ncr aloha network configuration guide - texas pos · ncr corporation® 2016 page 1 of 13 ncr aloha...
TRANSCRIPT
NCR Corporation® 2016 Page 1 of 13
NCR Aloha Network Configuration Guide Overview
The network is the key entry point into any server environment where sensitive data is transferred between systems. Maintaining a high level of network integrity is essential for ensuring quality service and effectively managing operational risks.
NCR understands the need for enhanced security measures and designs its line of Aloha Enterprise services and products to work with most firewall or proxy servers you might use, promoting a safer network connectivity environment.
Network Configuration Requirements
The following Hosted Solutions table provides the parameters you need to allow Aloha Enterprise services and products acces s through established firewalls
NCR Hosted Solutions
Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address
Aloha Configuration Center (CFC) v15.6 and below
AeMInStoreProcessor.exe
AeMInStoreService.exe
80 – HTTP
443 – TCP www.configurationcenter.com 206.123.121.72
Aloha Configuration Center (CFC) v16.4 and above
AeMInStoreProcessor.exe
AeMInStoreService.exe
80 – HTTP www.configurationcenter.com 206.123.121.72
443 – HTTPS host.configurationcenter.com
dd.configurationcenter.com
38.107.252.69
38.107.252.78
CFC Password Reset 443 – HTTPS https://web.ncrbackoffice.com 38.107.252.120
General Firewall / Router Requirements for AlohaEnterprise.com Services Depending on firewall configuration you may need to add the following addresses/IPs to your router to allow access to the following sites commonly used by our Aloha Enterprise applications. 206.123.121.2 thru 206.123.121.126
NCR Aloha Network Configuration Guide Last Updated: August,28 2016 v16.8
NCR Corporation® 2016 Page 2 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address
CFC Password Reset UAT v15.6 and below
443 – HTTPS https://ppdweb.ncrbackoffice.com 38.107.252.124
CFC Password Reset UAT v16.4 and above
443 – HTTPS https://web.testconfigurationcenter.com
72.249.149.151
Aloha Manager (AM) 80 – HTTP www.configurationcenter.com 206.123.121.72
443 – HTTPS services.configurationcenter.com 38.107.250.156
CFC HR Bridge 443 – HTTPS services.configurationcenter.com 38.107.252.61
CFC UAT v15.6 and below
AeMInStoreProcessor.exe
AeMInStoreService.exe
80 – HTTP
443 – TCP www.testconfigurationcenter.com 72.249.149.146
CFC UAT v16.4 and above
AeMInStoreProcessor.exe
AeMInStoreService.exe
80 – HTTP www.testconfigurationcenter.com 72.249.149.146
443 – HTTPS host.testconfigurationcenter.com
dd.testconfigurationcenter.com
72.249.149.157
72.249.149.158
CFC UAT HR Bridge 443 – HTTPS services.testconfigurationcenter.com 72.249.149.147
Aloha Insight
FTP/FTP Download
AlohaFTP.exe
Alohas.exe
FTP (Passive mode)
21 – TCP
1024-65535 – TCP
FTP (Active mode)
21 – TCP
20 – TCP
Outbound
Outbound
Outbound
Inbound
ftp.alohaenterprise.com
ftp1.alohaenterprise.com
ftp2.alohaenterprise.com
ftpfarm.alohaenterprise.com
archive.alohaenterprise.com
download1.alohaenterprise.com
download2.alohaenterprise.com
download.alohaenterprise.com
webfarm.alohaenterprise.com
archive.alohaenterprise.com
206.123.121.70
206.123.121.70
206.123.121.70
206.123.121.70
206.123.121.71
206.123.121.89
206.123.121.89
206.123.121.90
206.123.121.90
206.123.121.71
Radiant Heartbeat (PollCheck)
Hbaloha.dll
PollCheck.exe
80 – HTTP
80 – TCP
8080 – HTTP
8080 – TCP
443 – HTTPS
esinst.alohaenterprise.com 206.123.121.90
Aloha Insight
Data Warehouse
N/A 1433-UDP
1433-TCP
206.123.121.4
NCR Corporation® 2016 Page 3 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address
Aloha Insight
Web site, Reporting, Document Download, & MemberLink Access
InsightInstall.exe
GenPoll.exe
eGrind.exe
80 – HTTP
80 – TCP
8080 – HTTP
8080 – TCP
443 – HTTPS
4430 – HTTPS
webfarm.alohaenterprise.com
download.alohaenterprise.com
<co name>. alohaenterprise.com
Insight Reporting Range
206.123.121.90
206.123.121.2 thru .126*
Aloha Restore (Heartbeat)
PollCheck.exe
AlohaRestore.exe
443 – HTTPS
80 – HTTP
ssfm.alohaenterprise.com (data transport)
esinst.alohaenterprise.com (software updates)
206.123.121.88 or 38.107.252.20
206.123.121.90
Aloha Loyalty Redirector.exe
9099-TCP In/Outbound
efreq.alohaenterprise.com 206.123.121.92
Aloha Stored Value
Version SV1
StoredValue.Boh.App.exe
StoredValue.Boh.UpdateService.exe
21 – FTPS
443 - HTTPS
sv1ftp.alohaenterprise.com
storedvalue.alohaenterprise.com 38.107.252.80 38.107.252.89
Aloha Stored Value Version G1
ATDDB.exe
GCLegacy.exe
VBOConnect.exe
8080 – HTTP ecard.alohaenterprise.com
vbo.alohaenterprise.com 206.123.121.91
Aloha Stored Value Terminal Edition
N/A 443 – HTTPS storedvalue.alohaenterprise.com 38.107.252.89
Aloha Online
NOTE: the Aloha Online product has dependencies on Command Center and Restaurant Guard.
80 – HTTP/TCP
8082 –HTTP
8082 – TCP
443 – TCP
9880 – TCP
8888 - TCP
4430 – UDP
9888 – UDP
443 – HTTPS
443 – HTTPS
443 – HTTPS
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Outbound
Outbound
Outbound
weborder.alohaenterprise.com
weborder.alohaenterprise.com
weborder.alohaenterprise.com
weborder.alohaenterprise.com
weborder.alohaenterprise.com
weborder.alohaenterprise.com
weborder.alohaenterprise.com
weborder.alohaenterprise.com
api.alohaorderonline.com
adminapi.alohaorderonline.com
*.alohaorderonline.com
206.123.121.25
38.107.252.57
38.107.252.57
206.123.121.75
NCR Corporation® 2016 Page 4 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address
Aloha Guest Manager
GuestManagerFiles.exe
GuestManagerHost.exe
GuestManagerUpdate.exe
GMSettings.exe
DeviceHost.exe
8500 – TCP
80 – HTTP
8095 – TCP
443 – TCP
22769 – UDP
Inbound
Inbound
Inbound
In/Outbound
guestmgr.alohaenterprise.com
webtexting.alohaenterprise.com
206.123.121.25
38.107.252.74
Aloha Update AlohaSuiteInstaller.exe
80 – HTTPS
8080 – HTTPS
443 – TCP
Inbound
Inbound
Inbound
www.radiantupdate.com
alohaupdate.ncr.com
package.alohaupdate.ncr.com
206.123.121.72
Command Center
Whitelisting
Certificate Validation
CMCInst.exe
CMCAgent.exe
CmcSvcWatcher.exe
RadSprtA.exe
Pvnc.exe
Pollcheck.exe
HBProxy.exe
HBPrint.exe
CMCProxy.exe
HBUtil.exe
80 – TCP
8080 – TCP
443 – HTTPS
22 or 80/443 – TCP
9150 – TCP
9151 – TCP
9157 – TCP
11000 – TCP
11001 – UDP
11002 – UDP
9200 – TCP/ UDP
9201 – TCP/ UDP
9202 – TCP/ UDP
9203 – TCP/ UDP
9204 – TCP/ UDP
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
rdf2.alohaenterprise.com
ssh.alohaenterprise.com
crl.godaddy.com
crl.verisign.com
206.123.121.24
206.123.121.27
72.167.18.237
72.167.18.238
72.167.239.237
72.167.239.238
188.121.36.237
188.121.36.238
182.50.136.237
185.50.136.238
50.63.243.228
50.63.243.229
199.7.48.0:20
199.7.71.0:24
199.7.72.0:22
199.7.76.0:24
NCR Corporation® 2016 Page 5 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address
Digital Menu Boards
80 – HTTP
443 – HTTPS
5938 – TCP
Outbound
Outbound
Outbound
www.ncrvitalcast.com
vcserver6.txdigital.com
*.teamviewer.com
nist1-pa.ustiming.org or
time.windows.com or
time.nist.gov
*.ws.symantec.com
*.symcb.com
*.symcd.com
153.69.71.29
219.81.32.122
Resolved by DNS
50.63.202.59 or
23.99.222.162 or
128.138.141.17
Actual IP addresses are subject to change by Symantec
NCR BackOffice Application
80 – HTTP
443 – HTTPS boa.menulink.net 206.123.121.44
NCR BackOffice Installs 80 – HTTP
443 – HTTPS install.ncrbackoffice.com 38.107.252.122
NCR BackOffice Data Service
443 – HTTPS data.ncrbackoffice.com 38.107.252.121
NCR BackOffice HR Bridge
443 – HTTPS secure.menulink.net 38.107.252.126
NCR BackOffice Anywhere
443 – HTTPS anywhere.ncrbackoffice.com 38.107.252.120
NCR BackOffice Integration
443 – HTTPS integration.ncrbackoffice.com 38.107.252.123
NCR Back Office Licensing
10781 – TCP license.menulink.net 64.244.148.153
NCR Back Office Replication
1433 –TCP/UDP
1434 –TCP/UDP (configurable)
NCR Back Office Pulse User Provisioning
(for My Schedule and Mobile Inventory)
443 – HTTPS data.ncrbackoffice.com 38.107.252.121
NCR Corporation® 2016 Page 6 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address
NCR Back Office Pulse User Provisioning
(for My Schedule and Mobile Inventory)
443 – HTTPS anywhere.ncrbackoffice.com 38.107.252.120
NCR BackOffice UAT Application
80 - HTTP
443 - HTTPS lab.menulink.net 38.107.252.47
NCR BackOffice UAT Installs
443 - HTTPS install.ncrbackoffice.com 38.107.252.122
NCR BackOffice UAT Data Service
443 - HTTPS ppdweb.ncrbackoffice.com 38.107.252.124
NCR BackOffice UAT HR Bridge
443 - HTTPS lab.menulink.net 38.107.252.47
NCR BackOffice UAT Anywhere
443 - HTTPS ppdweb.ncrbackoffice.com 38.107.252.124
NCR Endpoint Protection 80 – HTTP
443 – TCP
content.radiantmsp.com
remote.radiantmsp.com
206.123.121.83
38.107.252.22
38.107.252.31
38.107.252.32
NCR Guest Pad 443 — TCP
443 — TCP
In/Outbound
In/Outbound
Client-RU.NCRGuestPad.com
Client.NCRGuestPad.com
38.107.252.68
38.107.252.67
NCR Corporation® 2016 Page 7 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address
NCR Mobile Pay*
*(also see NCR Mobile Pay under Store-Side Solutions)
IMAgent.exe
MPAgent.exe
80 – HTTP
443 – HTTPS
8082 — TCP
9801 – TCP
7893 — TCP
7893 — TCP
7897 — TCP
7896 — TCP
7898 — TCP
7899 — TCP
Internal BOH
Internal BOH
Internal FOH
Internal FOH
Internal FOH
ssfm.alohaenterprise.com
ssfm.alohaenterprise.com
weborder.alohaenterprise.com
esinst.alohaenterprise.com
store.radiantmobileapp.com
www.radiantmobileapp.com
www.ncrpay.com
ncrpaystatus.com
*.paypal.com
crl.godaddy.com
certificates.godaddy.com
crl.starfieldtech.com
certificates.starfieldtech.com
certificates.starfieldtech.com
certificates.starfieldtech.com
certificates.starfieldtech.com
certificates.starfieldtech.com
certificates.starfieldtech.com
certificates.starfieldtech.com
IMAgent
Mobile Pay BOH Service
Mobile Pay Process
FOH Activity Intercept
FOH Print Intercept
206.123.121.88
38.107.252.20
206.123.121.25
38.107.252.90
38.107.252.90
38.107.252.90
206.123.121.41
23.21.213.53
Resolved by DNS
72.167.18.237
72.168.18.238
72.167.239.237
72.167.239.238
188.121.36.237
188.121.36.238
182.50.136.237
182.50.136.238
50.63.243.228
50.63.243.229
NCR Patch Management 80 – HTTP
443 – TCP
content.radiantmsp.com
remote.radiantmsp.com
206.123.121.83
38.107.252.22
38.107.252.31
38.107.252.32
Pulse IMAgent.exe
PulseAgent.exe
21 – TCP
21 – FTPS
443 – TCP
443 - HTTPS
9801 – TCP
Outbound
www.radiantmobileapp.com
store.radiantmobileapp.com
www.radiantmobileapp.com
pif.radiantmobileapp.com
38.107.252.90
38.107.252.90
38.107.252.90
38.107.252.86
NCR Corporation® 2016 Page 8 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address
Quest
80 – HTTP/TCP
8884
8885 – TCP
8890 – UDP
206.123.121.50 thru .59
Restaurant Guard 443 – HTTPS
80 – HTTP
ssfm.alohaenterprise.com (data transport)
esinst.alohaenterprise.com (software updates)
restaurantguard.com
ns1.alohaenterprise.com
ns2.alohaenterprise.com
root.alohaenterprise.com
206.123.121.88 or 38.107.252.20
206.123.121.90
206.123.121.87
Store-Side Solutions
Application Program/Feature Exceptions
Port/Protocol Direction URL / Purpose IP Address
Aloha CAP StoreActivityRecorder.exe 8195 – TCP/ UDP Inbound Store Activity Recorder
Aloha EDC EdcSvr.exe Edc.exe
443 TCP/ UDP Inbound Electronic Data Capture Internet-based credit card authorizations
NCR Corporation® 2016 Page 9 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions
Port/Protocol Direction URL / Purpose IP Address
Aloha POS v7.0 and later
Default Base Port=49214
(Configurable use Base Port + 1-5, 7, 8)
CtlSvr.exe
RfsSvr
Iber.exe
Iberqs.exe
AlohaAlertEngine.exe
49214 – UDP
49215 – TCP
49216 – UDP
49217 – DCP
49218 – TCP
49219 – UDP
49221 – TCP
49222 – UDP
12345 – UDP
12346 – UDP
445 – TCP/UDP
60050 – TCP
8019 – TCP
9018 – TCP
1333 UDP
135 – TCP/UDP
139 – UDP/TCP
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Base Port\Discovery
Front of House
Front of House
Discovery
CtlSvr
CtlSvr
RFS
RFS
Discovery
Discovery
Front-of-House/Back-of-House
RFS File Sharing
Alerts Engine
Databus communication
Term to Term / Term to BOH
communication
DCOM for Aloha Connect (3 rd Party)
Aloha Connect remote calls
Aloha RFS RfsSvr.exe 60050 – UDP/TCP
Remote File System is part of the Aloha POS communication framework (override with "RFSPORTNUMBER" in Aloha.ini)
Aloha Transaction Gateway
AlohaTransactionGateway.exe
ATGHelperService.exe
8899 –TCP/UDP
7788 –TCP
8887 – TCP/UDP
8889 – TCP
45888 – UDP
10000 and above
Inbound BOH
Inbound BOH
Inbound BOH
Inbound BOH
Inbound BOH
Inbound BOH
.NET remoting on site controller
.NET remoting on the client
REST services within Iber
REST services hosted by ATG
Service Discovery as part of multicast group 230.134.226.241
Dynamically assigned thru .NET Remoting
NCR Corporation® 2016 Page 10 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions
Port/Protocol Direction URL / Purpose IP Address
Aloha Kitchen AlohaKitchen.exe
1221 – UDP
1222 – TCP
1333 – UDP
9090 – TCP
9088 – TCP
11011 – UDP
13555 – TCP
14770 – TCP
FOH/BOH
FOH/BOH
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
AK Databus Discovery Broadcast
/Multicast over 225.0.0.37
Kitchen Databus Communication
Broadcast/Multicast over 225.0.0.37
AK Databus UDP Discovery
Default Kitchen service port
Broadcast /Multicast over 225.0.0.37
Default Kitchen Interface port
AK Broadcast Mgr Discovery Port
AK File Sharing port
BOH AK Instance
Aloha Licensing 37420 — TCP
37421 — TCP
Port to connect to the Aloha Licensing server.
Aloha Mobile*
*Aloha Mobile Versions 12.1.7 - Current
80 – TCP
5353 – UDP
5656 – UDP
7004 – UDP
7787 – TCP
7788 – TCP
8896 – TCP
8897 – TCP
8898 – TCP
8899 – TCP
1024-65535 TCP
24999 – TCP
25000 – UDP
7005 – TCP
7017 – TCP
10000 – TCP
22 – TCP
Inbound
Inbound
Inbound
System Center
System Center
System Center
System Center
Aloha Transaction Gateway
Aloha Transaction Gateway
iOS communication
iOS communication
Aloha Mobile Monitor
Aloha Mobile Monitor
OM 7 communication (in cradle)
Orderman7/SOL communication
Orderman7/SOL communication
Orderman7 communication
Orderman7 communication
OM7 Base station4 communication
OM7 Multi-SvcCradle communication
NCR Corporation® 2016 Page 11 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions
Port/Protocol Direction URL / Purpose IP Address
System Center 2 (Orderman)
Bonjour (service name)
scservice.exe
5353 – TCP
5353 – UDP/mDNS
80 – TCP
80 – HTTP
7005 – TCP
Inbound
In/Outbound
In/Outbound
In/Outbound
Outbound
Orderman Device Discovery
Orderman Device Discovery
Configuration UI - OMB4 and
OM7 Service Station
Configuration of OM7
Localhost
Localhost
Aloha SPY 3999 – TCP Surveillance security interface (override with "ALOHASPYPORT" environment variable)
Aloha Takeout
Radiant.Hospitality.AlohaToGo.exe
ServiceHost.exe
1478 - UDP
2478 - TCP
8020 – HTTP/TCP
8021 – TCP
8030 - TCP
8040 - TCP
9020 – HTTP/TCP
9021 – TCP
9600 – TCP
10550 – TCP
10551 – TCP
1221 – UDP
1222 – TCP
21769 – UDP
32768 – HTTP/TCP
32769 - TCP
In/Outbound
In/Outbound
Inbound
Inbound
In/Outbound
In/Outbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
Inbound
In/Outbound
In/Outbound
ATO Databus Discovery Port
ATO Databus Communication
Primary/Master ATO service ports
BOH ATO-ATG/Loyalty Comm.
FOH ATO-ATG/Loyalty Comm.
Primary/Master ATO service ports
Aloha Kitchen Interface for ATO
(ATO v1.1, v1.2.19 and earlier)
Intercept remoting ports
Intercept remoting ports
Aloha Kitchen discovery port for ATO (ATO v1.2.20 and later)
Kitchen Databus Communication
Broadcast/Multicast over 225.0.0.37
Service discovery port
Primary/Master ATO Client Ports
OrderPoint! RSSEngine.exe
135 – RPC
1801 – TCP
1801 – UDP
2101 – RPC
2103 – RPC
2105 – RPC
3527 – UDP
Message Queuing
NCR Corporation® 2016 Page 12 of 13
NCR Aloha Network Configuration Guide
Application Program/Feature Exceptions
Port/Protocol Direction URL / Purpose IP Address
Aloha UPI 55055 – TCP TCP/IP interface to Universal Payment Interface (override with "REMOTEPORT" in Edc.ini)
Remote Auto Loader (RAL)
AlAdmSvr.exe
AlhAdmin.exe
11000 –TCP/UDP
11001 –TCP/UDP
11002 –TCP/UDP
11003 –TCP/UDP
Socket Listen
Multicast Listen
Multicast Send
Discovery Broadcast
©2016 NCR Corporation – All rights reserved. The information contained in this publication is confidential and proprietary, and may not be reproduced or disclosed to othe rs.
NCR Aloha Network Configuration Guide
Proxy Server Considerations
A proxy server acts as a gateway between two networks, such as a company network and the Internet. Proxies block direct acces s between networks, which makes it much more difficult for intruders to obtain private network information. Proxies may also cache Web pages; sto ring a temporary copy locally, which increases network performance.
In general, the Aloha Enterprise line of products allows traffic through a proxy server, without additional configuration requirements. The MenuLink application, which is a very robust, comprehensive solution, supports proxy access with minor proxy server configuration.
MenuLink version 5.9 and later support access using key proxy configuration settings. Because the majority of MenuLink content is dynamic, and not suitable for caching, it would be feasible to exclude MenuLink traffic from the proxy. To this end, you need to modify the In ternet Explorer proxy options to exclude MenuLink remoting traffic.
To exclude NCR BackOffice remoting traffic from the proxy server:
1. Select Tools > Internet Options from the Internet Explorer main
menu.
2. Click the Connections tab.
3. Click LAN Settings.
4. Select the Use a proxy server for your LAN check box.
5. Click Advanced.
6. Under ‘Exceptions,’ type the URL you want to exclude from the
proxy (e.g., http://boa.menulink.net/<companyname>).
This excludes the remoting traffic from the proxy, but still allows code updates and other essential traffic.
When you are finished making changes, click OK until you return to
Internet Explorer.