AT&T Office@Hand Network Updates
Article #12242
- IP supernets
- Common cloud services
- Endpoint guidelines
- AT&T App – web, desktop, and mobile
- AT&T Video App – web, desktop, and mobile
- AT&T Webinar
- AT&T Video Rooms
- AT&T Video with Room Connector
- AT&T Phones – desk, conference, and cordless
- AT&T Softphone App – desktop
- AT&T Softphone App – mobile
- AT&T SMS
- AT&T Archiver
- Application Programming Interface
- SIP trunks
- Communication integration services
- AT&T cloud IP addresses for on-premises Microsoft Exchange server
- Domain Name Service (DNS)
- Network Address Translation (NAT)
- Security software
- Quality of Service guidelines
- VLAN configuration guidelines
There are incoming updates to the AT&T Office@Hand networking requirements which may require adjusting the Access Control List rules of your network firewall. In order to maintain service please ensure the following Fully Qualified Domain Names (FQDNs) and hostnames/IP addresses are whitelisted for the indicated Office@Hand devices, applications, and services (unless not used).
Addresses are highlighted to indicate updates.
This document only shows partial information of AT&T Office@Hand Network requirements. For the complete details, go to AT&T Office@Hand Network Requirements.
1. IP Supernets
The supernets (concatenated subnets) in Table 1.1 are advertised by the AT&T Office@Hand cloud using the BGP routing protocol to support Unified Communication Services over the internet. These networks can be used to connect to the AT&T cloud over the internet:
| Table 1.1 – IP Supernets |
| Advertised IP Supernets |
- 66.81.240.0/20
- 80.81.128.0/20
- 103.44.68.0/22
- 103.129.102.0/23
- 104.245.56.0/21
- 185.23.248.0/22
- 192.209.24.0/21
- 199.68.212.0/22
- 199.255.120.0/22
- 208.87.40.0/22
|
Additional requirements apply for enterprises with private connections to the AT&T cloud. Contact AT&T Support for more information.
To ensure that unified communication services operate correctly, your enterprise network must accept the supernets at all locations where unified communication services are used.
The enterprise network must use the supernets for:
- Configuring firewall rules for signaling and media ports.
- Configuring DSCP markings in IP packet headers according to the Quality of Service Guidelines.
- Selectively disabling Layer 7 device functions, such as Deep Packet Inspection for UDP traffic to and from the unified communication cloud.
2. Common cloud services
You may need to whitelist the destination ports in Table 2.1 for all of your enterprise firewalls and web proxies. Whitelisting these ports allows devices and applications to access supporting cloud services, domain names, and IP addresses.
You should whitelist only the set of services that you need. For example, if you don’t use the Analytics portal in Europe, you need not whitelist the analytics.ringcentral.eu domain.
The domains that resolve to supernet addresses (indicated as yes in column 3 of Table 2.1) do not need to be whitelisted, provided that the supernets are whitelisted in the tables in the endpoint section.
You must always whitelist the following domains:
- The AT&T company website, which provides general information about RingCentral and its products, and does not require sign in.
- The Service status portal, which provides an overview of AT&T’s unified communication service availability.
- The customer support domain, which provides access to resources for phone and app installation and configuration, release notes, community discussions, and escalations.
- AT&T Discovery service API, which:
- Allows client applications to dynamically discover the correct .com and .biz API domains before users log in.
- Points to the login process service. After the Login service authenticates an administrator or user, the Discovery service API uses configured account data to determine the appropriate API domain.
- The Account federation management portal, which is only used when a customer has multiple accounts that are federated.
- Service Web portal, which provides access to unified communication administration services.
- The AT&T Administrator/User Account portal, which authenticates administrator and user access to underlying communication and administration services.
- The Analytics portals, which provide account administrators with unified communication service performance data. This data can help administrators understand the current state of the system and troubleshoot specific issues.
- The Administrator/User account portal, Service Web portal, and Analytics portals may be country- or region-specific for compliance purposes. For example, domains that end in .eu refer to non-UK Europe.
AT&T Office@Hand Domains and IP Addresses
AT&T Office@Hand uses these networks globally for call servers, media services, route announcements, and auxiliary services, like telephone provisioning and network time. It is highly recommended to permit all these networks at all enterprise locations for the specific regions.
| Table 2.1 – Common cloud services |
| Purpose |
Application Protocol |
Domain name/IP address |
Resolves to Supernet address? (Yes/No) |
Destination Ports |
| Company Website |
HTTPS |
www.business.att.com |
No |
TCP\443 |
| Service status portal |
HTTPS |
status-officeathand.att.com |
No |
TCP\443 |
| Customer support |
HTTPS |
www.business.att.com/support |
No |
TCP\443 |
| Discovery service API |
HTTPS |
discovery.ringcentral.biz |
Yes |
TCP\443 |
| Account federation management portal |
HTTPS |
accounts-officeathand.att.com |
Yes |
TCP\443 |
| Service Web portal |
HTTPS |
service-officeathand.att.com |
Yes |
TCP\443 |
| Administrator/User account login portal |
HTTPS |
login-officeathand.att.com |
Yes |
TCP\443 |
| Analytics portal |
HTTPS |
analytics-officeathand.att.com |
No |
TCP\443 |
3. Endpoint guidelines
The next sections provide endpoint-specific tables for domain names, supernets, and a range of cloud destination ports for various AT&T endpoints (e.g. app, hardphones, etc.). These tables must be administered in an enterprise firewall to allow endpoint access to AT&T’s unified communication services.
Note the following endpoint table guidelines for firewall and web proxy configuration:
- The AT&T cloud does not initiate any session toward customer endpoints. All sessions are initiated from an endpoint toward AT&T’s cloud communication services. For this reason, destination ports are indicated in each section’s endpoint tables. These tables do not specify source ports, since source ports are dynamically selected by the operating system, and their ranges are operating system-dependent.
- Each section’s tables provide modular sets of requirements for firewall control to support different deployment combinations of AT&T endpoints. For this reason, a table is provided for each type of endpoint. Consequently, some rows may be duplicated across different tables in various sections. For example, in the AT&T app and the AT&T Video app section’s tables. In principle, firewall rules need to be applied only once for deployed endpoints that have the same row content.
- In creating your firewall configurations, you need only apply the tables for the endpoints that you actually use. For example, if you don’t use hardphones, you may ignore the hardphone section. Similarly, if you don’t use an app’s desktop or mobile version, you need not whitelist it.
- Rows in the port table are generally ordered from highest QoS traffic priority (media) to lowest QoS traffic priority (supporting data service).
- You may use the mobile version of the AT&T app on a mobile operator network or a private or public WiFi network. On a mobile operator network or a public WiFI network, traffic does not traverse a private enterprise network to AT&T communication services, so firewall configuration is irrelevant. The appropriate tables must be administered in the enterprise firewall on a private WiFi network (such as a private wired enterprise network).
4. AT&T App – web, desktop, and mobile
| Table 4.1 – AT&T App – web, desktop, and mobile |
| Purpose |
Application Protocol |
Domain name/IP address |
E5F1F6 |
|
Media/media secured
and media access control
|
RTP/SRTP (DTLS)
and STUN |
IP supernets |
UDP\20000-64999
and UDP\19302
|
| Signaling – mobile app |
SIP/TCP |
IP supernets |
TCP\5091 |
| Signaling secured – mobile app |
SIP/TLS |
IP supernets |
TCP\5097 |
| Signaling secured – mobile app |
SIP/WSS/TLS |
IP supernets |
TCP\443 |
| Signaling secured desktop and web app |
SIP/WSS/DTLS |
IP supernets |
TCP\8083 |
| IOVATION SDK for two-factor login |
HTTPS |
mpsnare.iesnare.com
ringcentral.112.2o7.net
|
TCP\443 |
| Application file upload and download |
HTTPS |
glip-prod-biz-us-east-1-core-data.s3.amazonaws.com glip-prod-biz-us-east-1-core-data.s3-accelerate.amazonaws.com |
TCP\443 |
| Log file upload |
HTTPS |
www.filestackapi.com |
TCP\443 |
| Application service API |
HTTPS |
*.ringcentral.biz |
TCP\443 |
| Messaging service API |
HTTPS |
glip.ringcentral.biz |
TCP\443 |
| Messaging content support |
HTTPS |
api.giphy.com
media0.giphy.com
media1.giphy.com
media2.giphy.com
media3.giphy.com
media4.giphy.com
i.embed.ly
|
TCP\443 |
| Presence status, call log notifications, and voicemail notifications |
HTTPS |
ringcentral.pubnubapi.com
ringcentral-0.pubnubapi.com
ringcentral-1.pubnubapi.com
ringcentral-2.pubnubapi.com
ringcentral-3.pubnubapi.com
ringcentral-4.pubnubapi.com
ringcentral-5.pubnubapi.com
ringcentral-6.pubnubapi.com
ringcentral-7.pubnubapi.com
ringcentral-8.pubnubapi.com
ringcentral-9.pubnubapi.com
|
TCP\443 |
|
Android app push notifications –
mobile app*
|
HTTPS |
mtalk.google.com |
TCP\443, 5228, 5229, 5230 |
|
iOS app push notifications –
mobile app
|
HTTPS |
api.push.apple.com |
TCP\443, 2197, 5223 |
| Software and provisioning updates |
HTTPS |
*.cloudfront.net |
TCP\443 |
Help
(lower left corner of the app, covers help and video content) |
HTTPS |
community.ringcentral.com
*.demdex.net
*.coveo.com
*.vimeo.com
*.akamaized.net
www.youtube.com
js-agent.newrelic.com
bam.nr-data.net
cdn.cookielaw.org
|
TCP\443 |
| RingCentral Video App – web, desktop, and mobile |
Refer to Table 5.1 |
* For reliable connectivity and reduction of battery consumption, implement a 30-minute or larger timeout for Network Address Translation (NAT) or Stateful Packet Inspection (SPI) for connections over ports 5228-5230.
5. AT&T Video App – web, desktop, and mobile
- Read the Endpoints guidelines about the duplicated rows you’ll find in AT&T App Table 4.1 and the AT&T Video App Table 5.1.
- The statistics collector publishes detailed statistics about calls. The Analytics Portal Table 2.1 uses a subset of the data extracted by the statistics collector.
- You don’t need to whitelist the RCV web client application if you’re only using the desktop and mobile versions of the RCV app.
- You should whitelist the network connectivity test application to allow Video App users to test their network connections.
| Table 5.1 – AT&T Video App – web, desktop, and mobile |
| Purpose |
Application protocol |
Domain name/IP address |
Detonation port |
| Media secured |
SRTP |
IP supernets |
UDP\10001-10010
(default)
TCP\443 (when UDP is not available – should not be used regularly, as it can affect voice quality)
|
| Signaling secured |
HTTPS/WSS/TLS |
IP supernets |
TCP\443 |
| Application service API |
HTTPS |
v.ringcentral.com |
TCP\443 |
| Parser configuration for meeting link verification for mobile phones |
HTTPS |
media.ringcentral.biz |
TCP\443 |
| Connect platform API |
HTTPS |
api-meet.ringcentral.biz |
TCP\443 |
| Statistics collector |
HTTPS |
edr.ringcentral.biz |
TCP\443 |
| Presence status, call log notifications, and voicemail notifications |
HTTPS |
ringcentral.pubnubapi.com
ringcentral-0.pubnubapi.com
ringcentral-1.pubnubapi.com
ringcentral-2.pubnubapi.com
ringcentral-3.pubnubapi.com
ringcentral-4.pubnubapi.com
ringcentral-5.pubnubapi.com
ringcentral-6.pubnubapi.com
ringcentral-7.pubnubapi.com
ringcentral-8.pubnubapi.com
ringcentral-9.pubnubapi.com
|
TCP\443 |
| Application configuration |
HTTPS |
downloads.ringcentral.biz |
TCP\443 |
| Application download and update |
HTTPS |
app.ringcentral.biz |
TCP\443 |
| Feature enablement control |
HTTPS |
*.launchdarkly.com
app.launchdarkly.com
events.launchdarkly.com
clientstream.launchdarkly.com
mobile.launchdarkly.com
|
TCP\443 |
| Network connectivity test application – part of RCV App |
HTTPS |
rcv.testrtc.com
which uses:
api.nettest.testrtc.com
kong.testrtc.com
*.turn.testrtc.com
*.speed.testrtc.com
|
TCP\443
UDP\443
|
6. AT&T Webinar
AT&T Webinar relies on two clients:
- Webinar host client: Used by a webinar session’s host, cohosts, and panelists.
- Webinar attendee client: Used only by webinar attendees.
For both clients, apply the whitelistings from Table 6.1 when configuring your enterprise firewall.
Note:
- AT&T Webinar is based on AT&T Video.
- If you’ve already whitelisted Cloudfront for the AT&T App – web, desktop, and mobile, you need not whitelist it again.
| Table 6.1 – AT&T Webinar host client and attendee client |
| Purpose |
Application protocol |
Domain name/IP address |
Destination Ports |
| AT&T Video |
Refer to Table 5.1 |
| Fetch webinar session live streaming media segments |
HTTPS |
*.cloudfront.net |
TCP\443 |
7. AT&T Video Rooms
| Table 7.1 – AT&T Video Rooms |
| Purpose |
Application Protocol |
Domain name/IP address |
Destination ports |
| Media secured |
SRTP
SRTP
|
IP supernets
IP supernets
|
UDP\10001-10010 (default)
TCP\443 (Use only if UDP is not available. Should not be used regularly, as it affects voice quality.)
|
| Signaling secured |
HTTPS |
IP supernets |
TCP\443 |
| SIP registration service |
HTTPS/TLS |
*.ringcentral.biz |
TCP\8085-8090 |
| Rooms host device |
HTTPS |
Internal enterprise assigned private IP address
(no WAN firewall traversal) |
TCP\9520-9530 |
| Login portal |
HTTPS |
meetings.officeathand.att.com |
TCP\443 |
| Notifications |
HTTPS |
ringcentral.pubnubapi.com
ringcentral-0.pubnubapi.com
ringcentral-1.pubnubapi.com
ringcentral-2.pubnubapi.com
ringcentral-3.pubnubapi.com
ringcentral-4.pubnubapi.com
ringcentral-5.pubnubapi.com
ringcentral-6.pubnubapi.com
ringcentral-7.pubnubapi.com
ringcentral-8.pubnubapi.com
ringcentral-9.pubnubapi.com
|
TCP\443 |
| Software and provisioning updates |
HTTPS |
*.ringcentral.biz |
TCP\443 |
8. AT&T Video with Room Connector
You must whitelist the relevant region-independent domain name. Domain names need only be whitelisted when a Room Connector is used in the indicated region.
| Table 8.1 – AT&T Video with Room Connector |
| Purpose* |
Application protocol |
Domain name/IP address |
Destination ports |
| Media |
RTP/SRTP |
IP supernets |
UDP\10001-10010 |
| Signaling |
SIP |
rcvsip.biz
att.rcvsip.biz
|
UDP\5060 or
TCP\5060
|
| Signaling secured |
SIP/TLS |
rcvsip.biz
att.rcvsip.biz
|
TCP\5061 |
*Customer video devices determine whether connectivity is secured or unsecured.
9. AT&T Phones – desk, conference, and cordless
- Some third-party devices, such as the Poly IP7000 speakerphone, do not support signaling or media encryption. Such devices should be avoided in a deployment that requires complete security.
- No separate ports are specified for Busy Lamp Appearance (BLA) since BLA uses the signaling ports and standard SIP NOTIFY packets.
| Table 9.1 – AT&T Phones – desk, conference, and cordless |
| Purpose |
Application protocol |
Domain name/IP address |
Destination port |
| Media and media secured |
RTP/SRTP |
IP supernets |
UDP\20000-64999 |
| Signaling |
SIP |
IP supernets |
TCP\5090, TCP\5099**
UDP\5090, UDP\5099**
|
| Signaling secured |
SIP/TLS |
IP supernets |
TCP\5096, TCP\5098** |
| Network time service |
NTP |
ntp1.ringcentral.biz and ntp2.ringcentral.biz
(within the supernets) |
UDP\123 |
| LDAP directory service |
LDAP |
cd.ringcentral.biz
(within the supernets) |
TCP\636 |
| Poly phone API and provisioning and firmware update |
HTTPS |
API: pp.api.ringcentral.com
Provisioning:
pp.ringcentral.biz
pp-pre.ringcentral.biz
Firmware update:
pp.s3.ringcentral.biz
pp.fw.ringcentral.biz
Platform API:
pp.api.ringcentral.biz
|
TCP\443 |
| Cisco phone API and provisioning and firmware update |
HTTPS |
API: NA
Provisioning:
cp.ringcentral.com
Firmware update:
cp.s3.ringcentral.com
|
TCP\443 |
| Yealink phone API and provisioning and firmware update |
HTTPS |
API: yp.api.ringcentral.com
Provisioning:
yp.ringcentral.biz
yp-pre.ringcentral.biz
Firmware Update:
yp.s3.ringcentral.biz
yp.fw.ringcentral.biz
yp.api.ringcentral.biz
|
TCP\443 |
| Avaya phone API and provisioning and firmware update |
HTTPS |
API: avaya.api.ringcentral.biz
Provisioning:
av.ringcentral.biz
av-pre.ringcentral.biz
Firmware:
av.s3.ringcentral.com
|
TCP\443 |
| Unify phone API and provisioning and firmware update |
HTTPS |
API: unf.api.ringcentral.biz
Provisioning:
unf.ringcentral.biz
unf-pre.ringcentral.biz
|
Provisioning:
TCP\18443
Firmware update:
TCP\443
|
| Mitel phone API and provisioning and firmware update |
HTTPS |
API: mtl.api.ringcentral.com
Provisioning:
mtl.ringcentral.biz
mtl-pre.ringcentral.biz
Firmware Update:
mtl.s3.ringcentral.biz
mtl.fw.ringcentral.biz
Platform API:
mtl.api.ringcentral.biz
|
TCP\443 |
| SNOM phone API and provisioning and firmware update |
HTTPS |
API: NA
Provisioning:
snm.ringcentral.biz
snm-pre.ringcentral.biz
Firmware Update:
snm.s3.ringcentral.biz
snm.fw.ringcentral.biz
|
TCP\443 |
**Ports 5098 and 5099 should be opened for Busy Lamp Appearance only when you’re using line sharing.
10. AT&T Softphone App – desktop
| Table 10.1 – AT&T Softphone App – desktop |
| Purpose |
Application protocol |
Domain name/IP address |
Destination ports |
| Media and media secured |
RTP/SRTP |
IP supernets |
UDP\20000-64999 |
| Signaling |
SIP |
IP supernets |
TCP\5091 |
| Signaling secured |
SIP/TLS |
IP supernets |
TCP\5097 |
| Presence status, call log notifications, and voicemail notifications |
HTTPS |
ringcentral.pubnubapi.com
ringcentral-0.pubnubapi.com
ringcentral-1.pubnubapi.com
ringcentral-2.pubnubapi.com
ringcentral-3.pubnubapi.com
ringcentral-4.pubnubapi.com
ringcentral-5.pubnubapi.com
ringcentral-6.pubnubapi.com
ringcentral-7.pubnubapi.com
ringcentral-8.pubnubapi.com
ringcentral-9.pubnubapi.com
|
TCP\443 |
| Software and provisioning updates |
HTTP/HTTPS |
*.ringcentral.biz |
TCP\80
TCP\443
|
| Platform API for user authentication and call features |
HTTPS |
api-sp.ringcentral.biz |
TCP\443 |
|
Platform API for media services
(for transferring media files: voice recordings, faxes, transcriptions, profile and contact information)
|
HTTPS |
media.ringcentral.biz |
TCP\443 |
| Google services (contacts and calendar) |
HTTPS |
accounts.google.com
www.google.com
www.googleapis.com
|
TCP\443 |
11. AT&T Softphone App – mobile
Note: Table 11.1 pertains to the use of the AT&T mobile softphone app on a WiFi network.
| Table 11.1 – AT&T Softphone App – mobile |
| Purpose |
Application protocol |
Domain name/IP address |
Destination Ports |
| Media |
RTP/SRTP |
IP supernets |
UDP\20000-64999 |
| Signaling |
SIP |
IP supernets |
TCP\5091
UDP\5091
|
| Signaling secured |
SIP/TLS |
IP supernets |
TCP\5097
TCP\443 |
| Signaling (IPv6 client) |
SIP/TLS |
IP supernets |
TCP\5090-5098
TCP\443 |
| SIP registration service |
HTTPS |
*.ringcentral.biz |
TCP\443 |
| Application presence status, call log notifications, and voicemail notifications – used in Android, not in iOS |
HTTPS |
ringcentral.pubnubapi.com
ringcentral-0.pubnubapi.com
ringcentral-1.pubnubapi.com
ringcentral-2.pubnubapi.com
ringcentral-3.pubnubapi.com
ringcentral-4.pubnubapi.com
ringcentral-5.pubnubapi.com
ringcentral-6.pubnubapi.com
ringcentral-7.pubnubapi.com
ringcentral-8.pubnubapi.com
ringcentral-9.pubnubapi.com
|
TCP\443 |
|
Data synchronization with cloud
(e.g., call log info, presence, and voicemails)
|
HTTPS |
api-mob.ringcentral.biz |
TCP\443 |
| Soft clients software and provisioning updates |
HTTPS |
*.cloudfront.net |
TCP\443 |
12. AT&T SMS
The network requirements in Table 12.1 apply to all AT&T apps and the SMS API. AT&T encrypts SMS traffic from the app to the SMS servers and from the servers to the SMS carrier used by AT&T does not encrypt SMS at rest. Note that SMS is not considered a secure communication medium since it is not encrypted in transit by carriers, from a carrier to a recipient device, and on those devices.
| Table 12.1 – AT&T SMS |
| Purpose |
Application protocol |
Domain name/IP address |
Destination ports |
| SMS communication |
HTTPS, TLS 1.2 or greater |
platform.ringcentral.com |
TCP\443 |
13. AT&T Archiver
AT&T Archiver is a cloud-side integration that allows administrators to copy call content to a long-term, enterprise-owned repository. Copied content includes recordings, voicemail, fax, and text messages. Archiver ensures that data is retained for a long time, and that it meets local data residency and regulatory retention requirements. Learn more
| Table 13.1 – AT&T Archiver |
| Purpose |
Application protocol |
Domain name/IP address |
Destination ports |
| Content archiving |
HTTPS
SFTP |
For Box, Dropbox, Google Drive, and Smarsh archiving systems
For archiving to an enterprise SFTP server, the following SFTP client IP addresses must be whitelisted:
3.211.163.136
3.223.170.110
34.225.218.68
34.226.29.169
34.234.210.244
34.236.210.8
34.239.13.99
35.172.123.110
52.87.7.127
54.80.51.95
54.147.91.15
Any of these IP addresses may dynamically be selected by the AT&T SFTP client to connect to an enterprise SFTP server.
|
TCP\443
(does not traverse enterprise network)
TCP\22
|
14. Application Programming Interface
The Application Programming Interface (API) allows control of AT&T unified communications system applications. Some of the APIs are used by endpoints and therefore included in the corresponding tables.
All .com domains resolve to the 66.81.240.0/20 supernet. All .biz domains resolve to the 80.81.128.0/20 supernet.
| Table 14.1 – Application Programming Interface |
| Purpose |
Application protocol |
Domain name/IP address |
Destination ports |
| Discovery service API |
HTTPS |
discovery.ringcentral.biz |
TCP\443 |
| Connect platform API |
HTTPS |
api.ringcentral.biz |
TCP\443 |
| SMS communication |
HTTPS |
platform.ringcentral.biz |
TCP\443 |
|
Platform API for media services
(for transferring media files: voice recordings, faxes, transcriptions, profile and contact information)
|
HTTPS |
media.ringcentral.biz |
v |
| Softphone app |
HTTPS |
api-sp.ringcentral.biz |
TCP\443 |
| Softphone app (legacy, to be decommissioned) |
NA |
NA |
NA |
| Mobile app |
HTTPS |
api-mob.ringcentral.biz |
TCP\443 |
| RC Meeting/RC Rooms app |
HTTPS |
api-rcapps.ringcentral.biz |
TCP\443 |
| Communication integration services |
HTTPS |
api-rcapps.ringcentral.biz |
TCP\443 |
| AT&T app – web and desktop |
HTTPS |
api-rcapps.ringcentral.biz |
TCP\443 |
| AT&T app – mobile |
HTTPS |
api-rcapps.ringcentral.biz |
TCP\443 |
| AT&T Video app – web and desktop |
HTTPS |
api-rcapps.ringcentral.biz |
TCP\443 |
15. SIP trunks
| Table 15.1 – SIP trunks |
| Purpose |
Application protocol |
IP address |
Destination ports |
Media
Signaling |
RTP
SIP |
Public IP addresses to be provided by AT&T during project definition |
UDP\1024-65535
UDP\5060
TCP\5061-5065
|
16. Communication integration services
Enterprises can use integration services to develop soft-endpoint communication clients.
Table 16.1 summarizes the programmatic communication integration services that allow enterprises to build their own soft endpoint clients.
Note:
- You only need to whitelist the set of services that you use. For example, if you don’t use integration services, you need not whitelist that domain.
- You must whitelist the Integration service API, the foundation API on which all communication integration services rely.
- You must whitelist the endpoint registration service, which registers all integration service (WebRTC) endpoints with the AT&T Cloud Communication Service.
- The RCV scheduling service is used for creating and managing RCV meetings.
- The Microsoft Teams and Slack integration services integrate applications into Teams and Slack, respectively.
- The platform APIs can be used to develop stand-alone applications (such as an outbound dialer), or applications embedded into existing business applications.
- You should whitelist the stand-alone platform API and Embeddable platform API only if you implement applications based on these APIs.
| Table 16.1 – Communication integration services |
| Purpose |
Application protocol |
Domain name/IP addresses |
Destination ports |
| Integration service API |
HTTPS |
api-rcapps.ringcentral.biz |
TCP\443 |
| Endpoint registration service |
HTTPS |
sip*.ringcentral.biz |
TCP\8083 |
| Video scheduling service |
HTTPS |
api-meet.ringcentral.biz |
TCP\443 |
| Microsoft Teams integration service |
HTTPS |
teams.ringcentral.biz |
TCP\443 |
| Slack integration service |
HTTPS |
slack.ringcentral.biz |
TCP\443 |
| Stand-alone platform API |
HTTPS |
platform.ringcentral.biz |
TCP\443 |
| Embeddable platform API |
HTTPS |
platform.ringcentral.biz |
TCP\443 |
17. AT&T cloud IP addresses for on-premises Microsoft Exchange server
Enterprises may connect their on-premises Microsoft Exchange server to the AT&T cloud to synchronize contacts with AT&T apps. To do so, the enterprise firewall must whitelist AT&T cloud IP addresses according to Table 17.1.
| Table 17.1 AT&T cloud IP addresses for on-premisis Microsoft Exchange Server |
| Region |
Domain name/IP address |
| North America |
3.223.170.110
54.147.91.15
3.211.163.136
|
| Europe |
18.196.95.223
3.122.161.21
3.122.122.53
|
| BIZ |
54.205.95.23
54.165.132.103
34.234.133.3
|
18. Domain Name Service (DNS)
To function properly, all endpoints and services require access to a public DNS. Endpoints rely on a DNS service to resolve the provisioning service domain name (e.g., pp.ringcentral.com).
If you use a private DNS, it must perform forward lookups to an internet-based DNS.
19. Network Address Translation (NAT)
Network Address Translation/Port Address Translation functionality (generically referred to as NAT) is applied at the border between two networks to translate between address spaces, or to prevent the collision of IP address spaces.
You must configure a minimum NAT timeout to ensure the proper operation of hardphones:
- Cisco phones send a follow-up REGISTER refresh message every four minutes.
- Poly phones re-register every five minutes. For these phones, you must set the NAT entry expiration timeout to more than five minutes.
20. Security software
You may need to configure your cloud-based security software (network firewalls and web proxies) to whitelist the domains listed in the tables in this document.
21. Quality of Service guidelines
You must follow the Quality of Service guidelines to ensure the proper prioritization of your traffic. Otherwise, either or both parties may experience intermittent issues with call control or media quality.
22. VLAN configuration guidelines
Follow the VLAN configuration guidelines to ensure that your VLANs are properly configured for hardphones. Review section 9: AT&T Phones.
Was this page helpful? Yes No
