Teradek User Guide

Network communication requirements for using Self-hosted and Cloud Hyperion servers with Core

Updated

Overview

The tables below list the inbound / incoming and outbound / outgoing network connection requirements for using a self-hosted Hyperion server with the Core management system.

This covers the necessary ports and protocols needed for the following:

  • Teradek encoder and app communication with the Hyperion server, as well as inbound video streaming to the Hyperion server.
  • Teradek decoder communication with the Hyperion server, as well as decoders, apps or software clients to pull down the MPEG Transport Stream or SRT video hosted from the Hyperion server.
  • Outgoing ports needed for a Hyperion server to send out video streams over RTMP or RTMPS to destinations like Facebook Live or YouTube Live, or over MPEG Transport Stream or SRT.
  • Outgoing ports needed for a Hyperion server to communicate with the Core management system.

 

Inbound Network Connections

Inbound connections originate from outside the Hyperion server, and arrive at the Hyperion server on the indicated port.

If the self-hosted Hyperion server is behind a firewall, the necessary ports will need to be forwarded to the internal, private IP address of the Hyperion server.

 

  • 22 (TCP) [optional] : SSH access to the Hyperion server; this is optional and not required in any way for operation with Core. This is under user control, and is recommended that it is disabled unless proper security measures are in place for your self-hosted Hyperion server.
  • 443 (TCP) [optional] : HTTPS communication for HLS preview streams. Requires special configuration and use of a TLS/SSL certificate specific to that server.
  • 1957 (TCP) [optional] : HTTP communication with the Hyperion Dashboard / Web User Interface (Web UI). This is optional and not required for operation with Core, as all device control is done through the Core Dashboard.
  • 1958 (TCP) [optional] : HTTPS communication with the Hyperion Dashboard / Web User Interface (Web UI). This is optional and not required for operation with Core, as all device control is done through the Core Dashboard.
  • 5111 (TCP) [REQUIRED] : Communication port used by Teradek encoders and decoders to register with the Hyperion server. Also used as the inbound video port from Teradek encoders and streaming apps (Live:Air Action or Live:Air Solo).
  • 5111 (UDP) [REQUIRED] : Inbound video port used by Teradek encoders capable of using the UDP protocol for streaming video to a Hyperion server.
    • Streaming with the UDP protocol is available on a Cube + Bond (original), Bond II, Bond Pro, or 600 / 700 / 800 series encoders, and the streaming protocol is changed from the default TCP to UDP.
    • This does not apply to a standalone Cube (1st or 2nd gen), Slice encoder (1st gen), T-RAX encoder, or apps.
  • 5200-5299 (TCP) [optional] : Video ports registered by the Core management system to allow hardware decoders, software decoders (e.g. VLC Media Player, vMix or Wirecast) , or Teradek apps (Core TV, Core app for iOS, or VUER) to pull down the video stream directly from a Core-controlled Hyperion server using the MPEG-TS protocol over TCP.
    • MPEG-TS is used as the default stream output by default (the checkbox for Secure Streaming is not selected).
    • If MPEG-TS video streams are not being pulled down by remote decoders (e.g. only outbound RTMP or SRT streaming is being pushed out to remote destinations), these ports are optional.
  • 5500-5599 (UDP) [optional] : Video ports registered by the Core management system to allow decoders or remote sources to pull down the video stream directly from a Core-controlled Hyperion server using the SRT protocol over UDP.
    • SRT is used for the stream output instead of MPEG-TS when an encoder in Core is placed in the Secure Streaming mode.
    • If SRT video streams are not being pulled down by remote decoders (e.g. only outbound RTMP or SRT streaming is being pushed out to remote destinations), these ports are optional.
  • 5600-5699 (TCP) [optional] : Video ports registered by the Core management system to allow decoders or remote sources to pull down the video stream directly from a Core-controlled Hyperion server using the RTSP/RTP protocol over TCP.
    • RTSP/RTP is shown as a stream output (in addition to MPEG-TS when an encoder in Core is placed not in the Secure Streaming mode.
    • If RTSP/RTP video streams are not being pulled down by remote decoders or software clients (e.g. only outbound RTMP or SRT streaming is being pushed out to remote destinations), these ports are optional.
  • 8643 and 7011 (TCP) : For Prism to connect.

 

Outbound Network Connections

Outbound connections are initiated by the Hyperion server, and arrive at the remote destination on the indicated port.

If firewalls are in place that block outbound traffic, the necessary ports need to be allowed for outbound connectivity to ensure proper communication with the Core management system and  streaming to different destinations.

If firewalls are in place with content filtering, those content filters may block access to some sites categorized as related to social networking; content filter restrictions would need to be removed for the Hyperion server to be able to send out RTMP/RTMPS streams to those destinations.

  • 80 (TCP) : Upgrades of the Hyperion server by the Core management system. This same port is also used for RTMP streams sent over port 80 to Periscope Live, but the destination addresses will be for Periscope's streaming servers.
  • 443 (TCP) : Software upgrades of the Hyperion server, as well as command/control communication to the Core management system. Also used for RTMPS streams to Facebook Live, but the destination addresses will be for Facebook's streaming servers.
  • 1935 (TCP) : RTMP streams sent to common online video platforms / CDNs like YouTube Live or Akamai. If RTMP streaming is not being used (e.g. only streaming between encoders and decoders), this port is optional.
    • NOTE if RTMP streams are being sent to a third party device, server or hosted service on a port other than the default 1935, that port would likewise need to be permitted through any outbound firewalls that are filtering traffic based on the destination port.
  • 6000 (TCP) : Additional communication channel between the Hyperion server and the Core management system.
  • 7000 (TCP) : Transfer of recorded video archives from the Hyperion server to the Core management system / archive repository.
  • 7001 (TCP) : Additional communication channel between the Hyperion server and the Core management system (required as of Hyperion Core Client version 2.3.0 and later).
  • 7002 (TCP) : Additional communication channel between the Hyperion server and the Core management system (required as of SHyperion Core Client version 2.3.0 and later).
  • 9710 (TCP) : MPEG Transport Streams sent over the TCP protocol; this port is configurable in the Core system, so if you're sending to a different port this must be allowed by any outbound firewalls.
    • If you're not using outbound MPEG-TS streaming (e.g. only using outbound RTMP or RTMPS, or using MPEG Transport Stream or SRT pulled down directly from the Hyperion server) then this port is optional.
  • 9710 (UDP) : MPEG Transport Streams or SRT streams sent over the UDP protocol; this port is configurable in the Core system, so if you're sending to a different port this must be allowed by any outbound firewalls.
    • If you're not using outbound SRT or MPEG-TS streaming (e.g. only using outbound RTMP or RTMPS, or using MPEG Transport Stream or SRT pulled down directly from the Hyperion server) then this port is optional.
  • 30443 (TCP) : TLS-secured communication channel for real-time logging between the Hyperion server and the Core management system (logbay.teradek.com)
Previous Articles How to update the server in order to migrate to the new Core 3.0 Plan?
Next Articles Network communication requirements for using On Demand Hyperion servers in Core