Home »
Analytics Install Guide »
Ports, protocols, and access rights

Ports, protocols, and access rights

Ports, protocols, and access rights#

Overview#

This topic details the ports, protocols, and access rights (including login and permissions) required for Insights to interact with assets and to monitor and collect analytics data. The topic has the following sections:

Ports
Permissions

Ports#

Source: UC assets/devices#

The table describes the destinations, protocols, and ports for various UC assets/devices sources required for Insights to interact with assets and to monitor and collect analytics data:

Source	Destination	Protocol	Port
UC Assets/Devices
Cisco UC / CUBE (Syslog, CDR/CMR)	Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	TCP/UDP	22, 514
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	Cisco UC / CUBE (AXL, SNMP query, and SSH)	TCP/UDP	22, 161, 162, 443, 8443
Cisco UCCE (CVP, Finesse, CUIC, VVB, PG/HDS/Roggr/Logger) (SNMP traps)	VOSS Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	TCP/UDP	161, 162
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	Cisco UCCE (CVP, Finesse, CUIC, VVB, PG/HDS/Roggr/Logger) (read-only SNMP query)	TCP/UDP	161, 162
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	Cisco UCCE (Finesse) (read-only API query)	HTTPS	8443, 443
Cisco Analog Gateways (SNMP trap)	Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	UDP	161, 162
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	Microsoft Teams	HTTPS, Graph API	443
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	Cisco WebEx Calling DI	HTTPS, AXL API & RIS API	443
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	AudioCodes Mediant Session Border Controllers (SNMP query, API)	TCP/UDP	161, 162, 443
AudioCodes Mediant Session Border Controllers (SNMP traps)	Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	UDP	161, 162

Source: Other applications#

The table describes the destinations, protocols, and ports for various other applications (non-UC assets/devices sources) required for Insights to interact with assets and to monitor and collect analytics data:

Source	Destination	Protocol	Port
Other Applications
Insights Dashboard Server (Cloud)	Microsoft Active Directory LDAP Server	LDAPS	TCP 636
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	Microsoft Active Directory LDAP Server	LDAPS	TCP 636
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	Mail Server (SMTPS)	SSL/TLS	TCP 465/587
Insights Arbitration servers (on-premises in Equinix DC EU, APAC, AMER)	ServiceNow	HTTPS	TCP 443

Permissions#

The table describes applications and their access rights (including login and permissions) required for Insights to interact with assets and to monitor and collect analytics data.

Application	Permissions
Cisco UC / CUBE / Cisco WebEx DI	Configure the appropriate Cisco UC device: To forward SNMP trap to the local Insights Arbitration servers Syslog settings to direct log messages Forward CDR to the local VOSS Insights Arbitration servers Create SNMPv2 or SNMPv3 connection string System user with read-only access and Standard AXL API Access role
Cisco UCCE	Create a system user on UCCE Finesse to enable Insights to execute Finesse API. The role that is applied to the system user should include: “Read Only Agent Data” “Read Only Queue Data” privileges
Cisco Analog Gateways	Forward SNMP trap to the local Insights Arbitration servers
AudioCode Mediant eSBC	Configure the appropriate eSBC device: To forward SNMP traps to the local Insights Arbitration servers Create SNMPv2 or SNMPv3 connection string Syslog settings to direct log messages Read-only System user with API access for system monitoring

Application

Permissions

Microsoft Teams

The following credential info is required:

Application (client) ID
Directory (tenant) ID
Client secret Value

The following permissions need to be granted for the application:

AuditLog.Read.All
CallRecord-PstnCalls.Read.All
CallRecords.Read.All
Device.Read.All
DeviceManagementApps.Read.All
DeviceManagementConfiguration.Read.All
DeviceManagementRBAC.Read.All
DeviceManagementServiceConfig.Read.All
Directory.Read.All
Group.Read.All
GroupMember.Read.All
Organization.Read.All
OrgSettings-Microsoft365Install.Read.All
OnlineMeetings.Read.All
Reports.Read.All
ServiceHealth.Read.All
ServiceMessage.Read.All
Team.ReadBasic.All
TeamsActivity.Read.All
TeamSettings.Read.All
TeamworkAppSettings.Read.All
TeamworkDevice.Read.All
TeamworkTag.Read.All
User.Read.All
User.ReadBasic.All
VirtualEvent.Read.All

Application

Permissions

SMTP server

A dedicated service account to be utilized by Insights with the following minimum necessary permissions to:

Send Email
Relay Access (if applicable)
Send As/On Behalf Of (optional but recommended for improved security)
Create a user group that the mail can be sent to.

ServiceNow

A dedicated service account with a role like:

rest_service

Note

These are the minimum permissions required. Additional permissions may be required based on specific use case.