Difference between revisions of "Network Requirements"

From IVS Wiki
Jump to: navigation, search
(Basic Configuration)
(Architecture and Terms)
 
(18 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
<div class="grid-item">
 
<div class="grid-item">
 
==Architecture and Terms==
 
==Architecture and Terms==
<div class="floating_card">Our software is built on the standard LAMP <em>(Linux, Apache, MYSQL, and PHP)</em> architecture. The software has been designed to work on the latest LTS version of Ubuntu Linux. For networking purposes, there are 2 main components to the software application:</div>
+
<div class="floating_card">Our software is built on the standard LEMP <em>(Linux, Nginx, MYSQL, and PHP)</em> architecture. The software has been designed to work on the latest LTS version of Ubuntu Linux. For networking purposes, there are 2 main components to the software application:</div>
  
 
<div class="section">
 
<div class="section">
 
'''Application Server:'''  This makes up the bulk of the application and consists of 3 primary components:  
 
'''Application Server:'''  This makes up the bulk of the application and consists of 3 primary components:  
*PHP web pages being served up by the Apache web server
+
*PHP web pages being served up by the Nginx web server
 
*MySQL Database
 
*MySQL Database
 
*NodeJS messaging and control service
 
*NodeJS messaging and control service
Line 20: Line 20:
  
 
<div class="grid-item">
 
<div class="grid-item">
 +
 
==Visual Overview==
 
==Visual Overview==
 
{{img - no click | file = VALT Server Structure.png | width =}}
 
{{img - no click | file = VALT Server Structure.png | width =}}
Line 71: Line 72:
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
      <td>TCP 20100</td>
+
       <th colspan=6>For Administration</th>
      <td>HTTP</td>
 
      <td>Node.js</td>
 
      <td>Client</td>
 
      <td>Application & Media Server</td>
 
    </tr>
 
    <tr>
 
       <th colspan=6>For Administration Only</th>
 
 
     </tr>
 
     </tr>
 
     <tr class="help" title="Required only for Administration" style="background-color:#e5ecff">
 
     <tr class="help" title="Required only for Administration" style="background-color:#e5ecff">
Line 200: Line 194:
 
       <td>Application & Media Server</td>
 
       <td>Application & Media Server</td>
 
       <td>http://security.ubuntu.com</td>
 
       <td>http://security.ubuntu.com</td>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 80</td>
 +
      <td>HTTP</td>
 +
      <td>Ubuntu</td>
 +
      <td>Application & Media Server</td>
 +
      <td>http://kazooie.canonical.com</td>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 80</td>
 +
      <td>HTTP</td>
 +
      <td>Ubuntu</td>
 +
      <td>Application & Media Server</td>
 +
      <td>http://banjo.canonical.com</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 242: Line 250:
 
       <td>Application & Media Server</td>
 
       <td>Application & Media Server</td>
 
       <td> https://download.docker.com</td>
 
       <td> https://download.docker.com</td>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 443</td>
 +
      <td>HTTPS</td>
 +
      <td>Docker</td>
 +
      <td>Application & Media Server</td>
 +
      <td> https://docker.ipivs.com</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>
Line 259: Line 274:
 
       <th>Source</th>
 
       <th>Source</th>
 
       <th>Destination</th>
 
       <th>Destination</th>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 22</td>
 +
      <td>SSH</td>
 +
      <td>OS</td>
 +
      <td>Application Server</td>
 +
      <td>Media Server</td>
 +
    </tr>
 +
    <tr class="help" title="Required only when SSL is Enabled" style="background-color:#E5FFEB">
 +
      <td>&#128274; TCP 444</td>
 +
      <td>HTTPS</td>
 +
      <td>Wowza Streaming Engine</td>
 +
      <td>Application Server</td>
 +
      <td>Media Server</td>
 +
    </tr>
 +
    <tr class="help" title="Required only when SSL is Disabled" style="background-color:#FFEBE5">
 +
      <td>&#128275; TCP 1935</td>
 +
      <td>HTTP</td>
 +
      <td>Wowza Streaming Engine</td>
 +
      <td>Application Server</td>
 +
      <td>Media Server</td>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 8000</td>
 +
      <td>HTTP/HTTPS</td>
 +
      <td>Wowza Streaming Engine</td>
 +
      <td>Application Server</td>
 +
      <td>Media Server</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 284: Line 327:
 
       <th>Source</th>
 
       <th>Source</th>
 
       <th>Destination</th>
 
       <th>Destination</th>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 22</td>
 +
      <td>SSH</td>
 +
      <td>OS</td>
 +
      <td>Media Server</td>
 +
      <td>Application Server</td>
 
     </tr>
 
     </tr>
 
     <tr class="help" title="Required only when SSL is Disabled" style="background-color:#FFEBE5">
 
     <tr class="help" title="Required only when SSL is Disabled" style="background-color:#FFEBE5">
Line 338: Line 388:
 
       <th>Source</th>
 
       <th>Source</th>
 
       <th>Destination</th>
 
       <th>Destination</th>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 80</td>
 +
      <td>HTTP</td>
 +
      <td>Media Server</td>
 +
      <td>wowzalicense-all.wowzamedia.com</td>
 
     </tr>
 
     </tr>
 
     <tr>
 
     <tr>
Line 362: Line 418:
 
       <td>Media Server</td>
 
       <td>Media Server</td>
 
       <td>wowzalicense4.wowzamedia.com</td>
 
       <td>wowzalicense4.wowzamedia.com</td>
 +
    </tr>
 +
</table>
 +
 +
==VALT Cloud==
 +
<div class="floating_card">
 +
VALT Cloud is a hybrid solution that requires an on-premise server and a cloud server.
 +
 +
The cloud server is the Application Server. This hosts the website where users will access the application.
 +
 +
The on-premise server is a Media Server. This hosts the camera streams and recordings.
 +
 +
 +
The on premise media server will establish a connection to the VALT AWS Private Cloud. All traffic will flow through this connection. This connection requires the following ports:
 +
</div>
 +
 +
<table class="network_ports_table">
 +
  <caption>On-Premise Media Server to Cloud Application Server</caption>
 +
    <tr>
 +
      <th>Port</th>
 +
      <th>Source</th>
 +
      <th>Destination</th>
 +
    </tr>
 +
    <tr>
 +
      <td>UDP 500</td>
 +
      <td>On-Premise Media Server</td>
 +
      <td>Cloud Application Server</td>
 +
    </tr>
 +
    <tr>
 +
      <td>UDP 4500</td>
 +
      <td>On-Premise Media Server</td>
 +
      <td>Cloud Application Server</td>
 +
    </tr>
 +
    <tr>
 +
      <td>GRE</td>
 +
      <td>On-Premise Media Server</td>
 +
      <td>Cloud Application Server</td>
 +
    </tr>
 +
</table>
 +
<div class="floating_card">
 +
VALT Cloud utilizes Let's Encrypt to provide SSL certificates. The On-Premise Media Server must be able to communicate with the following websites to request the certificate:
 +
</div>
 +
<table class="network_ports_table">
 +
  <caption>Let's Encrypt</caption>
 +
    <tr>
 +
      <th>Port</th>
 +
      <th>Protocol</th>
 +
      <th>Source</th>
 +
      <th>Destination</th>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 443</td>
 +
      <td>HTTPS</td>
 +
      <td>On Premise Media Server</td>
 +
      <td>https://acme-v02.api.letsencrypt.org</td>
 +
    </tr>
 +
    <tr>
 +
      <td>TCP 443</td>
 +
      <td>HTTPS</td>
 +
      <td>On Premise Media Server</td>
 +
      <td>https://route53.amazonaws.com</td>
 
     </tr>
 
     </tr>
 
</table>
 
</table>

Latest revision as of 10:59, 31 October 2024

Architecture and Terms

Our software is built on the standard LEMP (Linux, Nginx, MYSQL, and PHP) architecture. The software has been designed to work on the latest LTS version of Ubuntu Linux. For networking purposes, there are 2 main components to the software application:

Application Server: This makes up the bulk of the application and consists of 3 primary components:

  • PHP web pages being served up by the Nginx web server
  • MySQL Database
  • NodeJS messaging and control service

Media Server: This portion of the application handles all the communication with the cameras and video streams being served out to the client PCs. It also handles all the recording and clip creation.

From a physical or virtual server perspective, the entire server side software stack can be run on a single server. For applications requiring more than 50 cameras or consisting of different departments the software can be broken out and additional Media Servers can be added. These servers only run the Media Server portion of the VALT application.

Visual Overview

VALT Server Structure.png

Basic Configuration

Client to Application & Media Server(s)
Port Protocol Service Source Destination
🔓 TCP 80 HTTP Web Application Client Application Server
🔓 TCP 1935 WS Video Streaming Client Application & Media Server
🔒 TCP 443 HTTPS Web Application Client Application Server
🔒 TCP 444 WSS Video Streaming Client Application & Media Server
TCP 8000 HTTP/HTTPS* Downloads/Wowza webserver Client Application & Media Server
For Administration
🔧 TCP 22 SSH SSH Client Application & Media Server
🔧 TCP 8088 HTTP Wowza admin Client Application & Media Server

🔓 Required when SSL is Disabled 🔒 Required when SSL is Enabled 🔧 Required only for Administration


Media Server(s) to Camera(s)
Port Protocol Service Source Destination
TCP 80 HTTP Web Application/API Media Server Camera
TCP 554 RTSP Video Stream Media Server Camera

BEAM (Mobile Application)

Only required for those who have purchased BEAM licenses.
BEAM is an application that allows users to leverage devices, such as iPads and iPhones, as a mobile video endpoint. This includes the following features:
  • Live streaming to VALT
  • Recording sessions
  • Uploading sessions
BEAM Device(s) to Media Server
Port Protocol Service Source Destination
🔓 TCP 80 HTTP BEAM API/HTTP Upload BEAM Device Media Server
🔒 TCP 443 HTTPS BEAM API/HTTPS Upload BEAM Device Media Server
TCP 444 RTMP Video Streaming BEAM Device Media Server
TCP 1935 RTMP Video Streaming BEAM Device Media Server

🔓 Required when SSL is Disabled 🔒 Required when SSL is Enabled

Online Updates

Valid DNS servers are required to download updates
Application & Media Server(s) to Repositories
Port Protocol Package Source Destination
TCP 80 HTTP Ubuntu Application & Media Server http://us.archive.ubuntu.com
TCP 80 HTTP Ubuntu Application & Media Server http://security.ubuntu.com
TCP 80 HTTP Ubuntu Application & Media Server http://kazooie.canonical.com
TCP 80 HTTP Ubuntu Application & Media Server http://banjo.canonical.com
TCP 80 HTTP IVS Application & Media Server http://apt.ipivs.com
TCP 80 HTTP Ondrej Apache/PHP Application & Media Server http://ppa.launchpad.net
TCP 443 HTTPS Ondrej Apache/PHP Application & Media Server https://ppa.launchpadcontent.net
TCP 443 HTTPS Ubuntu Changelogs Application & Media Server https://changelogs.ubuntu.com
TCP 443 HTTPS Node Application & Media Server https://deb.nodesource.com
TCP 443 HTTPS Docker Application & Media Server https://download.docker.com
TCP 443 HTTPS Docker Application & Media Server https://docker.ipivs.com

Application Server to Additional Media Server(s)

Only required for installations where additional servers, acting as Media Servers, are present.
Application Server to Media Server(s)
Port Protocol Service Source Destination
TCP 22 SSH OS Application Server Media Server
🔒 TCP 444 HTTPS Wowza Streaming Engine Application Server Media Server
🔓 TCP 1935 HTTP Wowza Streaming Engine Application Server Media Server
TCP 8000 HTTP/HTTPS Wowza Streaming Engine Application Server Media Server
TCP 8086 HTTP/HTTPS Wowza Streaming Engine Application Server Media Server
TCP 8087 HTTP Wowza Streaming Engine Application Server Media Server
Media Server(s) to Application Server
Port Protocol Service Source Destination
TCP 22 SSH OS Media Server Application Server
🔓 TCP 80 HTTP Wowza Streaming API Media Server Application Server
🔒 TCP 443 HTTPS Wowza Streaming API Media Server Application Server
TCP 8086 HTTP/HTTPS Wowza Streaming Engine Media Server Application Server
TCP 8087 HTTP Wowza Streaming Engine Media Server Application Server

🔓 Required when SSL is Disabled 🔒 Required when SSL is Enabled



Application Server and Media Servers.png

Digital Wowza License

Only required for servers utilizing an electronic Wowza key. Servers with a physical Wowza key do not need access to the licensing servers.


This communication is required to verify valid Wowza Streaming licenses.

Media Servers to Wowza Licensing Servers
Port Protocol Source Destination
TCP 80 HTTP Media Server wowzalicense-all.wowzamedia.com
TCP 80 HTTP Media Server wowzalicense1.wowzamedia.com
TCP 80 HTTP Media Server wowzalicense2.wowzamedia.com
TCP 80 HTTP Media Server wowzalicense3.wowzamedia.com
TCP 80 HTTP Media Server wowzalicense4.wowzamedia.com

VALT Cloud

VALT Cloud is a hybrid solution that requires an on-premise server and a cloud server.

The cloud server is the Application Server. This hosts the website where users will access the application.

The on-premise server is a Media Server. This hosts the camera streams and recordings.


The on premise media server will establish a connection to the VALT AWS Private Cloud. All traffic will flow through this connection. This connection requires the following ports:

On-Premise Media Server to Cloud Application Server
Port Source Destination
UDP 500 On-Premise Media Server Cloud Application Server
UDP 4500 On-Premise Media Server Cloud Application Server
GRE On-Premise Media Server Cloud Application Server

VALT Cloud utilizes Let's Encrypt to provide SSL certificates. The On-Premise Media Server must be able to communicate with the following websites to request the certificate:

Let's Encrypt
Port Protocol Source Destination
TCP 443 HTTPS On Premise Media Server https://acme-v02.api.letsencrypt.org
TCP 443 HTTPS On Premise Media Server https://route53.amazonaws.com