® Application Server configuration. You can find this port number in AboutThisProfile.txt or in the Integrated Solutions Console.
|
|
|
The Sametime Community Server accesses the Sametime System Console HTTPS port. This is determined by the WebSphere Application Server configuration. You can find this port number in AboutThisProfile.txt or in the Integrated Solutions Console.
|
|
|
Provides HTTP browser access to the Sametime System Console for administrators. This is determined by the WebSphere Application Server configuration. You can find this port number in AboutThisProfile.txt or in the Integrated Solutions Console.
|
|
|
Provides HTTPS browser access to the Sametime System Console for administrators. This is determined by the WebSphere Application Server configuration. You can find this port number in AboutThisProfile.txt or in the Integrated Solutions Console.
|
DB2 server
The following ports are used on the DB2 server.
Table 2. DB2 server ports
|
|
|
|
|
The DB2 port is accessed by the Sametime System Console. The port number is configured by the DB2 server configuration.
|
LDAP server
The following ports are used on the LDAP server.
Table 3. LDAP server ports
|
|
|
|
|
The LDAP port is accessed by the Sametime System Console. The port number is configured by the LDAP server configuration.
|
Sametime Community Server
The following ports are used on the Sametime Community Server. The first table lists ports used by HTTP Services, Domino® Services, LDAP Services, and Sametime intraserver ports, and the second table lists ports used by Community Services.
Table 4. HTTP Services, Domino Services, LDAP Services, and Sametime intraserver ports
|
|
|
|
|
The Sametime Community Server listens for the Sametime System Console on port 80.
If you allow HTTP tunneling on port 80 during the Sametime Community Server installation, the Community Services multiplexer on the Sametime Community Server listens for HTTP connections from web browsers, and Sametime Connect clients on port 80.
If you do not allow HTTP tunneling on port 80 during the Sametime Community Server installation, the Domino HTTP server listens for HTTP connections on this port.
|
Alternate HTTP port (8088)
|
If you allow HTTP tunneling on port 80 during the Sametime Community Server installation or afterward, the Domino HTTP server on which the Sametime Community Server is installed must listen for HTTP connections on a port other than port 80. The Sametime installation changes the Domino HTTP port from port 80 to port 8088 if the administrator allows HTTP tunneling on port 80 during a Sametime Community Server installation.
Note: If you allow HTTP tunneling on port 80 during the Sametime Community Server installation, web browsers make HTTP connections to the Community Services multiplexer on port 80, and the Community Services multiplexer makes an intraserver connection to the Sametime HTTP server on port 8088 on behalf of the web browser.
This configuration enables the Sametime Community Server to support HTTP tunneling on port 80 by default following the server installation.
|
|
|
If you configure the Sametime Community Server to connect to an LDAP server, the Sametime Community Server connects to the LDAP server on this port.
|
|
|
The Domino HTTP server listens for HTTPS connections from the Sametime System Console on this port by default.
This port is used only if you have set up the Domino HTTP server to use Secure Sockets Layer (SSL) for web browser connections.
|
|
|
The Domino server on which Sametime is installed listens for connections from Notes® clients and Domino servers on this port.
|
|
|
The Event Server port on the Sametime Community Server is used for intraserver connections between Sametime components. Make sure that this port is not used by other applications on the server.
|
|
|
The Token Server port on the Sametime Community Server is used for intraserver connections between Sametime components.
|
Table 5. Community Services ports
|
|
|
|
|
Community Services listens for direct TCP/IP connections from the Community Services of other Sametime Community Servers on this port. If you have installed multiple Sametime Community servers, this port must be open for presence, chat, and other Community Services data to pass between the servers.
|
|
|
The Community Services listen for direct TCP/IP connections and HTTP-tunneled connections from the Community Services clients (such as Sametime Connect and Sametime Meeting Room clients) on this port.
Note: The term "direct" TCP/IP connection means that the Sametime client uses a unique Sametime protocol over TCP/IP to establish a connection with the Community Services.
The Community Services also listen for HTTPS connections from the Community Services clients on this port by default. The Community Services clients attempt HTTPS connections when accessing the Sametime Community Server through an HTTPS proxy server.
If you do not allow HTTP tunneling on port 80 during the Sametime installation, the Community Services clients attempt HTTP-tunneled connections to the Community Services on port 1533 by default.
|
|
|
If the you allow HTTP tunneling on port 80 during the Sametime Community Server installation, the Community Services clients can make HTTP-tunneled connections to the Community Services multiplexer on port 80.
Note: When HTTP tunneling on port 80 is allowed during the Sametime installation, the Community Services multiplexer listens for HTTP-tunneled connections on both port 80 and port 1533. The Community Services multiplexer simultaneously listens for direct TCP/IP connections on port 1533.
|
|
|
When HTTP tunneling support is enabled, the Community Services clients can make HTTP-tunneled connections to the Community Services multiplexer on port 8082 by default. Community Services clients can make HTTP-tunneled connections on both ports 80 and 8082 by default.
Port 8082 ensures backward compatibility with previous Sametime releases. In previous releases, Sametime clients made HTTP-tunneled connections to the Community Services only on port 8082. If a Sametime Connect client from a previous Sametime release attempts an HTTP-tunneled connection to a Sametime Community Server, the client might attempt this connection on port 8082.
|
Table 6. Sametime Classic Meetings
|
|
|
|
|
The Sametime Classic Meeting Room client loads in a user's web browser when the user attends an instant or scheduled meeting. The Meeting Room client must establish connections with the Community Services on the Sametime Community Server (on default port 1533).
|
|
|
The Meeting Room client must establish connections with the Meeting Services on the Sametime Community Server (on default port 8081).
|
|
|
The Sametime Classic Recorded Meeting client attempts a direct RTSP TCP/IP connection to the Recorded Meeting Broadcast Services on the Sametime Community Server on default port 554. Over this connection, the Broadcast client negotiates with the server to receive the streams that transmit the recorded meeting data.
|
Sametime Media Manager
The following ports are used on the Sametime Media Manager.
Table 7. Media Manager ports
|
|
|
|
|
HTTP port for control and general management of audio/video calls. In a cluster, HTTP ports are proxied through a WebSphere Proxy Server. This lets you open these ports only between the firewall and the WebSphere Proxy. WebSphere may change this ports depending on the install environment.
|
|
|
The Packet Switcher component of the Sametime Media Manager routes audio data to participant endpoints through a range of ports starting with 42000 through 43000. It uses values in this range as needed, as it services multiple calls. It chooses new ports in increments of 2.
If encryption is enabled (SRTP), the range starts with an odd port number. RTCP starts with the next port available, which is the RTP or SRTP port incremented by 1.
|
|
|
The Packet Switcher component of the Sametime Media Manager routes video data to participant endpoints through a range of ports starting with 46000 through 47000. It uses values in this range as needed, as it services multiple calls. It chooses new ports in increments of 2.
If encryption is enabled (SRTP), the range starts with an odd port number. RTCP starts with the next port available, which is the RTP or SRTP port incremented by 1.
|
|
|
The Conference Manager, and Packet Switcher are SIP applications, so they use WebSphere SIP container ports. By default, they are 5060 and 5061, but they are dependent on WebSphere during install to determine the available port numbers to use. In a cluster, SIP ports are proxied through a WebSphere Proxy Server. This lets you open these ports only between the firewall and the WebSphere Proxy.
|
|
|
This is for server to server communication. The Sametime System Console accesses the Deployment Manager SOAP port. This port number varies, depending on how WebSphere was installed. The port number can be determined by looking at AboutThisProfile.txt's SOAP connector port value in the profile log directory or the Integrated Solutions Console.
|
SIP Proxy and Registrar
The following ports are used on the SIP Proxy and Registrar.
Table 8. SIP Proxy and Registrar ports
|
|
|
|
|
SIP messaging uses these ports in a single server Media Manager deployment where SIP Proxy and Registrar runs in a separate virtual host. The value is defined in the WebSphere Application Server instance on which the Sametime Proxy & Registrar is running.
|
|
|
The default ProxyRegistrar installer does not use these ports. It uses the two above. Therefore, this is only true if the administrator changes the virtual host to use the default, which is defined on port 5060/5061. SIP messaging uses this port in a multiple server Media Manager deployment where SIP Proxy and Registrar runs in on a separate machine. The value is defined in the WebSphere Application Server instance on which the Sametime Proxy & Registrar is running.
|
Sametime Meeting Server
The following ports are used on the Sametime Meeting Server. Most of these ports are configurable.
Table 9. Meeting Server ports
|
|
|
|
|
In a single node environment using HTTP that bypasses the WebSphere Application Server proxy, the Sametime Meeting Server listens for data from the Sametime Meeting Room client over this connection.
|
|
|
In a single node environment using HTTPS that bypasses the WebSphere Application Server proxy, the Sametime Meeting Server listens for data from the Sametime Meeting Room client over this connection.
|
|
|
In a multiple node environment using HTTP, the Sametime Meeting Server listens for data from the Sametime Meeting Room client that is passed through the WebSphere Application Server proxy.
|
|
|
In a multiple node environment using HTTPS, the Sametime Meeting Server listens for data from the Sametime Meeting Room client that is passed through the WebSphere Application Server proxy.
|
|
|
This is for server to server communication. The Sametime System Console accesses the Deployment Manager SOAP port. This port number varies, depending on how WebSphere was installed. The port number can be determined by looking at AboutThisProfile.txt's SOAP connector port value in the profile log directory or the Integrated Solutions Console. See also the following section: Note about SOAP ports for complex deployments.
|
Note about SOAP ports for complex deployments Deploying WebSphere Application Server SOAP port is complicated and might include ports besides 8880, especially if there is more than one Sametime product on a specific machine. Usually the firewall openings are configured prior to the deployment, when your understanding of the port configuration is still incomplete. In order to have a smoother deployment you can add port ranges – for example 8880 - 8890 and 8600 - 8610. For example, when a Sametime Proxy node in the DMZ is federated into the internal Sametime System Console cell, it needs one port for Sametime System Console to Sametime Proxy Deployment Manager communication and another port for the Sametime Proxy primary node communication – which is on the same machine. You might also need port 8601 when you want to update the Sametime Proxy configuration through the Sametime System Console.
Sametime Proxy Server
The following ports are used on the Sametime Proxy Server.
Table 10. Proxy Server ports
|
|
|
|
|
This is for server-to-server communication. The Sametime System Console accesses the Deployment Manager SOAP port. This port number varies, depending on how WebSphere was installed. The port number can be determined by looking at AboutThisProfile.txt's SOAP connector port value in the profile log directory or the Integrated Solutions Console. See also the previous section: Note about SOAP ports for complex deployments.
|
Sametime Advanced
The following ports are used on Sametime Advanced. Most of these ports are configurable.
Table 11. Advanced server ports
|
|
|
|
|
The default http port for the Sametime Advanced web application.
|
|
|
The default https port for the Sametime Advanced web application.
|
|
|
The default MQTT port. The broadcast community alerts and notifications are sent over this port.
|
|
|
The default MQTT SSL port. The broadcast community alerts and notifications are sent over this port.
|
Note about SOAP ports for complex deployments Deploying WebSphere Application Server SOAP port is complicated and might include ports besides 8880, especially if there is more than one Sametime product on a specific machine. Usually the firewall openings are configured prior to the deployment, when your understanding of the port configuration is still incomplete. In order to have a smoother deployment you can add port ranges – for example 8880 - 8890 and 8600 - 8610. For example, when a Sametime Proxy node in the DMZ is federated into the internal Sametime System Console cell, it needs one port for Sametime System Console to Sametime Proxy Deployment Manager communication and another port for the Sametime Proxy primary node communication – which is on the same machine. You might also need port 8601 when you want to update the Sametime Proxy configuration through the Sametime System Console.
Sametime Connect client
The following ports are used on the Sametime Connect client.
Table 12. Sametime Connect client ports
|
|
|
|
|
The client listens for HTTP traffic over this port. This cannot be configured in preferences.
|
|
|
The installed meeting client uses this port for peer-to-peer application sharing.
|
|
|
This range of ports is used by the audio and video channels to receive RTP and RTCP packets over UDP.
|
|
|
Sametime Connect client SIP port. The Sametime Connect client will start with the initial port value, finding the first port available in increments of 2. This search is up to and including the starting port value plus 100. The starting value is implemented as a preference, but is not currently exposed for update via any user interface.
|
|
|
Sametime Connect client port used for peer-to-peer file transfer.
|
|
|
Sametime Connect client Web API port for HTTP
|
|
|
Sametime Connect client Web API port for HTTPS
|
Parent topic: Planning
|
|
|
|
| Version 2 |
January 24, 2012 |
11:51:04 AM |
by Elizabeth Bowling  |
|
|