Technical description of communication
Author: Łukasz Strumiński
Created: Sep 4. Updated: Sep 4.
The Thulium system is available to users as a web application. One of the supported browsers is required for operation.
The user interface uses protocols:
- HTTPS
- WebSocket - https://en.wikipedia.org/wiki/WebSocket
- set of protocols WebRTC - for voice calls - https://en.wikipedia.org/wiki/WebRTC
- Support for these protocols/technologies is completely built into supported browsers. The only requirement in terms of network traffic is that the browser's communication with the system should not be blocked or disrupted.
BASIC COMMUNICATION
Communication from the browser is carried out with the address assigned to the client (domain name: system-name.thulium.com). Connections are established to the standard HTTPS port (TCP/443). All communication is secured by TLS 1.2 or higher.
VOICE CALLS - WebRTC
In the case of browser-based voice calls (using WebRTC), there is additional communication.
WebRTC includes, but is not limited to, protocols/technologies:
- SRTP (https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol) - voice streaming,
- ICE (https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment/STUN) - support for communication through NAT.
In the case of a voice call, there will be communication from the browser to the UDP/16000-20000 ports of the server system-name.thulium.com (SRTP) and, if communication is supported by NAT - to the UDP/19302 port of the stun.l.google.com server. Communication is two-way, initiated on the browser side. When configuring firewall/NAT, allow return/relative outbound UDP traffic within the specified range.
VOICE CALLS - SIP
For voice calls using the VOIP/SIP hardware telephone handset, communication from the handset will be made to the UDP/15060 (SIP) port and to the UDP/16000-20000 (RTP) ports of the system-name.thulium.com server. Communication is two-way, initiated on the telephone side. When configuring firewall/NAT, allow return/relative traffic to outbound UDP traffic within the specified range. Ensure minimum UDP session lifetime on firewall/NAT: 50 seconds.
Important...⚠️
a) Both firewalls, NAT, anti-virus software, proxy servers may try to block or modify communication with the target server. If the aforementioned elements are used, verify that they do not obstruct communication.
b) If VPN, multi-WAN, load-balancing solutions are used, it must be ensured that the browser communicates with the Thulium server all the time via the same route - from the moment the user logs in to the system until he logs out. Changes to the route, especially changes to the user's public IP address during his or her login session, may result in a failure to communicate with the Thulium system.
Share your opinion with us