Avid NetworkingPort Usage Guide
Overview
With corporate cyber-attacks on the rise, businesses need to implement increased security measures to prevent intrusion. Firewalls provide a level of protection by insulating internal and external network traffic. However in some circumstances, firewalls can impede tools such as Avid production systems that need to cross the firewall for certain activities.
Network engineers might need to open access points for specific port numbers in the corporate firewall to allow Avid components to communicate with each other. This document provides a list of network ports used by Avid systems.
n The Windows operating system uses a wide range of ports to provide network services for Avid products. For information on ports used by the Windows operating system, see the Microsoft documentation.
Refer to the following sections as they apply to your Avid products and corporate needs:
• Avid | Edit On Demand
• Avid NEXIS
• Avid ISIS
• Avid MediaCentral Cloud UX
• Avid MediaCentral | Sync
• Avid MediaCentral Production Management
• Avid MediaCentral Newsroom Management
• Avid MediaCentral Capture
• Avid Ingest and Playout
• Avid MediaCentral Platform Services
For Media Composer | Cloud port usage, see Media Composer | Cloud Network Information and Port Usage on the Avid Knowledge Base.
For more information on port usage for Avid Link, see the following Avid Knowledge Base article: http://avid.force.com/pkb/articles/en_US/FAQ/Avid-Link-Networking.
For more information on Avid | Edit On Demand, see Avid Products: Avid Edit On Demand.
Revision History
For a list of changes made to this document, see “Revision History” on page 23.
Avid | Edit On Demand
2
Avid | Edit On Demand
Avid | Edit On Demand is a service that lets you quickly configure multiple Media Composer clients with Avid NEXIS cloud storage.
Port Usage for Avid | Edit On Demand
The following ports are used to enable file transfers and remote access to Media Composer VMs.
FileCatalyst Outbound (client to server):
• TCP 443 (HTTPS)
• TCP 990 (Control port)
• TCP 8000-8999 (TCP data ports)
• UDP 8000-8999 (UDP data ports for file transfers)
Teradici Outbound (client to server):
• TCP 443 (HTTPS/Control)
• TCP 60443 (alternate Control port)
• TCP & UDP 4172 (PCoIP session)
Teradici Inbound (server to client):
• TCP & UDP 4172 (PCoIP session)
Avid NEXIS
Avid NEXIS is the next generation of shared storage for media applications, and continues the Avid ISIS tradition of highly-scalable storage system based on a parallel file system that meets the latency constraints of media applications found in the most demanding post production and broadcast environments. All NEXIS data travels through the network to supply media to connected clients with strict latency requirements even at high system load.
Port Usage for Avid NEXIS Systems
The following table contains all the ports needed for an Avid NEXIS implementation.
Component Port Protocol Purpose
Avid NEXIS Clients
Avid NEXIS Clients—Windows
4200 — 4599 UDP Message traffic (Storage Manager and System Director)
Data traffic (including for Avid NEXIS Data Migration Utility) between Windows client and all ISIS or Avid NEXIS systems, depending on Avid NEXIS Client version
Avid NEXIS Clients—Mac and Linux
5016-5415 UDP Message traffic (Storage Manager and System Director)
Data traffic (including for Avid NEXIS Data Migration Utility) between OS X client, or Linux client and all ISIS or Avid NEXIS systems, depending on Avid NEXIS Client version
Avid NEXIS
3
Avid NEXIS Clients (All)a
49152 — 65535 TCP v7.x, 2018.x, and higher—Avid NEXIS Client access for Storage Manager data
Avid NEXIS Windows Clients
137-138, 139-445 CIFS or SMB Common Internet File Service (CIFS) is the successor to the server message block (SMB) protocol. CIFS is the primary protocol used by Windows systems for file sharing (specifically for Avid File Gateway).
Avid NEXIS Windows Clientsa
49152 — 65535 TCP v7.x, 2018.x, and higher—Avid NEXIS Client port usage to/from System Director for Storage Manager Data Transfer, Storage Manager message and System Director message traffic
Avid NEXIS System Director
Avid NEXIS System Director
21 TCP (for FTP) Anonymous FTP login is used for Avid NEXIS File Gateway.
Avid NEXIS System Director
80
443
HTTP
HTTPS
Avid NEXIS Management Console (HTML-5); default in Avid NEXIS version 2018.5 and higher
Avid NEXIS System Director
3002 HTTP Avid NEXIS Adobe Flash-based Management Console (HTML-5), default in Avid NEXIS version 2018.4 and earlier
(Also available in Avid NEXIS v2018.5 and higher until further notice)
Avid NEXIS SOAP API
Avid NEXIS System Director
3003 HTTPS Avid NEXIS Adobe Flash-based Management Console (HTML-5), default in Avid NEXIS version 2018.4 and earlier
(Also available in Avid NEXIS v2018.5 and higher until further notice)
Avid NEXIS SOAP API
Avid NEXIS System Director
5003 UDP Client, uServer and System Director to System Director control (well known port)
Common for All Avid NEXIS Platforms
Lightweight Directory Access Protocol (LDAP)
389 TCP Communication between System Director and LDAP Server(s)
Storage Manager 3435 — 3455 TCP Data Connections between Media Packs
Storage Manager Agent
5015 HTTPS Allows initial configuration of the Avid NEXIS engine, log collection, statistics, and other information mostly used or requested by Customer support.
Storage Manager 7238 — 7245 UDP or TCP For UDP messaging between all NEXIS nodes (clients, Storage Managers, System Director) -- One per Media Pack
TCP data listen port -- One per Media Pack
All Avid NEXIS E2s use port 7238
All Avid NEXIS E4s use ports 7238 and 7239
All Avid NEXIS E5s use ports 7238 — 7245
Component Port Protocol Purpose
Avid ISIS
4
Avid ISIS
Avid ISIS is highly-scalable storage system based on a parallel file system that meets the latency constraints of media applications found in the most demanding post production and broadcast environments. All ISIS data travels through the network to supply media to connected clients with strict latency requirements even at high system load.
Port Usage for Avid ISIS Systems
The following table lists the ports leveraged by Avid ISIS.
OAM (Cloud data access)
7333 UDP or TCP UDP control and TCP data messages for media stored in the Cloud
a. Avid NEXIS clients use values in the range listed, but do not use them all. As client ports are closed, a new one is opened as needed. Administrators do not need to open ports specifically for Avid NEXIS clients.
Component Port Protocol Purpose
Component Port Protocol Purpose
Common for all ISIS Environments
ISIS System Director
21 TCP Anonymous FTP login allowed — open ftp Microsoft ftpd ftp-anon:
The FTP Service is included in the ISIS | 2500 and used in the Avid ISIS File Gateway server.
ISIS System Director
4433443
UDP System Director ports that are used during the license activation. The Avid License Control tool utilizes both port 3443 and port 443 for license request and response communication. Port 3443 is the primary port, but if this port is blocked, the Activation Service tries port 443 (which is more likely to be open for web communication).
ISIS Storage Manager
3000 UDP ISIS uServers communication
ISIS Storage Managers
3001 — 3400 UDP or TCP To or from ISIS Client or other uServer
ISIS Storage Manager
3434, 3435 TCP Data connect ports (clients and other Storage Managers)
ISIS Storage Manager
5001 UDP System Director to uServer for failover control
ISIS Storage Manager
5004 UDP Administrative agent and related to uServer (localhost normally)
The ISIS | 2500 uses two ports for this function and the ISIS | 7500 just uses 5004.
ISIS System Director
5005 UDP ISS/IXS status reporting to System Director
ISIS System Director
5015 TCP Management Console Administrative Login via https
Avid ISIS
5
ISIS Storage Manager, ISS, and IXS
5015 TCP Agent administrative login via https
ISIS System Director
5000 UDP System Director to System Director failover/resiliency control
ISIS System Director
5003 UDP Client, uServer and System Director to System Director control (well known port).
ISIS System Director
5004 UDP Administrative server and related to System Director (localhost normally)
ISIS System Director
5016 UDP ISIS transfer agent traffic.
ISIS System Director/Engine
6002 TCP Sentinel License Monitor — open http SafeNet Sentinel License Monitor httpd 7.3
ISIS | 5500 Environment only
ISIS System Director/Engine
3071 TCP Array Manager RAID management — open raid-mgt
ISIS Storage Element
5015 TCP Agent administrative login via https
ISIS System Director/Engine
49156 TCP MegaRaid Monitoring Agent — open ssl/megaraid-monitor
ISIS | 2500 Environment only
ISIS Storage Manager
5004, 5009 UDP Administrative agent and related to uServer (localhost normally)
The ISIS | 2500 uses two ports for this function and the ISIS | 7500 uses 5004.
ISIS Clients
ISIS Windows Client
4000 — 4399 UDP or TCP Up to ISIS v1.3—ISIS port usage to/from System Director for Storage Manager Data Transfer, Storage Manager msg and System Director msg traffic
ISIS Windows Client
4200 — 4599 UDP or TCP ISIS v1.4 – v4.7 (TCP), v1.4 and higher (UDP)—ISIS Client port usage to/from System Director for Storage Manager Data Transfer, Storage Manager msg and System Director msg traffic
Also search the Avid Knowledge Base for “Network Requirements for ISIS and Interplay Production” at www.avid.com/US/support.
ISIS Windows Client
49152 — 65535 TCP ISIS v4.7 and higher (TCP only)—ISIS Client port usage to/from System Director for Storage Manager Data Transfer, Storage Manager msg and System Director msg traffic
Also search the Avid Knowledge Base for “Network Requirements for ISIS and Interplay Production” at www.avid.com/US/support.
ISIS Clients 5008 TCP ISIS Client transfer agent.
Component Port Protocol Purpose
Avid ISIS
6
Port Usage for Active Directory in an Avid ISIS Environment
Avid ISIS supports Active Directory. Active Directory uses the following ports for both Active Directory client to the Domain Controller, and Domain Controller to Domain Controller communications. The following table lists all the Active Directory ports that may be used by the System Director and clients. The specific ports used depend on whether or not systems are members of the Active Directory domain and the types of services requested from the Active Directory resource.
ISIS Macintosh Clients
5016 — 5415 UDP or TCP ISIS Client access from System Director, data to and from Storage Manager.
ISIS Linux Clients 5016 — 5415 UDP ISIS Client access from System Director, data to and from Storage Manager.
ISIS and Avid NEXIS Clients
501750135014
ServerTCPUDP
The Avid Benchmark Utility agent is installed with all ISIS and Avid NEXIS client software installations. The network ports are configurable through the Avid Benchmark Utility Preferences.
• Server port: default setting is 5017
• TCP port: default setting is 5013
• UPD port: default setting is 5014
Component Port Protocol Purpose
Active Directory Component Port Network Protocol
Active Directory (Avid ISIS LDAP implementation)
135 TCP
RPC endpoint mapper 135 TCP/UDP
Network basic input/output system (NetBIOS) name service 137 TCP/UDP
NetBIOS datagram service 138 UDP
NetBIOS session service 139 TCP
RPC dynamic assignment 1024 — 65535 TCP
Server message block (SMB) over IP (Microsoft-DS) 445 TCP/UDP
Lightweight Directory Access Protocol (LDAP) 389 TCP
LDAP ping 389 TCP
LDAP connectionless 389 UDP
LDAP over SSL 636 TCP
Global catalog LDAP 3268 TCP
Kerberos 88 TCP/UDP
Domain Name Service (DNS) 53 TCP/UDP
Avid MediaCentral Cloud UX
7
Avid MediaCentral Cloud UX
MediaCentral enables geographically disperse teams to connect, communicate, and work together more easily. Teams can access to MediaCentral through MediaCentral Cloud UX — an easy-to-use and task-oriented graphical user interface that runs on virtually any operating system or mobile device. Journalists, editors, producers, and other contributors can access tasks, projects, and media from anywhere, using any device, thus increasing efficiency.
MediaCentral Cloud UX requires users to sign into a web or mobile client in order to gain access to the underlying functionality. All data (user credentials, session information, user configuration settings, media images and files, text, and machine instructions) transfered between the client and server is transported in a secure manner to the MediaCentral Cloud UX server using HTTPS protocol.
MediaCentral Cloud UX clients that connect through the public Internet require VPN access into the server network. All connections pass through the VPN router/firewall through identified ports. Once the data has passed into the “house network” it is secured using the customer’s existing network security infrastructure.
Port Usage for Avid MediaCentral Cloud UX
The following table lists the ports leveraged by MediaCentral Cloud UX.
Additional notes regarding the Firewall column:
• YES: You must allow this port through your network to enable either external connections, or internal but geographically disperse locations in your organization.
• NO: Does not require any special access through network firewalls.
• Optional: Only required if you want to remotely access functionality associated with this component.
Component Port(s)Protocol and Direction Description Firewall
Active Directory(avid-iam, avid-login)
389or 636 (secure)
LDAP(S), Outbound These are the default ports suggested in the installer for connection to Active Directory. Alternatively, this could be an admin-specified custom port number.
MediaCentral Cloud UX v2021.3 changed the default port from 389 to 636.
YES
Active Directory(avid-iam)
3268 (default) or 3269 (SSL)
TCP Outbound Global catalog server connection.
Applies to v2018.11 and later.
YES
MediaCentral Cloud UX 443a HTTPS, Inbound Client connections YES
MediaCentral Distribution Service
8443 (default)
Can be customized.
HTTPS, Outbound
HTTP (custom possible)
This is the standard port number used to connect to MCDS. Alternatively, this could be an admin-specified custom port number.
YES
cAdvisor 4194 HTTP, Inbound Docker/Kubernetes metrics. NO
Kubernetes 30143 HTTPS Used to access the Kubernetes Dashboard. NO
Avid MediaCentral Cloud UX
8
Docker Registry and Chart Repository
30135 HTTP,Inbound/Outbound
Used internally by the cluster to download Docker images to other cluster nodes.
NO
Helm/Tiller 30134 HTTP, Inbound/Outbound
Used internally to deploy applications. NO
ACS Monitor 30800 HTTP, Inbound Used to access the Avid ACS Monitor Optional
RMQ Management 15672 HTTP, Inbound Port 15672 is specified when connecting to the RabbitMQ management web portal (<hostname>:15672). Firewall rule required if accessing management port from a remote subnet.
Optional
License Manager Service
443 HTTPS, Outbound Connection to Avid License Service NO
Playback 843 TCP, Inbound Flash Policy editor. Flash Player is used in Asset Management workflows that include the MAM Desktop or the MAM Cataloger.
As of v2020.9.1, port 843 is no longer used as the Flash player is depreciated.
YES
Playback 5000a TCP, Inbound Playback service (loading assets, serving JPEG images and audio, etc.). Outbound flow to client serving inbound requests.
YES
Playback 9080 HTTP(S), Inbound Used by icps-manager. This service manages player connections and load-balancing.
YES
Playback 26000 TCP, Inbound / Outbound
Internal rendering service. YES
Gateway 9900 HTTPS, Inbound Used by the ACS Gateway service. This port might be required to connect a service from another host, outside of Kubernetes.
Optional
Search API 30880 TCP inbound (v2019.2) HTTP (insecure) to provide Audio download to Search Grid
YES
XForm service 443 HTTPS, Inbound Back-end for STP capability within the MediaCentral Panel for Adobe Premier Pro
NO
Maestro News(Maestro asset service)
9030 TCP outbound (v2019.2) Thumbnails and images used in graphic templates
YES
MediaCentral Asset Management
9901 and 9911 (on MAM servers)
HTTPS, Inbound Used by services on the MediaCentral CloudUX server and by Asset Management services to talk to other Asset Management services.
These ports must be open between any MediaCentral CloudUX servers and the Asset Management servers, but client access is not required.
YES
Component Port(s)Protocol and Direction Description Firewall
Avid MediaCentral Cloud UX
9
MediaCentral Asset Management
9920 (on MAM servers)
FTP, Inbound Used to install and update packages.
These ports must be open between any MediaCentral CloudUX servers and the Asset Management servers, but client access is not required.
YES
MediaCentral Production Management
• Engine
• Media Indexer
• Media Services
• 80
• 61717
• 80, 8080
• HTTP, Outbound
• TCP, Outbound
• TCP, Outbound
Used to connect from Kubernetes to some components of MediaCentral Production Management.
YES
MediaCentral Ingest 8083 For integration with the MediaCentral Cloud UX Ingest app.
MediaCentral Publisher 443 HTTP, Outbound (v2020.9.5) Connection to Publisher back-end tunneling service. Source might use any port between 30500 and 31000.
YES
MediaCentral Cloud UX mobile app for iOS and Android
443
5000
HTTPS, Inbound
TCP, Inbound
Client connections
Playback
YES
YES
Media Composer Distributed Processing
9900 (secure) or 9966
HTTPS, Inbound Used by the ACS Gateway service Optional
30092a HTTP, Inbound This port is needed by remote and local sites for initial Kafka connection. This port is used to discover Kafka brokers (cluster).
YES
9092a HTTP, Inbound This port is used by clients to produce and consume messages from Kafka.
YES
Avid NEXIS or Avid ISIS
For details, see “Avid NEXIS” on page 2 or “Avid ISIS” on page 4.
NFS or CIFS
• NFS: TCP and UDP 111, 2049
• CIFS: UDP 137, 138, and TCP 137,139
TCP and UDP MediaCentral Asset Management configurations might require additional Network File System (NFS) or Common Internet File System (CIFS) ports.
If your media assets reside on a custom file system, see the documentation for that product to determine the required ports.
NO
Publish app: Social Media and User Settings
80443
HTTP, OutboundHTTPS, Outbound
Used when sending requests to services like Facebook, Twitter, and others.
HTTPS might also be required on client workstations to complete authorizations for Social Media API.
Optional
Component Port(s)Protocol and Direction Description Firewall
Avid MediaCentral | Sync
10
Avid MediaCentral | Sync
Avid MediaCentral Sync enables system administrators to synchronize MediaCentral Production Management metadata and Avid NEXIS or Avid ISIS media with one or more similarly configured Production Management workgroups. Administrators can create, monitor, and manage synchronization tasks through an intuitive web-based user interface.
Built on the MediaCentral Platform, MediaCentral Sync shares many of the ports used by MediaCentral Cloud UX. The following table lists the ports that are specific to the MediaCentral Sync workflow.
In addition to these ports, you must ensure that your MediaCentral Sync server can connect to your Avid Shared Storage systems. For more information about these ports, see “Avid NEXIS” on page 2 or “Avid ISIS” on page 4.
Additional notes regarding the Firewall column:
• YES: You must allow this port through your network to enable external connections.
• NO: Does not require any special access through network firewalls.
• Optional: Only required if you want to remotely access functionality associated with this component.
Publish app: CMS 21 or higher TCP, Outbound Port 21 might be used when uploading content to external CMS systems. If your CMS system uses Passive FTP, you might need to open additional ports. Consult your CMS system's documentation for more information.
Optional
Kafka 30092a HTTP, Inbound (v2019.6) This port is needed by remote and local sites for initial Kafka connection. This port is used to discover Kafka brokers (cluster).
YES
Kafka 9092a HTTP, Inbound (v2019.6) This port is used by clients to produce and consume messages from Kafka.
YES
Kafka 9093a HTTPS, Inbound (v2019.6) Kafka TLS/SSL (Reserved, not currently in use).
NO
Kafka 9094a HTTPS, Inbound (v2019.6) Kafka TLS/SSL Secure - Reserved, not currently in use).
NO
Kibana 30001 HTTPS (v2019.6) Kibana front-end, an optional monitoring component.
Optional
Grafana 30003 HTTPS (v2019.6) Grafana front-end, an optional monitoring component.
Optional
a. These ports must be open between sites when configured in a Multi-Site environment.
Component Port(s)Protocol and Direction Description Firewall
Avid MediaCentral Production Management
11
Avid MediaCentral Production Management
MediaCentral Production Management (formerly Avid Interplay Production) is a non linear workflow management system that is able to connect editors, producers, designers, animators, writers, assistants, administrators—even finance and legal departments—in a real-time nonlinear production environment. A Production Management workgroup often consists of multiple interconnected servers that provide services to clients and each other.
Port Usage for Avid MediaCentral Production Management
The following table lists the ports leveraged by MediaCentral Production Management.
Component Port(s)Protocol and Direction Description Firewall
MediaCentral Cloud UX 443 HTTPS, Inbound Client connections YES
CIFS communication 137, 138 UDP, Inbound / Outbound
Required between MediaCentral Sync and every Production Management host.
Note: Also required between all Production Management hosts to exchange files.
No
139, 445 TCP, Inbound / Outbound
No
Gateway 9900 HTTPS, Inbound Communication between the Production Management Sync Service and MediaCentral Sync.
YES
9900 TCP, Inbound Communication between the Production Management Sync Service and MediaCentral Sync
Note: Also required between all Production Management hosts.
YES
RMQ Management 15672 HTTP, Inbound Port 15672 is specified when connecting to the RabbitMQ management web portal (<hostname>:15672). Firewall rule required if accessing management port from a remote subnet.
Optional
Kubernetes 30143 HTTPS Used to access the Kubernetes Dashboard. NO
ACS Monitor 30800 HTTP, Inbound Used to access the Avid ACS Monitor Optional
Component Port Protocol Purpose
Access 8321 UDP Server browser
80 TCP Server communication
Access can also be a Media Indexer client (update media status, Resync), Media Services client (status tool plugin and submit jobs to archive and Transcode), and Transfer Engine client (status tool plugin, initiate WG2WG transfers); see appropriate sections.
Active Directory 135 TCP RPC for Active Directory / Windows Domain Authentication
Avid MediaCentral Production Management
12
Archive Providera 1433 TCP #Microsoft-SQL-Server (ms-sql-s)
1433 UDP #Microsoft-SQL-Server (ms-sql-s)
1434 TCP #Microsoft-SQL-Monitor (ms-sql-m)
1434 UDP #Microsoft-SQL-Monitor (ms-sql-m)
8192 TCP #FlashNetBackupClient (sdss)
Assist Assist uses Access ports for Interplay Engine communication. It is also a Media Indexer client. See appropriate sections for port usage.
Avid Service Framework (ASF)
Ports are dynamic and services register themselves with firewall to use any port.
161, 162 UDP SNMP and SNMP Traps
0 - 1024 (dynamic)
TCP Codebase http server.
(dynamic) TCP Jini™ ERI ServerConnectionManager
(dynamic above 1024))
TCP Jini™ ERI ConnectionManager.
4160 TCP Jini™ Discovery
4160 UDP Jini™ Discovery
Cluster Service 135 TCP RP; also used by Distributed Link Tracking Server - Service Name TrkSvr and Distributed Transaction Coordinator - Service Name MSDTC).
Random TCP Randomly allocated high TCP ports; also used by Distributed Link Tracking Server (service name: TrkSvr) and Distributed Transaction Coordinator (service name: MSDTC).
3343 UDP Cluster Services (service name: ClusSvc)
Delivery Service 80 TCP Communication with Interplay Engine
61616, 61717 TCP Communication with Media Index servers identified in the Interplay Administrator tool.
The Delivery Service also requires Avid Service Framework port connections.
Delivery Receiver Service
33321 TCP Command port. Identified in the Interplay Administrator tool under Server Hostname Settings. This port can be changed through the Interplay Administrator tool.
20020-21020 TCP Data ports. To change the default port numbers or select a smaller number of ports, see the Production Services Setup and User’s Guide. You only need one port for each active delivery job.
DNS 53 UDP/TCP DNS Client
Component Port Protocol Purpose
Avid MediaCentral Production Management
13
Instinct Instinct uses Access ports for Interplay Engine communication. It is also a Media Indexer client. Instinct is also an iNEWS client. See appropriate sections for port usage.
Interplay Engine 8321 UDP Server browser
80 TCP Client communication
LDAP 389 TCP
636 If SSL is enabled
Media Indexer 61616, 61717 TCP 61717 is used by most clients to connect to MI. 61616 is used in special cases, such as using the Interplay Administrator tool to configure MI Server nodes or for manual testing of connections.
6155 TCP/UDP Since v3.0, this port is used for internal communication between HAG or NOMI (Network of Media Indexers) nodes.b
8888, 8889, 8890 TCP One of these ports is used to serve the Media Indexer web page. First free port is used. In almost all cases that means 8888.
8443, 8444, 8445 TCP One of these ports is used to serve the secured web interface.
24444-24450 TCP One of these ports is used to serve the jmx interface. In almost all cases that means 24444.
Media Services Engine
8080 TCP Listen for editor clients (SOAP)
1099 TCP Listen; RMI protocol for providers and Status/Admin tool
42000-42060 TCP If 1099 not available
Media Services Status Tool
1099 TCP Outbound; RMI protocol for providers and Status/Admin tool
42000-42060 TCP If 1099 not available
Media Composer / NewsCutter
21 TCP Required for NRCS tool
8080 TCP Outbound; Media Services connection to Media Services Engine (SOAP)
58000 TCP HTTP communication with the Background Transcode broker
Media Composer with the NewsCutter option uses Access ports for Engine communication. It also runs the Interplay Framework and a local Media Indexer; see appropriate sections for port usage.
Media Composer / NewsCutter
Background Transcode on the editor system
58001 TCP/IP Communication between Background Transcode broker and other clients.
8888 TCP/IP Connection to the Media Indexer web interface
8185 TCP/IP Background Transcode status
Media Composer / NewsCutter
Dynamic Media Folders (DMF)
58885
58886
TCP/IP
TCP/IP
Local communication with the DMF service
Local communication with the DMF support service on a Mac OS X system
Component Port Protocol Purpose
Avid MediaCentral Newsroom Management
14
Avid MediaCentral Newsroom Management
MediaCentral Newsroom Management (formerly Avid iNEWS) provides journalists, producers, directors, and various technical personnel in the newsroom with an array of tools to make their job easier. It is primarily made up of Newsroom Management Workstations, linked together via a local or wide area network, and the Newsroom Management Server, which manages all the day-to-day activities of the newsroom.
Port Usage for Avid MediaCentral Newsroom Management
The following table lists the ports leveraged by MediaCentral Newsroom Management.
ProEncode Client 8080 TCP/IP SOAP Connection to Media Services (TCP, outbound) - run on editing systems (NewsCutter)
Transfer Cache 1099 TCP Listen; RMI protocol for providers and Status/Admin tool
42000-42060 TCP If 1099 not available
6539 TCP Outbound for Transfer Engine status
Transfer Engine 6532 TCP/IP Media Connectivity tool (defined in system32\drivers\etc\services com.avid.mct). The Transfer Engine listens on this port for requests from other Transfer Engines (for example, initiating a workgroup transfer.).
6535 TCP/IP Playback protocol (defined in system32\drivers\etc\services com.avid.pbp). This is the default port used by Transfer Engine for connecting to Playback Servers (AirSpeed, etc.). This is configurable for some playback servers.
6539 TCP/IP Transfer Engine (defined in system32\drivers\etc\services com.avid.pbp com.avid.xmgr). The TM Server listens on this port for incoming requests from the TM Client.
1024 and higher TCP Data ports for Passive mode. Passive mode range is dynamic above 1024.
Web Services 80 TCP Communication with Interplay Engine.
Also see Delivery Receiver for information on Web Services for Media Composer Cloud Remote option.
a. These values are for SGL connections. For other third party archive solutions, see the third party documentation.b. The Media Indexer servers in the Network of Media Indexers (NOMI) communicate via Multicast. This has been the case since
Interplay v3.x. It usually does not require any special configuration because the MI servers in a NOMI typically reside in the same network segment (subnet). However if the members of the NOMI connect to separate switches for any reason, additional configuration may be required to propagate multicast packets (at layer 2) between switches. For more information, see “Network Requirements for Avid NEXIS, and MediaCentral” on the Avid Knowledge Base. Note that the local Media Indexers on the editors do not require Multicast communication with the servers. Multicast communication is only required between the Media Indexer servers. The multicast address used is 239.255.2.3 on UDP port 6155.
Component Port Protocol Purpose
Port Protocol Purpose
1 TCP iNEWS Inter-system Messaging
Avid MediaCentral Newsroom Management
15
21 TCP (FTP) FTP into iNEWS database: Teleprompters, NewsCutter newsroom system tool, Data Receiver
22 TCP/UDP ssh
25 TCP/UDP sendmail
67 UDP Used by PCU's to obtain an IP address via bootp
80 TCP http Web Access, for read-only database access
513 TCP/UDP rlogin
600 TCP FTP into Linux partition (obsolete in iNEWS 2.5 and later - see port 49152)
698 TCP/ UDP Might be required for Web access through cgi-bin
699 TCP Used by dbvisit (maintenance program) for on-line dbvisits
921 TCP Used by MOS Gateway to support “roStorySend” and replication workflow
For more information, see the 2021.7 MOS Gateway ReadMe and Ops Guide.
1019 TCP Server listens for client connections: iNEWS Workstation, Web Client, iNEWS COM, Data Receiver, iNEWS Instinct.
1020 TCP Network dbdump / dbrestore between iNEWS Servers
1020 UDP Server updates/notifications sent to client, specified by client. Each client running on a machine must bind to a unique socket. If a user intends to run N sessions of iNEWS on the same machine, then ports 1020 through 1020 + (N–1) must be opened in the firewall. (TCP and UDP)
1020 TCP Search results sent to client from server, specified by client. Each client running on a machine must bind to a unique socket. If a user intends to run N sessions of iNEWS on the same machine, then ports 1020 through 1020 + (N–1) must be opened.
1022 TCP iNEWS bioserver communication. Each bioserver is connected to every other bioserver. On an ABC system the A bioserver has a connection to both the B and C bioservers, The B bioserver is connected to the A and C bioservers. The C bioserver is connected to the A and B bioservers.
1023 TCP Used by connect and reconnect commands during startup
5901 TCP/SCTP First remote access port for VNC to Linux UI, might have more than one VNC session configured (5902, 5903, and so on). These are not required to run iNEWS.
6100 TCP FTS indexing (configurable)
6101 TCP FTS searching (configurable)
6825 TCP Monitor for ControlAir
6826 TCP Monitor for MOS
6827 TCP Monitor for iNEWS Command
49152 TCP
TCP (FTP)
Telnet (obsolete in iNEWS 2.5 and later - see port 49153)
FTP into Linux Partition
49153 TCP Telnet
Port Protocol Purpose
Avid MediaCentral Capture
16
Avid MediaCentral Capture
Avid MediaCentral Capture (also known as Capture) is a newsroom ingest tool that enables automated recordings. It is comprised of individual applications, which allow you to schedule and monitor recordings, and to capture video from a video feed or VTR. Capture stores its schedule and other metadata in the MediaCentral Production Management database, which allows for easy access to the captured material within the Production Management environment.
Port Usage for Avid MediaCentral Capture
The following table lists the ports leveraged by Avid MediaCentral Capture.
Avid Ingest and Playout
Avid AirSpeed adds cost-efficient play to air capability, slow motion playback and support for both Avid and third party editing systems. Router Control provides additional ingest support and iNEWS Command provides advanced playout support for both Avid and third party devices alike.
Port Usage for Avid Ingest and Playout Solutions
The following table lists the ports leveraged by Avid products used in a broadcast environment.
Component Port Protocol Purpose
Avid Service Framework
(ASF)
4160 TCP Jini™ Discovery.
4160 UDP Jini™ Discovery.
Capture Clienta
a. These are Windows dynamic port range. The range can be reduced to address security reasons.
49152-65535 TCP Communication between Client and Server.
49152-65535 UDP Communication between Client and Server.
Avid MediaCentral Platform Services
17
Avid MediaCentral Platform Services
MediaCentral Platform Services delivers workflow tools for media professionals through both Web and mobile applications. Through MediaCentral UX, users can access Avid iNEWS, Interplay Production, Interplay MAM, or all three.
A MediaCentral UX client requires user login credentials in order to gain access to the underlying functionality. All data (user credentials, session information, user configuration settings, media images and files, text, and machine instructions) transfered between the client and server is transported in a secure manner to the MediaCentral Platform Services server using HTTPS protocol.
Component Port Protocol Purpose
AirSpeed 5000, 5500
6001 TCP Required for communication with Capture Manager. This port is not required for use with MediaCentral Capture (Interplay Capture).
6530 - 6533 TCP Communication port reserved for AirSpeed applications.
6534 TCP Default port for transferring AVC-Intra, DNXHD, and SD media.
6535 TCP Communication port reserved for AirSpeed applications.
6536 TCP Default port for transferring MPEG-2 HD (XDCAM) media.
6537 - 6539 TCP Communication port reserved for AirSpeed applications.
59440 - 59480 TCP Required by AirSpeed Remote Console and AMS-API if deployed outside a firewall. Maximum of 10 connections per port.
21 FTP Default port used to transfer MXF OP1A files in or out. See “The FTP Folders Page” in the Avid AirSpeed 5000 / AirSpeed 5500 Administrator’s Guide for details.
Router Control Varies Varies Ports used for communication with 3rd party routers vary. See the manufacturer's documentation for specific port information.
iNEWS Command 8900 TCP Avid UMD Device Service uses port 8900 by default, but this can be altered through manual configuration. See the iNEWS Command Installation Guide for details.
443, 3443 TCP Avid License Control - for license request and response communication. Port 3443 is the primary port, but if this port is blocked, the Activation Service tries port 443, which is more likely to be open for Web communication.
475 TCP DekoMOS Gateway. The port number where the Net HASP checks for connections. This port can be altered. See the iNEWS Command Installation Guide for details.
10543, 10544 TCP DekoMOS Macro Server. The Playback Port text box and the Local IP Port text box are 10544 and 10543, respectively, by default.
10540, 10541 TCP Configuring MOS settings in Command. The defaults, as defined in the MOS protocol specifications, are 10541 (upper) and 10540 (lower).
Avid MediaCentral Platform Services
18
MediaCentral UX clients that connect through the public Internet require VPN access into the server network. All connections pass through the VPN router/firewall through identified ports. Once the data has passed into the “house network” it is secured using the customer’s existing network security infrastructure.
Users connected within the corporate LAN/WAN would not typically use VPN access but would likely need to pass through firewalls and other network security devices with ACLs before accessing the Avid Interplay network.
External Port Usage for Avid MediaCentral Platform Services
Note that the MediaCentral Web service and MediaCentral application services operate on the same server so there are no proxies or firewalls between these components. Access to MediaCentral databases is also direct, with no database firewall protection required.
The following table lists the ports used by MediaCentral Platform Services server that should be allowed through the VPN firewall.
n Outbound ACLs should be used to allow packets from the MediaCentral server to the client over “established” TCP sessions only. The “established” keyword indicates that packets belong to an existing connection if the TCP datagram has the Acknowledgment (ACK) or Reset (RST) bit set.
Component Port Protocol and Direction Purpose
MediaCentral UX web application
80, 2600 TCP Inbound MediaCentral Playback Services (MCPS) HTTP calls
File streaming from MCPS
443 Secure TCP Inbound MediaCentral HTTPS calls
Communication with MediaCentral server
843 TCP Inbound Serving Flash Player socket policy files
5000 TCP Inbound Playback service (loading assets, serving JPEG images and audio, etc.). Outbound flow to client serving inbound request.
MediaCentral UX mobile applications
80 TCP Inbound MediaCentral Playback Services (MCPS) HTTP calls
File streaming from MCPS
443 Secure TCP Inbound MediaCentral HTTPS calls
Communication with MediaCentral server
Media Distribute 21 Outgoing FTP data Communication over port 21 is only required for XML transfer to generic CMS or OVP endpoints or for media transfers to the WorldNow CMS system.
80 or 443 Outgoing HTTP or HTTPS Connection to web
3128 HTTP Outgoing If ServiceMix will be used with a proxy server, 3128 is the default port.
For more information on configuring a proxy server for Media Distribute, see the Media Distribute Installation and Configuration Guide.
Avid MediaCentral Platform Services
19
Multi-Zone and Media Index configurations require additional ports to enable communication between the zones. While the ports in the table below are considered “external”, they are similar to internal ports in that they should only be open between controlled data centers.
n Avid does not test or support firewalled connections between zones in a Multi-Zone configuration. If required, zone communication can be limited by source IP ranges.
Internal Port Usage for Avid MediaCentral Platform Services
The following table lists the internal ports leveraged by the Avid MediaCentral Platform Services servers.
Component Port Protocol and Direction Purpose
Multi-Zone configurations
22 TCP A secure (SSH) connection between zones is required when configuring multi-zone.
80, 2600 TCP Inbound MediaCentral Playback Services (MCPS) HTTP calls
File streaming from MCPS
443 Secure TCP Inbound MediaCentral HTTPS calls
Communication with MediaCentral server
843 TCP Inbound Serving Flash Player socket policy files
5000 TCP Inbound Playback service (loading assets, serving JPEG images and audio, etc.). Outbound flow to client serving inbound request.
5432 UMS/Postgres Replication
5671 AMQP over SSL/TCP Inbound and Outbound
Federated link data encryption for RabbitMQ
n Encrypting RabbitMQ data between zones requires additional configuration on the MCS servers. For details, see “Enabling RabbitMQ Data Encryption Across Zones” in the MCS Installation and Configuration Guide.
5672 AMQP Multi-Zone configurations require AMQP protocol and port 5672 be accessible between zones/machines
15672 REST API / Management UI RabbitMQ Rest API for the federation configuration
MongoDB 28001 Required for MCS 2.6 and later.
27100-27150 (depending on number of zones)
Required for the avid-iam deployment of sharded Mongo in v2.6 and later. In a multi-zone configuration, each zone uses a separate communication port. For example in a multi-zone configuration consisting of three zones, ports 27100, 27101, and 27102 are used.
Media Index Custom ports configured in /etc/elasticsearch-tribe/elasticsearch.yml must be allowed to cross the firewall. See “Port Usage for Avid Media Index” on page 22 for details.
Avid MediaCentral Platform Services
20
Service Name Port Notes
MediaCentral UX 443 Port 443 relates to communication. 443 is used by RabbitMQ, ACS core bus and MediaCentral
MediaCentral Playback Services (MCPS)
843 (Flash), 80, 5000, 26000 Externally exposed service through ports 843 and 5000
MCPS Manager 80 Externally exposed service through port 80
MediaCentral Platform Services
8000 (optional Admin UI), 8183 (bus cluster info)
ACS Monitor is exposed through port 8000
Avid Upstream 8080 avid-upstream service port for MCS 2.6 and higher
Nginx 8480 Connects to avid-interplay-central service. Port 8480 is used with MCS 2.6 and higher. Prior to that release, port 8080 was used.
ISIS See ISIS Linux Client within the Avid ISIS port usage chart.
RabbitMQ 5672 (AMQP), 15672 (Management UI/ REST API)
Port 15672 is specified when connecting to the RabbitMQ management site (<hostname>:15672) or when calling the REST API (for multi-zone). Firewall rule required if accessing management port from a remote subnet.
MongoDB 27017, 27018, 28001 MCS v2.6 added ports 27018, 28001 and 271xx.
27100-27150 (depending on number of zones) In a multi-zone configuration, each zone uses a separate communication port. For example in a multi-zone configuration consisting of three zones, ports 27100, 27101, and 27102 are used.
27200, 28201, and 27218 MCS v2.9 added ports 27200, 28201, and 27218 for the avid-asset deployment of sharded MongoDB.
29200 - 292xx and 30201 - 302xx Depending on the configuration, ports 292xx and 302xx might be used in a multi-zone environment. The number of ports depends on the number of zones.
22 A secure (SSH) connection between the cluster nodes and the arbiter is required by the sharded MongoDB configuration script.
Postgresql 5432
Avid MediaCentral Platform Services
21
Clustering 25672 and 4369 Ports 25672 and 4369 are used to join the nodes together in a local cluster.
Multi Zone 9999 The User Management Service (UMS) connects to pgpool internally through 9999. pgpool then connects on port 5432 to the Master zone. Port 9999 is only used in slave zones.
Users - Domain Import Default port 389, 636 (SSL) Port used to communicate to the Domain Controller.
System 22, ICMP, 111, 24007, 24008, 24009-(24009 + number of bricks across all volumes for gluster).
If you will be using NFS, open additional ports 38465-(38465 + number of Gluster servers).
MAM configuration might require additional NFS ports (111, 2049 tcp&udp) or CIFS (137,138 udp and 137,139 tcp). Other file systems will have to be checked individually (Isilon, Harmonic Omneon, etc.).
9900 (secure) / 9966 (unsecured)
9500
Used by the acs-gateway service.
Ports 9900 and 9966 are used with MCS v2.8 and later.
Port 9500 is used with MCS v2.7.x and earlier.
11233 (TCP) Port used by avid-acs-watchdog – a basic health check helper for ACS components.
8085 Enables access the /opt/avid/Packages directory. This port is used during the sharded Mongo - add arbiter process.
Packages folder available at http://<server>:8085/Packages/
MediaCentral Asset Management (formerly Interplay MAM)
9920 FTP port used for accessing media from MAM storage.
Media Distribute 8676 Connection to Telestream Vantage transcode service.
1120 Connection to Harmonic ProMedia Carbon transcode service.
20 and 21 TCP connection used by Media Distribute to retrieve files from Interplay MAM.
Service Name Port Notes
Avid MediaCentral Platform Services
22
Port Usage for Avid Media Index
The Media Index API is exposed through ACS bus technology. A client accesses the Media Index API through the MediaCentral middleware and ACS bus.
The following table lists the ports leveraged by Avid Media Index.
* Indicates external port which requires access through firewall.
MediaCentral Distribution Service (hosted on a separate Windows server)
8080 or 8890 In MediaCentral UX 1.x, the MCDS service used port 8080 for normal http communication. In MediaCentral UX v2.0 / MCDS v3.1, the port changed to 8890. This change allows MCDS to be installed on the same server as the Production Services Engine (if desired). Port 8443 is used for http security protocol.
Service Name Port Notes
Component Port Protocol and Direction Purpose
Elasticsearch 9200* HTTP Elasticsearch HTTP calls. Optionally, this port can be added as a firewall exception for accessing the Elasticsearch “head” plug-in at:
http://<server_name>:9200/_plugin/head
9300* TCP Elasticsearch node to node communication
Elasticsearch-tribe 9201* HTTP Elasticsearch-tribe HTTP calls. Optionally, this port can be added as a firewall exception for accessing the Elasticsearch “head” plug-in at:
http://<server_name>:9200/_plugin/head
9305 TCP Internal Elasticsearch-tribe node to node communication
9312 TCP Elasticsearch tribe local cluster binding port
931x* TCP In a multi-zone configuration, each remote zone will have its own Elasticsearch tribe binding port. Port number is incremented by 1 from the local binding port number, for example:
• local: 9312
• remote 1: 9313
• remote 2: 9314
• remote n: 931n
avid-acs-media-index-feed
3000 HTTP The Media Index feed API provides an HTTP endpoint that exposes the RSS/ATOM feed with the latest updates from the Media Index database
Revision History
23
Revision History
The following table lists the changes made to the Avid Networking Port Usage Guide:
Copyright © 2021 Avid Technology, Inc. and its licensors. All rights reserved. Created 10/6/21
Date Revised Changes Made
August 24, 2021 Added Avid MediaCentral | Capture and updated Avid NEXIS ports.
June 24, 2021 Added Avid MediaCentral | Sync
Added information related to Media Composer Distributed Processing to the MediaCentral Cloud UX port table.
May 13, 2021 Added Avid MediaCentral | Cloud UX v2021.3.
October 30, 2020 Comment for MediaCentral | Cloud UX port 843.
October 9, 2020 Added port 443 for Avid NEXIS System Director for HTTPS protocol
September 30, 2020 Added Avid MediaCentral | Cloud UX v2020.9.
September 21, 2020 Added Avid | Edit On Demand ports section.
April 17, 2020 Added clarification to MediaCentral Cloud UX ports required for Multi-Site environments.
October 21, 2019 Corrections for MediaCentral Cloud UX Kafka ports
July 29, 2019 Added more ports for Avid NEXIS
June 27, 2019 Added ports for Avid MediaCentral | Cloud UX 2019.6.
March 1, 2019 Added ports for Avid MediaCentral | Cloud UX 2019.2 when integrating with Maestro | News and MediaCentral Phonetic Index.
January 2, 2019 Added ports for Avid MediaCentral | Cloud UX.
Top Related