From SpinetiX Support Wiki
This article is about the logical network ports used by the player. For physical Ethernet port interfaces on the player, please see the HMP page.
In computer networking, a port is an endpoint of communication. Physical and wireless connections are terminated at ports of hardware devices. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. The software port is always associated with an IP address of a host and the protocol type of the communication.
Ports provide a multiplexing service for multiple services or multiple communication sessions at one network address. Specific port numbers are commonly reserved to identify specific services. The most commonly used protocols that use ports are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).
A firewall can reside on your local machine, on your router, or as part of your corporate network. Your computer's firewall controls the network traffic in and out of that machine. A network firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.
The following logical network ports are used by the players' services:
|TCP||80||HTTP access to the embedded web server (player web interface, HMP Control Center, RPC etc.) of the player.|
|TCP||443||Secure HTTP (HTTPS) access to the embedded web server of the player. Added in firmware 4.0.0.|
|TCP||81||WebDAV access to the player content server for publishing from Elementi or other WebDAV clients.|
|TCP||9802||Secure WebDAV access to the player content server for publishing from Elementi or other WebDAV clients. Added in firmware 4.0.0.|
|TCP||1234||TCP / HTTP access to the legacy end-point of the Shared Variables Network API. This is not enabled by default. The default port can be freely modified.|
|TCP, UDP||5684||Secure CoAP access to the Shared Variables Network API. This is not enabled by default. Added in firmware 4.3.0.|
|TCP, UDP||161||SNMP monitoring. This is not enabled by default.|
|UDP||68||DHCP to request IP addresses and networking parameters automatically. Disabled when static IP configuration is used.|
|UDP||123||NTP for internal clock synchronization.|
|UDP||1900||SSDP / UPnP device discovery. Added in firmware 4.1.0.|
|UDP||5353||Multicast DNS (Bonjour) device discovery.|
|TCP, UDP||5355||LLMNR (Windows compatible local name resolution). Added in firmware 4.7.1.|
Network firewalls filter traffic between two or more networks and are positioned on the gateway computers of LANs, WANs, and intranets. A network firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.
No ports need to be opened on the network firewall for inbound traffic, unless you specifically want to allow remote access to the player. The following standard ports should be opened for outbound traffic from the players towards external destinations:
|TCP||80||HTTP access to external web servers, such as SpinetiX firmware update server, data feeds, etc.|
|TCP||443||Secure HTTP (HTTPS) access to Cockpit, data feeds, SpinetiX ARYA, DSOS license activation, and other services on SpinetiX cloud infrastructure, etc.|
|TCP||8883||MQTT access to SpinetiX cloud infrastructure. Added in firmware 4.4.0.|
|UDP||123||NTP for internal clock synchronization.|
ARYA is SpinetiX's cloud-based visual communication solution, easy to use and accessible from anywhere from a browser from any device and at any time. The DSOS players are using standard network protocols and ports (listed above) to communicate with the SpinetiX cloud.
For networks that have very strict access rules to the Internet, an extended list of services, protocols, ports, and hostnames used by DSOS players and web clients to connect to SpinetiX ARYA, is provided below. You can also download this diagram in PDF format.
- All connections are outgoing and initiated by the DSOS player or the web client
- IP filtering is not possible as all names resolve to dynamic IP addresses due to round-robin, GeoDNS, and load balancing
- TLS inspection is possible, except for the MQTT and AWS Credential provider services, as these use client-certificate authentication
- If MQTT is blocked players will work in a degraded mode (Slow Sync) where each update or request to the player from ARYA is delayed by several minutes.
- Any names under the services.spinetix.com domain (i.e. matching the *.services.spinetix.com pattern) should be allowed as other services may be added or some existing ones (like *.cloudfront.net or *.amazonaws.com) may be moved under that domain in the future without prior notice.
Your computer's firewall controls the network traffic in and out of that machine. It might be restricted or totally available to you and some / all firewall rules might be set through group policies.
Most of the ports detailed above are standard ports, so they should already be opened. If not, to access the player services detailed above, the corresponding ports must be opened for outbound traffic; some of them might also need to be opened for inbound traffic, for instance the ones related to Shared Variables and SNMP monitoring.
If Elementi is installed and used, some additional ports might need to be opened, such as:
|TCP||80||HTTP access to external web services like data feeds, external web servers, etc.|
|TCP||443||Secure HTTP (HTTPS) access for license activation, software update, publishing to ARYA, etc.|
|TCP||81||Publishing onto the players using WebDAV.|
|TCP||9802||Publishing onto the players using Secure WebDAV. Added in Elementi 2015.|
|UDP||1900||Device discovery using SSDP / UPnP. Added in Elementi 2016.|
|UDP||5353||Device discovery using Multicast DNS (Bonjour).|
|TCP, UDP||5684||Secure CoAP access to the Shared Variables Network API. This applies to Elementi 2018 X only, and it is not enabled by default.|
|TCP||1234||TCP / HTTP access to the legacy end-point of the Shared Variables Network API. This applies to Elementi X only, it is not enabled by default, and the default 1234 port can be freely modified.|