Vidyo works well with a range of network scenarios, but best results are obtained when the necessary ports on the organisation’s firewall are open as described below. Vidyo can be switched to work via its built in VidyoProxy, in which case all traffic is tunnelled on HTTP Port 443, but this will impact on performance.
Here is Len Lotz, TENET’s Executive Officer: Technology and Operations discussing the ports that need to be opened and other network considerations.
Open the ports
To work most efficiently, the VidyoDesktop and Room Systems need some ports on your firewall to be open to allow communication with the TENET Vidyo set up. These requirements are something that it should be possible for organisations to cater for. The diagram below shows the essential elements of the Vidyo call flow.
To register to the Vidyo Portal and place calls, the client side connection must be open to the VidyoPortal on these TCP/UDP ports:
|Port||What for||Device information||Function|
|TCP Port 80||HTTP: Outbound to Portal||xxx-vc.tenet.ac.za||Client to Portal authentication
|TCP Port 443||HTTPS: Outbound to Portal
|xxx-vc.tenet.ac.za||Optional for SSL connection to
|TCP Port 17992||EMCP: Outbound to Portal||xxx-vc.tenet.ac.za||Client connection to VidyoManager|
|TCP Port 17990||SCIP: Outbound to Portal||xxx-vc.tenet.ac.za||Client connection to VidyoRouter|
|UDP Ports 50,000 – 65,535||RTP/sRTP/RTCP: Bi-Directional
|Audio and Video Media from
participants (6 ports per participant). RTP and RTCP pair for each
audio, video, and data collaboration stream
|UDP Timeout||Change from Default (i.e.
0:02:00 2 minutes) to something larger (i.e. 3:00:00 – 3 hrs) to avoid
For the correct substitution for the xxx-vc part of the URLs above please refer to the list of VidyoPortals.
- TENET has set up the Vidyo system for South African higher education and research with ‘Tenant’ areas for each supported organisation. Each organisation has its own VidyoPortal address that can be found here. However, note that all the VidyoPortal addresses resolve to 22.214.171.124.
- Some Firewalls have a UDP default timeout. On the Cisco PIX Firewall, for example, if the UDP timeout is not changed then the call will drop in exactly 2 minutes and the Vidyo client(s) would have to reconnect.
- Many newer Consumer home Firewalls have SPI (Statefull Packet Inspection) active by Default. This may need to be disabled for performance reasons.
If your firewall cannot be opened (or in the meantime your are waiting for it to be opened)
If the firewall cannot be opened, Vidyo should work if you force the use of the Vidyo proxy. In the VidyoDesktop client (or Mobile client), go to Configuration -> Network and tick “always use VidyoProxy”. Please note this option slightly decreases the quality of the connection, and using it by default risks of overloading the available proxy servers. Properly opening the firewall ports should remain the priority option. Opening the ports in this way will help your users have the best Vidyo experience possible.
Using a Web proxy with Vidyo will usually impact on the quality of the call. To avoid performance issues due to Web Proxies inspecting media packets, it is highly recommended to create exceptions (e.g. Bluecoat) or allow DIRECT connections to the Vidyo infrastructure (see details above), bypassing the Web Proxy. In many cases this can be accomplished by simply editing the PAC script.