avid networking port usage guide

Avid NetworkingPort Usage Guide

Overview

With corporate cyber-attacks on the rise, businesses need to implement increased security measures to prevent intrusion. Firewalls provide a level of protection by insulating internal and external network traffic. However in some circumstances, firewalls can impede tools such as Avid production systems that need to cross the firewall for certain activities.

Network engineers might need to open access points for specific port numbers in the corporate firewall to allow Avid components to communicate with each other. This document provides a list of network ports used by Avid systems.

n The Windows operating system uses a wide range of ports to provide network services for Avid products. For information on ports used by the Windows operating system, see the Microsoft documentation.

Refer to the following sections as they apply to your Avid products and corporate needs:

• Avid | Edit On Demand

• Avid NEXIS

• Avid ISIS

• Avid MediaCentral Cloud UX

• Avid MediaCentral | Sync

• Avid MediaCentral Production Management

• Avid MediaCentral Newsroom Management

• Avid MediaCentral Capture

• Avid Ingest and Playout

• Avid MediaCentral Platform Services

For Media Composer | Cloud port usage, see Media Composer | Cloud Network Information and Port Usage on the Avid Knowledge Base.

For more information on port usage for Avid Link, see the following Avid Knowledge Base article: http://avid.force.com/pkb/articles/en_US/FAQ/Avid-Link-Networking.

For more information on Avid | Edit On Demand, see Avid Products: Avid Edit On Demand.

Revision History

For a list of changes made to this document, see “Revision History” on page 23.

https://www.avid.com/products/avid-edit-on-demand

http://avid.force.com/pkb/articles/en_US/FAQ/Avid-Link-Networking

http://www.avid.com/search?q&site=kbase&date=Anytime&dnav

Avid | Edit On Demand

2

Avid | Edit On Demand

Avid | Edit On Demand is a service that lets you quickly configure multiple Media Composer clients with Avid NEXIS cloud storage.

Port Usage for Avid | Edit On Demand

The following ports are used to enable file transfers and remote access to Media Composer VMs.

FileCatalyst Outbound (client to server):

• TCP 443 (HTTPS)

• TCP 990 (Control port)

• TCP 8000-8999 (TCP data ports)

• UDP 8000-8999 (UDP data ports for file transfers)

Teradici Outbound (client to server):

• TCP 443 (HTTPS/Control)

• TCP 60443 (alternate Control port)

• TCP & UDP 4172 (PCoIP session)

Teradici Inbound (server to client):

• TCP & UDP 4172 (PCoIP session)

Avid NEXIS

Avid NEXIS is the next generation of shared storage for media applications, and continues the Avid ISIS tradition of highly-scalable storage system based on a parallel file system that meets the latency constraints of media applications found in the most demanding post production and broadcast environments. All NEXIS data travels through the network to supply media to connected clients with strict latency requirements even at high system load.

Port Usage for Avid NEXIS Systems

The following table contains all the ports needed for an Avid NEXIS implementation.

Component Port Protocol Purpose

Avid NEXIS Clients

Avid NEXIS Clients—Windows

4200 — 4599 UDP Message traffic (Storage Manager and System Director)

Data traffic (including for Avid NEXIS Data Migration Utility) between Windows client and all ISIS or Avid NEXIS systems, depending on Avid NEXIS Client version

Avid NEXIS Clients—Mac and Linux

5016-5415 UDP Message traffic (Storage Manager and System Director)

Data traffic (including for Avid NEXIS Data Migration Utility) between OS X client, or Linux client and all ISIS or Avid NEXIS systems, depending on Avid NEXIS Client version

Avid NEXIS

3

Avid NEXIS Clients (All)a

49152 — 65535 TCP v7.x, 2018.x, and higher—Avid NEXIS Client access for Storage Manager data

Avid NEXIS Windows Clients

137-138, 139-445 CIFS or SMB Common Internet File Service (CIFS) is the successor to the server message block (SMB) protocol. CIFS is the primary protocol used by Windows systems for file sharing (specifically for Avid File Gateway).

Avid NEXIS Windows Clientsa

49152 — 65535 TCP v7.x, 2018.x, and higher—Avid NEXIS Client port usage to/from System Director for Storage Manager Data Transfer, Storage Manager message and System Director message traffic

Avid NEXIS System Director


21 TCP (for FTP) Anonymous FTP login is used for Avid NEXIS File Gateway.


80

443

HTTP

HTTPS

Avid NEXIS Management Console (HTML-5); default in Avid NEXIS version 2018.5 and higher


3002 HTTP Avid NEXIS Adobe Flash-based Management Console (HTML-5), default in Avid NEXIS version 2018.4 and earlier

(Also available in Avid NEXIS v2018.5 and higher until further notice)

Avid NEXIS SOAP API


3003 HTTPS Avid NEXIS Adobe Flash-based Management Console (HTML-5), default in Avid NEXIS version 2018.4 and earlier

(Also available in Avid NEXIS v2018.5 and higher until further notice)

Avid NEXIS SOAP API


5003 UDP Client, uServer and System Director to System Director control (well known port)

Common for All Avid NEXIS Platforms

Lightweight Directory Access Protocol (LDAP)

389 TCP Communication between System Director and LDAP Server(s)

Storage Manager 3435 — 3455 TCP Data Connections between Media Packs

Storage Manager Agent

5015 HTTPS Allows initial configuration of the Avid NEXIS engine, log collection, statistics, and other information mostly used or requested by Customer support.

Storage Manager 7238 — 7245 UDP or TCP For UDP messaging between all NEXIS nodes (clients, Storage Managers, System Director) -- One per Media Pack

TCP data listen port -- One per Media Pack

All Avid NEXIS E2s use port 7238

All Avid NEXIS E4s use ports 7238 and 7239

All Avid NEXIS E5s use ports 7238 — 7245


Avid ISIS

4

Avid ISIS

Avid ISIS is highly-scalable storage system based on a parallel file system that meets the latency constraints of media applications found in the most demanding post production and broadcast environments. All ISIS data travels through the network to supply media to connected clients with strict latency requirements even at high system load.

Port Usage for Avid ISIS Systems

The following table lists the ports leveraged by Avid ISIS.

OAM (Cloud data access)

7333 UDP or TCP UDP control and TCP data messages for media stored in the Cloud

a. Avid NEXIS clients use values in the range listed, but do not use them all. As client ports are closed, a new one is opened as needed. Administrators do not need to open ports specifically for Avid NEXIS clients.



Common for all ISIS Environments

ISIS System Director

21 TCP Anonymous FTP login allowed — open ftp Microsoft ftpd ftp-anon:

The FTP Service is included in the ISIS | 2500 and used in the Avid ISIS File Gateway server.


4433443

UDP System Director ports that are used during the license activation. The Avid License Control tool utilizes both port 3443 and port 443 for license request and response communication. Port 3443 is the primary port, but if this port is blocked, the Activation Service tries port 443 (which is more likely to be open for web communication).

ISIS Storage Manager

3000 UDP ISIS uServers communication

ISIS Storage Managers

3001 — 3400 UDP or TCP To or from ISIS Client or other uServer


3434, 3435 TCP Data connect ports (clients and other Storage Managers)


5001 UDP System Director to uServer for failover control


5004 UDP Administrative agent and related to uServer (localhost normally)

The ISIS | 2500 uses two ports for this function and the ISIS | 7500 just uses 5004.


5005 UDP ISS/IXS status reporting to System Director


5015 TCP Management Console Administrative Login via https

Avid ISIS

5

ISIS Storage Manager, ISS, and IXS

5015 TCP Agent administrative login via https


5000 UDP System Director to System Director failover/resiliency control


5003 UDP Client, uServer and System Director to System Director control (well known port).


5004 UDP Administrative server and related to System Director (localhost normally)


5016 UDP ISIS transfer agent traffic.

ISIS System Director/Engine

6002 TCP Sentinel License Monitor — open http SafeNet Sentinel License Monitor httpd 7.3

ISIS | 5500 Environment only


3071 TCP Array Manager RAID management — open raid-mgt

ISIS Storage Element

5015 TCP Agent administrative login via https


49156 TCP MegaRaid Monitoring Agent — open ssl/megaraid-monitor

ISIS | 2500 Environment only


5004, 5009 UDP Administrative agent and related to uServer (localhost normally)

The ISIS | 2500 uses two ports for this function and the ISIS | 7500 uses 5004.

ISIS Clients

ISIS Windows Client

4000 — 4399 UDP or TCP Up to ISIS v1.3—ISIS port usage to/from System Director for Storage Manager Data Transfer, Storage Manager msg and System Director msg traffic

ISIS Windows Client

4200 — 4599 UDP or TCP ISIS v1.4 – v4.7 (TCP), v1.4 and higher (UDP)—ISIS Client port usage to/from System Director for Storage Manager Data Transfer, Storage Manager msg and System Director msg traffic

Also search the Avid Knowledge Base for “Network Requirements for ISIS and Interplay Production” at www.avid.com/US/support.

ISIS Windows Client

49152 — 65535 TCP ISIS v4.7 and higher (TCP only)—ISIS Client port usage to/from System Director for Storage Manager Data Transfer, Storage Manager msg and System Director msg traffic

Also search the Avid Knowledge Base for “Network Requirements for ISIS and Interplay Production” at www.avid.com/US/support.

ISIS Clients 5008 TCP ISIS Client transfer agent.


http://www.avid.com/US/support

http://www.avid.com/US/support

Avid ISIS

6

Port Usage for Active Directory in an Avid ISIS Environment

Avid ISIS supports Active Directory. Active Directory uses the following ports for both Active Directory client to the Domain Controller, and Domain Controller to Domain Controller communications. The following table lists all the Active Directory ports that may be used by the System Director and clients. The specific ports used depend on whether or not systems are members of the Active Directory domain and the types of services requested from the Active Directory resource.

ISIS Macintosh Clients

5016 — 5415 UDP or TCP ISIS Client access from System Director, data to and from Storage Manager.

ISIS Linux Clients 5016 — 5415 UDP ISIS Client access from System Director, data to and from Storage Manager.

ISIS and Avid NEXIS Clients

501750135014

ServerTCPUDP

The Avid Benchmark Utility agent is installed with all ISIS and Avid NEXIS client software installations. The network ports are configurable through the Avid Benchmark Utility Preferences.

• Server port: default setting is 5017

• TCP port: default setting is 5013

• UPD port: default setting is 5014


Active Directory Component Port Network Protocol

Active Directory (Avid ISIS LDAP implementation)

135 TCP

RPC endpoint mapper 135 TCP/UDP

Network basic input/output system (NetBIOS) name service 137 TCP/UDP

NetBIOS datagram service 138 UDP

NetBIOS session service 139 TCP

RPC dynamic assignment 1024 — 65535 TCP

Server message block (SMB) over IP (Microsoft-DS) 445 TCP/UDP

Lightweight Directory Access Protocol (LDAP) 389 TCP

LDAP ping 389 TCP

LDAP connectionless 389 UDP

LDAP over SSL 636 TCP

Global catalog LDAP 3268 TCP

Kerberos 88 TCP/UDP

Domain Name Service (DNS) 53 TCP/UDP

Avid MediaCentral Cloud UX

7


MediaCentral enables geographically disperse teams to connect, communicate, and work together more easily. Teams can access to MediaCentral through MediaCentral Cloud UX — an easy-to-use and task-oriented graphical user interface that runs on virtually any operating system or mobile device. Journalists, editors, producers, and other contributors can access tasks, projects, and media from anywhere, using any device, thus increasing efficiency.

MediaCentral Cloud UX requires users to sign into a web or mobile client in order to gain access to the underlying functionality. All data (user credentials, session information, user configuration settings, media images and files, text, and machine instructions) transfered between the client and server is transported in a secure manner to the MediaCentral Cloud UX server using HTTPS protocol.

MediaCentral Cloud UX clients that connect through the public Internet require VPN access into the server network. All connections pass through the VPN router/firewall through identified ports. Once the data has passed into the “house network” it is secured using the customer’s existing network security infrastructure.

Port Usage for Avid MediaCentral Cloud UX

The following table lists the ports leveraged by MediaCentral Cloud UX.

Additional notes regarding the Firewall column:

• YES: You must allow this port through your network to enable either external connections, or internal but geographically disperse locations in your organization.

• NO: Does not require any special access through network firewalls.

• Optional: Only required if you want to remotely access functionality associated with this component.

Component Port(s)Protocol and Direction Description Firewall

Active Directory(avid-iam, avid-login)

389or 636 (secure)

LDAP(S), Outbound These are the default ports suggested in the installer for connection to Active Directory. Alternatively, this could be an admin-specified custom port number.

MediaCentral Cloud UX v2021.3 changed the default port from 389 to 636.

YES

Active Directory(avid-iam)

3268 (default) or 3269 (SSL)

TCP Outbound Global catalog server connection.

Applies to v2018.11 and later.

YES

MediaCentral Cloud UX 443a HTTPS, Inbound Client connections YES

MediaCentral Distribution Service

8443 (default)

Can be customized.

HTTPS, Outbound

HTTP (custom possible)

This is the standard port number used to connect to MCDS. Alternatively, this could be an admin-specified custom port number.

YES

cAdvisor 4194 HTTP, Inbound Docker/Kubernetes metrics. NO

Kubernetes 30143 HTTPS Used to access the Kubernetes Dashboard. NO


8

Docker Registry and Chart Repository

30135 HTTP,Inbound/Outbound

Used internally by the cluster to download Docker images to other cluster nodes.

NO

Helm/Tiller 30134 HTTP, Inbound/Outbound

Used internally to deploy applications. NO

ACS Monitor 30800 HTTP, Inbound Used to access the Avid ACS Monitor Optional

RMQ Management 15672 HTTP, Inbound Port 15672 is specified when connecting to the RabbitMQ management web portal (<hostname>:15672). Firewall rule required if accessing management port from a remote subnet.

Optional

License Manager Service

443 HTTPS, Outbound Connection to Avid License Service NO

Playback 843 TCP, Inbound Flash Policy editor. Flash Player is used in Asset Management workflows that include the MAM Desktop or the MAM Cataloger.

As of v2020.9.1, port 843 is no longer used as the Flash player is depreciated.

YES

Playback 5000a TCP, Inbound Playback service (loading assets, serving JPEG images and audio, etc.). Outbound flow to client serving inbound requests.

YES

Playback 9080 HTTP(S), Inbound Used by icps-manager. This service manages player connections and load-balancing.

YES

Playback 26000 TCP, Inbound / Outbound

Internal rendering service. YES

Gateway 9900 HTTPS, Inbound Used by the ACS Gateway service. This port might be required to connect a service from another host, outside of Kubernetes.

Optional

Search API 30880 TCP inbound (v2019.2) HTTP (insecure) to provide Audio download to Search Grid

YES

XForm service 443 HTTPS, Inbound Back-end for STP capability within the MediaCentral Panel for Adobe Premier Pro

NO

Maestro News(Maestro asset service)

9030 TCP outbound (v2019.2) Thumbnails and images used in graphic templates

YES

MediaCentral Asset Management

9901 and 9911 (on MAM servers)

HTTPS, Inbound Used by services on the MediaCentral CloudUX server and by Asset Management services to talk to other Asset Management services.

These ports must be open between any MediaCentral CloudUX servers and the Asset Management servers, but client access is not required.

YES



9

MediaCentral Asset Management

9920 (on MAM servers)

FTP, Inbound Used to install and update packages.

These ports must be open between any MediaCentral CloudUX servers and the Asset Management servers, but client access is not required.

YES

MediaCentral Production Management

• Engine

• Media Indexer

• Media Services

• 80

• 61717

• 80, 8080

• HTTP, Outbound

• TCP, Outbound

• TCP, Outbound

Used to connect from Kubernetes to some components of MediaCentral Production Management.

YES

MediaCentral Ingest 8083 For integration with the MediaCentral Cloud UX Ingest app.

MediaCentral Publisher 443 HTTP, Outbound (v2020.9.5) Connection to Publisher back-end tunneling service. Source might use any port between 30500 and 31000.

YES

MediaCentral Cloud UX mobile app for iOS and Android

443

5000

HTTPS, Inbound

TCP, Inbound

Client connections

Playback

YES

YES

Media Composer Distributed Processing

9900 (secure) or 9966

HTTPS, Inbound Used by the ACS Gateway service Optional

30092a HTTP, Inbound This port is needed by remote and local sites for initial Kafka connection. This port is used to discover Kafka brokers (cluster).

YES

9092a HTTP, Inbound This port is used by clients to produce and consume messages from Kafka.

YES

Avid NEXIS or Avid ISIS

For details, see “Avid NEXIS” on page 2 or “Avid ISIS” on page 4.

NFS or CIFS

• NFS: TCP and UDP 111, 2049

• CIFS: UDP 137, 138, and TCP 137,139

TCP and UDP MediaCentral Asset Management configurations might require additional Network File System (NFS) or Common Internet File System (CIFS) ports.

If your media assets reside on a custom file system, see the documentation for that product to determine the required ports.

NO

Publish app: Social Media and User Settings

80443

HTTP, OutboundHTTPS, Outbound

Used when sending requests to services like Facebook, Twitter, and others.

HTTPS might also be required on client workstations to complete authorizations for Social Media API.

Optional


Avid MediaCentral | Sync

10

Avid MediaCentral | Sync

Avid MediaCentral Sync enables system administrators to synchronize MediaCentral Production Management metadata and Avid NEXIS or Avid ISIS media with one or more similarly configured Production Management workgroups. Administrators can create, monitor, and manage synchronization tasks through an intuitive web-based user interface.

Built on the MediaCentral Platform, MediaCentral Sync shares many of the ports used by MediaCentral Cloud UX. The following table lists the ports that are specific to the MediaCentral Sync workflow.

In addition to these ports, you must ensure that your MediaCentral Sync server can connect to your Avid Shared Storage systems. For more information about these ports, see “Avid NEXIS” on page 2 or “Avid ISIS” on page 4.

Additional notes regarding the Firewall column:

• YES: You must allow this port through your network to enable external connections.

• NO: Does not require any special access through network firewalls.

• Optional: Only required if you want to remotely access functionality associated with this component.

Publish app: CMS 21 or higher TCP, Outbound Port 21 might be used when uploading content to external CMS systems. If your CMS system uses Passive FTP, you might need to open additional ports. Consult your CMS system's documentation for more information.

Optional

Kafka 30092a HTTP, Inbound (v2019.6) This port is needed by remote and local sites for initial Kafka connection. This port is used to discover Kafka brokers (cluster).

YES

Kafka 9092a HTTP, Inbound (v2019.6) This port is used by clients to produce and consume messages from Kafka.

YES

Kafka 9093a HTTPS, Inbound (v2019.6) Kafka TLS/SSL (Reserved, not currently in use).

NO

Kafka 9094a HTTPS, Inbound (v2019.6) Kafka TLS/SSL Secure - Reserved, not currently in use).

NO

Kibana 30001 HTTPS (v2019.6) Kibana front-end, an optional monitoring component.

Optional

Grafana 30003 HTTPS (v2019.6) Grafana front-end, an optional monitoring component.

Optional

a. These ports must be open between sites when configured in a Multi-Site environment.


Avid MediaCentral Production Management

11


MediaCentral Production Management (formerly Avid Interplay Production) is a non linear workflow management system that is able to connect editors, producers, designers, animators, writers, assistants, administrators—even finance and legal departments—in a real-time nonlinear production environment. A Production Management workgroup often consists of multiple interconnected servers that provide services to clients and each other.

Port Usage for Avid MediaCentral Production Management

The following table lists the ports leveraged by MediaCentral Production Management.


MediaCentral Cloud UX 443 HTTPS, Inbound Client connections YES

CIFS communication 137, 138 UDP, Inbound / Outbound

Required between MediaCentral Sync and every Production Management host.

Note: Also required between all Production Management hosts to exchange files.

No

139, 445 TCP, Inbound / Outbound

No

Gateway 9900 HTTPS, Inbound Communication between the Production Management Sync Service and MediaCentral Sync.

YES

9900 TCP, Inbound Communication between the Production Management Sync Service and MediaCentral Sync

Note: Also required between all Production Management hosts.

YES

RMQ Management 15672 HTTP, Inbound Port 15672 is specified when connecting to the RabbitMQ management web portal (<hostname>:15672). Firewall rule required if accessing management port from a remote subnet.

Optional

Kubernetes 30143 HTTPS Used to access the Kubernetes Dashboard. NO

ACS Monitor 30800 HTTP, Inbound Used to access the Avid ACS Monitor Optional


Access 8321 UDP Server browser

80 TCP Server communication

Access can also be a Media Indexer client (update media status, Resync), Media Services client (status tool plugin and submit jobs to archive and Transcode), and Transfer Engine client (status tool plugin, initiate WG2WG transfers); see appropriate sections.

Active Directory 135 TCP RPC for Active Directory / Windows Domain Authentication


12

Archive Providera 1433 TCP #Microsoft-SQL-Server (ms-sql-s)

1433 UDP #Microsoft-SQL-Server (ms-sql-s)

1434 TCP #Microsoft-SQL-Monitor (ms-sql-m)

1434 UDP #Microsoft-SQL-Monitor (ms-sql-m)

8192 TCP #FlashNetBackupClient (sdss)

Assist Assist uses Access ports for Interplay Engine communication. It is also a Media Indexer client. See appropriate sections for port usage.

Avid Service Framework (ASF)

Ports are dynamic and services register themselves with firewall to use any port.

161, 162 UDP SNMP and SNMP Traps

0 - 1024 (dynamic)

TCP Codebase http server.

(dynamic) TCP Jini™ ERI ServerConnectionManager

(dynamic above 1024))

TCP Jini™ ERI ConnectionManager.

4160 TCP Jini™ Discovery

4160 UDP Jini™ Discovery

Cluster Service 135 TCP RP; also used by Distributed Link Tracking Server - Service Name TrkSvr and Distributed Transaction Coordinator - Service Name MSDTC).

Random TCP Randomly allocated high TCP ports; also used by Distributed Link Tracking Server (service name: TrkSvr) and Distributed Transaction Coordinator (service name: MSDTC).

3343 UDP Cluster Services (service name: ClusSvc)

Delivery Service 80 TCP Communication with Interplay Engine

61616, 61717 TCP Communication with Media Index servers identified in the Interplay Administrator tool.

The Delivery Service also requires Avid Service Framework port connections.

Delivery Receiver Service

33321 TCP Command port. Identified in the Interplay Administrator tool under Server Hostname Settings. This port can be changed through the Interplay Administrator tool.

20020-21020 TCP Data ports. To change the default port numbers or select a smaller number of ports, see the Production Services Setup and User’s Guide. You only need one port for each active delivery job.

DNS 53 UDP/TCP DNS Client



13

Instinct Instinct uses Access ports for Interplay Engine communication. It is also a Media Indexer client. Instinct is also an iNEWS client. See appropriate sections for port usage.

Interplay Engine 8321 UDP Server browser

80 TCP Client communication

LDAP 389 TCP

636 If SSL is enabled

Media Indexer 61616, 61717 TCP 61717 is used by most clients to connect to MI. 61616 is used in special cases, such as using the Interplay Administrator tool to configure MI Server nodes or for manual testing of connections.

6155 TCP/UDP Since v3.0, this port is used for internal communication between HAG or NOMI (Network of Media Indexers) nodes.b

8888, 8889, 8890 TCP One of these ports is used to serve the Media Indexer web page. First free port is used. In almost all cases that means 8888.

8443, 8444, 8445 TCP One of these ports is used to serve the secured web interface.

24444-24450 TCP One of these ports is used to serve the jmx interface. In almost all cases that means 24444.

Media Services Engine

8080 TCP Listen for editor clients (SOAP)

1099 TCP Listen; RMI protocol for providers and Status/Admin tool

42000-42060 TCP If 1099 not available

Media Services Status Tool

1099 TCP Outbound; RMI protocol for providers and Status/Admin tool


Media Composer / NewsCutter

21 TCP Required for NRCS tool

8080 TCP Outbound; Media Services connection to Media Services Engine (SOAP)

58000 TCP HTTP communication with the Background Transcode broker

Media Composer with the NewsCutter option uses Access ports for Engine communication. It also runs the Interplay Framework and a local Media Indexer; see appropriate sections for port usage.


Background Transcode on the editor system

58001 TCP/IP Communication between Background Transcode broker and other clients.

8888 TCP/IP Connection to the Media Indexer web interface

8185 TCP/IP Background Transcode status


Dynamic Media Folders (DMF)

58885

58886

TCP/IP

TCP/IP

Local communication with the DMF service

Local communication with the DMF support service on a Mac OS X system


Avid MediaCentral Newsroom Management

14


MediaCentral Newsroom Management (formerly Avid iNEWS) provides journalists, producers, directors, and various technical personnel in the newsroom with an array of tools to make their job easier. It is primarily made up of Newsroom Management Workstations, linked together via a local or wide area network, and the Newsroom Management Server, which manages all the day-to-day activities of the newsroom.

Port Usage for Avid MediaCentral Newsroom Management

The following table lists the ports leveraged by MediaCentral Newsroom Management.

ProEncode Client 8080 TCP/IP SOAP Connection to Media Services (TCP, outbound) - run on editing systems (NewsCutter)

Transfer Cache 1099 TCP Listen; RMI protocol for providers and Status/Admin tool


6539 TCP Outbound for Transfer Engine status

Transfer Engine 6532 TCP/IP Media Connectivity tool (defined in system32\drivers\etc\services com.avid.mct). The Transfer Engine listens on this port for requests from other Transfer Engines (for example, initiating a workgroup transfer.).

6535 TCP/IP Playback protocol (defined in system32\drivers\etc\services com.avid.pbp). This is the default port used by Transfer Engine for connecting to Playback Servers (AirSpeed, etc.). This is configurable for some playback servers.

6539 TCP/IP Transfer Engine (defined in system32\drivers\etc\services com.avid.pbp com.avid.xmgr). The TM Server listens on this port for incoming requests from the TM Client.

1024 and higher TCP Data ports for Passive mode. Passive mode range is dynamic above 1024.

Web Services 80 TCP Communication with Interplay Engine.

Also see Delivery Receiver for information on Web Services for Media Composer Cloud Remote option.

a. These values are for SGL connections. For other third party archive solutions, see the third party documentation.b. The Media Indexer servers in the Network of Media Indexers (NOMI) communicate via Multicast. This has been the case since

Interplay v3.x. It usually does not require any special configuration because the MI servers in a NOMI typically reside in the same network segment (subnet). However if the members of the NOMI connect to separate switches for any reason, additional configuration may be required to propagate multicast packets (at layer 2) between switches. For more information, see “Network Requirements for Avid NEXIS, and MediaCentral” on the Avid Knowledge Base. Note that the local Media Indexers on the editors do not require Multicast communication with the servers. Multicast communication is only required between the Media Indexer servers. The multicast address used is 239.255.2.3 on UDP port 6155.


Port Protocol Purpose

1 TCP iNEWS Inter-system Messaging


15

21 TCP (FTP) FTP into iNEWS database: Teleprompters, NewsCutter newsroom system tool, Data Receiver

22 TCP/UDP ssh

25 TCP/UDP sendmail

67 UDP Used by PCU's to obtain an IP address via bootp

80 TCP http Web Access, for read-only database access

513 TCP/UDP rlogin

600 TCP FTP into Linux partition (obsolete in iNEWS 2.5 and later - see port 49152)

698 TCP/ UDP Might be required for Web access through cgi-bin

699 TCP Used by dbvisit (maintenance program) for on-line dbvisits

921 TCP Used by MOS Gateway to support “roStorySend” and replication workflow

For more information, see the 2021.7 MOS Gateway ReadMe and Ops Guide.

1019 TCP Server listens for client connections: iNEWS Workstation, Web Client, iNEWS COM, Data Receiver, iNEWS Instinct.

1020 TCP Network dbdump / dbrestore between iNEWS Servers

1020 UDP Server updates/notifications sent to client, specified by client. Each client running on a machine must bind to a unique socket. If a user intends to run N sessions of iNEWS on the same machine, then ports 1020 through 1020 + (N–1) must be opened in the firewall. (TCP and UDP)

1020 TCP Search results sent to client from server, specified by client. Each client running on a machine must bind to a unique socket. If a user intends to run N sessions of iNEWS on the same machine, then ports 1020 through 1020 + (N–1) must be opened.

1022 TCP iNEWS bioserver communication. Each bioserver is connected to every other bioserver. On an ABC system the A bioserver has a connection to both the B and C bioservers, The B bioserver is connected to the A and C bioservers. The C bioserver is connected to the A and B bioservers.

1023 TCP Used by connect and reconnect commands during startup

5901 TCP/SCTP First remote access port for VNC to Linux UI, might have more than one VNC session configured (5902, 5903, and so on). These are not required to run iNEWS.

6100 TCP FTS indexing (configurable)

6101 TCP FTS searching (configurable)

6825 TCP Monitor for ControlAir

6826 TCP Monitor for MOS

6827 TCP Monitor for iNEWS Command

49152 TCP

TCP (FTP)

Telnet (obsolete in iNEWS 2.5 and later - see port 49153)

FTP into Linux Partition

49153 TCP Telnet

Port Protocol Purpose

Avid MediaCentral Capture

16

Avid MediaCentral Capture

Avid MediaCentral Capture (also known as Capture) is a newsroom ingest tool that enables automated recordings. It is comprised of individual applications, which allow you to schedule and monitor recordings, and to capture video from a video feed or VTR. Capture stores its schedule and other metadata in the MediaCentral Production Management database, which allows for easy access to the captured material within the Production Management environment.

Port Usage for Avid MediaCentral Capture

The following table lists the ports leveraged by Avid MediaCentral Capture.

Avid Ingest and Playout

Avid AirSpeed adds cost-efficient play to air capability, slow motion playback and support for both Avid and third party editing systems. Router Control provides additional ingest support and iNEWS Command provides advanced playout support for both Avid and third party devices alike.

Port Usage for Avid Ingest and Playout Solutions

The following table lists the ports leveraged by Avid products used in a broadcast environment.


Avid Service Framework

(ASF)

4160 TCP Jini™ Discovery.

4160 UDP Jini™ Discovery.

Capture Clienta

a. These are Windows dynamic port range. The range can be reduced to address security reasons.

49152-65535 TCP Communication between Client and Server.

49152-65535 UDP Communication between Client and Server.

Avid MediaCentral Platform Services

17


MediaCentral Platform Services delivers workflow tools for media professionals through both Web and mobile applications. Through MediaCentral UX, users can access Avid iNEWS, Interplay Production, Interplay MAM, or all three.

A MediaCentral UX client requires user login credentials in order to gain access to the underlying functionality. All data (user credentials, session information, user configuration settings, media images and files, text, and machine instructions) transfered between the client and server is transported in a secure manner to the MediaCentral Platform Services server using HTTPS protocol.


AirSpeed 5000, 5500

6001 TCP Required for communication with Capture Manager. This port is not required for use with MediaCentral Capture (Interplay Capture).

6530 - 6533 TCP Communication port reserved for AirSpeed applications.

6534 TCP Default port for transferring AVC-Intra, DNXHD, and SD media.

6535 TCP Communication port reserved for AirSpeed applications.

6536 TCP Default port for transferring MPEG-2 HD (XDCAM) media.

6537 - 6539 TCP Communication port reserved for AirSpeed applications.

59440 - 59480 TCP Required by AirSpeed Remote Console and AMS-API if deployed outside a firewall. Maximum of 10 connections per port.

21 FTP Default port used to transfer MXF OP1A files in or out. See “The FTP Folders Page” in the Avid AirSpeed 5000 / AirSpeed 5500 Administrator’s Guide for details.

Router Control Varies Varies Ports used for communication with 3rd party routers vary. See the manufacturer's documentation for specific port information.

iNEWS Command 8900 TCP Avid UMD Device Service uses port 8900 by default, but this can be altered through manual configuration. See the iNEWS Command Installation Guide for details.

443, 3443 TCP Avid License Control - for license request and response communication. Port 3443 is the primary port, but if this port is blocked, the Activation Service tries port 443, which is more likely to be open for Web communication.

475 TCP DekoMOS Gateway. The port number where the Net HASP checks for connections. This port can be altered. See the iNEWS Command Installation Guide for details.

10543, 10544 TCP DekoMOS Macro Server. The Playback Port text box and the Local IP Port text box are 10544 and 10543, respectively, by default.

10540, 10541 TCP Configuring MOS settings in Command. The defaults, as defined in the MOS protocol specifications, are 10541 (upper) and 10540 (lower).


18

MediaCentral UX clients that connect through the public Internet require VPN access into the server network. All connections pass through the VPN router/firewall through identified ports. Once the data has passed into the “house network” it is secured using the customer’s existing network security infrastructure.

Users connected within the corporate LAN/WAN would not typically use VPN access but would likely need to pass through firewalls and other network security devices with ACLs before accessing the Avid Interplay network.

External Port Usage for Avid MediaCentral Platform Services

Note that the MediaCentral Web service and MediaCentral application services operate on the same server so there are no proxies or firewalls between these components. Access to MediaCentral databases is also direct, with no database firewall protection required.

The following table lists the ports used by MediaCentral Platform Services server that should be allowed through the VPN firewall.

n Outbound ACLs should be used to allow packets from the MediaCentral server to the client over “established” TCP sessions only. The “established” keyword indicates that packets belong to an existing connection if the TCP datagram has the Acknowledgment (ACK) or Reset (RST) bit set.

Component Port Protocol and Direction Purpose

MediaCentral UX web application

80, 2600 TCP Inbound MediaCentral Playback Services (MCPS) HTTP calls

File streaming from MCPS

443 Secure TCP Inbound MediaCentral HTTPS calls

Communication with MediaCentral server

843 TCP Inbound Serving Flash Player socket policy files

5000 TCP Inbound Playback service (loading assets, serving JPEG images and audio, etc.). Outbound flow to client serving inbound request.

MediaCentral UX mobile applications

80 TCP Inbound MediaCentral Playback Services (MCPS) HTTP calls




Media Distribute 21 Outgoing FTP data Communication over port 21 is only required for XML transfer to generic CMS or OVP endpoints or for media transfers to the WorldNow CMS system.

80 or 443 Outgoing HTTP or HTTPS Connection to web

3128 HTTP Outgoing If ServiceMix will be used with a proxy server, 3128 is the default port.

For more information on configuring a proxy server for Media Distribute, see the Media Distribute Installation and Configuration Guide.


19

Multi-Zone and Media Index configurations require additional ports to enable communication between the zones. While the ports in the table below are considered “external”, they are similar to internal ports in that they should only be open between controlled data centers.

n Avid does not test or support firewalled connections between zones in a Multi-Zone configuration. If required, zone communication can be limited by source IP ranges.

Internal Port Usage for Avid MediaCentral Platform Services

The following table lists the internal ports leveraged by the Avid MediaCentral Platform Services servers.


Multi-Zone configurations

22 TCP A secure (SSH) connection between zones is required when configuring multi-zone.

80, 2600 TCP Inbound MediaCentral Playback Services (MCPS) HTTP calls




843 TCP Inbound Serving Flash Player socket policy files

5000 TCP Inbound Playback service (loading assets, serving JPEG images and audio, etc.). Outbound flow to client serving inbound request.

5432 UMS/Postgres Replication

5671 AMQP over SSL/TCP Inbound and Outbound

Federated link data encryption for RabbitMQ

n Encrypting RabbitMQ data between zones requires additional configuration on the MCS servers. For details, see “Enabling RabbitMQ Data Encryption Across Zones” in the MCS Installation and Configuration Guide.

5672 AMQP Multi-Zone configurations require AMQP protocol and port 5672 be accessible between zones/machines

15672 REST API / Management UI RabbitMQ Rest API for the federation configuration

MongoDB 28001 Required for MCS 2.6 and later.

27100-27150 (depending on number of zones)

Required for the avid-iam deployment of sharded Mongo in v2.6 and later. In a multi-zone configuration, each zone uses a separate communication port. For example in a multi-zone configuration consisting of three zones, ports 27100, 27101, and 27102 are used.

Media Index Custom ports configured in /etc/elasticsearch-tribe/elasticsearch.yml must be allowed to cross the firewall. See “Port Usage for Avid Media Index” on page 22 for details.


20

Service Name Port Notes

MediaCentral UX 443 Port 443 relates to communication. 443 is used by RabbitMQ, ACS core bus and MediaCentral

MediaCentral Playback Services (MCPS)

843 (Flash), 80, 5000, 26000 Externally exposed service through ports 843 and 5000

MCPS Manager 80 Externally exposed service through port 80

MediaCentral Platform Services

8000 (optional Admin UI), 8183 (bus cluster info)

ACS Monitor is exposed through port 8000

Avid Upstream 8080 avid-upstream service port for MCS 2.6 and higher

Nginx 8480 Connects to avid-interplay-central service. Port 8480 is used with MCS 2.6 and higher. Prior to that release, port 8080 was used.

ISIS See ISIS Linux Client within the Avid ISIS port usage chart.

RabbitMQ 5672 (AMQP), 15672 (Management UI/ REST API)

Port 15672 is specified when connecting to the RabbitMQ management site (<hostname>:15672) or when calling the REST API (for multi-zone). Firewall rule required if accessing management port from a remote subnet.

MongoDB 27017, 27018, 28001 MCS v2.6 added ports 27018, 28001 and 271xx.

27100-27150 (depending on number of zones) In a multi-zone configuration, each zone uses a separate communication port. For example in a multi-zone configuration consisting of three zones, ports 27100, 27101, and 27102 are used.

27200, 28201, and 27218 MCS v2.9 added ports 27200, 28201, and 27218 for the avid-asset deployment of sharded MongoDB.

29200 - 292xx and 30201 - 302xx Depending on the configuration, ports 292xx and 302xx might be used in a multi-zone environment. The number of ports depends on the number of zones.

22 A secure (SSH) connection between the cluster nodes and the arbiter is required by the sharded MongoDB configuration script.

Postgresql 5432


21

Clustering 25672 and 4369 Ports 25672 and 4369 are used to join the nodes together in a local cluster.

Multi Zone 9999 The User Management Service (UMS) connects to pgpool internally through 9999. pgpool then connects on port 5432 to the Master zone. Port 9999 is only used in slave zones.

Users - Domain Import Default port 389, 636 (SSL) Port used to communicate to the Domain Controller.

System 22, ICMP, 111, 24007, 24008, 24009-(24009 + number of bricks across all volumes for gluster).

If you will be using NFS, open additional ports 38465-(38465 + number of Gluster servers).

MAM configuration might require additional NFS ports (111, 2049 tcp&udp) or CIFS (137,138 udp and 137,139 tcp). Other file systems will have to be checked individually (Isilon, Harmonic Omneon, etc.).

9900 (secure) / 9966 (unsecured)

9500

Used by the acs-gateway service.

Ports 9900 and 9966 are used with MCS v2.8 and later.

Port 9500 is used with MCS v2.7.x and earlier.

11233 (TCP) Port used by avid-acs-watchdog – a basic health check helper for ACS components.

8085 Enables access the /opt/avid/Packages directory. This port is used during the sharded Mongo - add arbiter process.

Packages folder available at http://<server>:8085/Packages/

MediaCentral Asset Management (formerly Interplay MAM)

9920 FTP port used for accessing media from MAM storage.

Media Distribute 8676 Connection to Telestream Vantage transcode service.

1120 Connection to Harmonic ProMedia Carbon transcode service.

20 and 21 TCP connection used by Media Distribute to retrieve files from Interplay MAM.



22

Port Usage for Avid Media Index

The Media Index API is exposed through ACS bus technology. A client accesses the Media Index API through the MediaCentral middleware and ACS bus.

The following table lists the ports leveraged by Avid Media Index.

* Indicates external port which requires access through firewall.

MediaCentral Distribution Service (hosted on a separate Windows server)

8080 or 8890 In MediaCentral UX 1.x, the MCDS service used port 8080 for normal http communication. In MediaCentral UX v2.0 / MCDS v3.1, the port changed to 8890. This change allows MCDS to be installed on the same server as the Production Services Engine (if desired). Port 8443 is used for http security protocol.



Elasticsearch 9200* HTTP Elasticsearch HTTP calls. Optionally, this port can be added as a firewall exception for accessing the Elasticsearch “head” plug-in at:

http://<server_name>:9200/_plugin/head

9300* TCP Elasticsearch node to node communication

Elasticsearch-tribe 9201* HTTP Elasticsearch-tribe HTTP calls. Optionally, this port can be added as a firewall exception for accessing the Elasticsearch “head” plug-in at:

http://<server_name>:9200/_plugin/head

9305 TCP Internal Elasticsearch-tribe node to node communication

9312 TCP Elasticsearch tribe local cluster binding port

931x* TCP In a multi-zone configuration, each remote zone will have its own Elasticsearch tribe binding port. Port number is incremented by 1 from the local binding port number, for example:

• local: 9312

• remote 1: 9313

• remote 2: 9314

• remote n: 931n

avid-acs-media-index-feed

3000 HTTP The Media Index feed API provides an HTTP endpoint that exposes the RSS/ATOM feed with the latest updates from the Media Index database

Revision History

23

Revision History

The following table lists the changes made to the Avid Networking Port Usage Guide:

Copyright © 2021 Avid Technology, Inc. and its licensors. All rights reserved. Created 10/6/21

Date Revised Changes Made

August 24, 2021 Added Avid MediaCentral | Capture and updated Avid NEXIS ports.

June 24, 2021 Added Avid MediaCentral | Sync

Added information related to Media Composer Distributed Processing to the MediaCentral Cloud UX port table.

May 13, 2021 Added Avid MediaCentral | Cloud UX v2021.3.

October 30, 2020 Comment for MediaCentral | Cloud UX port 843.

October 9, 2020 Added port 443 for Avid NEXIS System Director for HTTPS protocol

September 30, 2020 Added Avid MediaCentral | Cloud UX v2020.9.

September 21, 2020 Added Avid | Edit On Demand ports section.

April 17, 2020 Added clarification to MediaCentral Cloud UX ports required for Multi-Site environments.

October 21, 2019 Corrections for MediaCentral Cloud UX Kafka ports

July 29, 2019 Added more ports for Avid NEXIS

June 27, 2019 Added ports for Avid MediaCentral | Cloud UX 2019.6.

March 1, 2019 Added ports for Avid MediaCentral | Cloud UX 2019.2 when integrating with Maestro | News and MediaCentral Phonetic Index.

January 2, 2019 Added ports for Avid MediaCentral | Cloud UX.

avid networking port usage guide

Documents