Thank you very much for contacting the Intel Communities Team, Thomas77. I will be more than happy to assist you.
Allow me to share with you that the Intel Unite® app will use TCP on Mac OS* and, UDP on Windows* OS.
Please refer to the Intel Unite® Deployment Guide: https://www.intel.com/content/www/us/en/support/articles/000008523/software/software-applications.html
Thank you for your patience, Thomas77.
I would like to make a correction to my previous post: Intel Unite® app works using only TCP. It will work using this protocol with either, Mac OS or Windows*.
I am aware that the Deployment Guide is not very specific, though, this is the protocol that is used in order to create the DNS Service Record. In addition, The app does not connect to auto-discovery mode as shown in the following:
By default, the app will use DNS Auto-Discovery (e.g. DNS SRV records) to determine the proper Enterprise Server to connect to. The overall workflow is as follows:
*(Optional) Enterprise Server as defined in preferences
*Auto Discovery to the following domains:
i. Example: _uniteservice._tcp.corp.test.com
i. Example: _uniteservice._tcp.test.comPlease refer to the pages 62 (11.2), 67 (12.4.2), 79, 82, 83 and 84 of the Intel Unite® Deployment Guide: https://www.intel.com/content/www/us/en/support/articles/000008523/software/software-applications.html
>Attempt connection to HTTPS followed by HTTP if failure
Did you find a solution to this problem?
I am having the same issue where Infrastructure dept does not want to open up 20,000+ ports on the network...
Seems as though you should be able to specify this in a config file to only communicate across certain ports.
I see the same as you communication after handshake talks on ports ranging from upper 40,000 to lower 60,000 range
You can lock the TCP port used for the initial connection and commands by setting the service listen port in the device profile, but the A/V streaming (present desktop in Windows) does not use that port. If you disable A/V streaming support and set the service port, then Unite app appears to only use a single TCP port that you set - however it's a pretty ordinary experience.
Depending on your network firewall and infrastructure, there are a couple of options which may be possible - internally, A/V Streaming mode uses an encrypted WebRTC socket for transmission which is what handles setup and teardown of the connections (including protocol and port allocation - which is why it is not possible to lock down the ports used).
An interesting side effect of using WebRTC is that it was really designed for communication between web browsers, which may be behind restrictive firewalls and NAT. So part of the mechanism uses STUN to determine the lines of communication. A stateful, layer 7 firewall could theoretically witness the STUN handshake between client and server and temporarily open up lines of communication between client and hub for the duration of the session.
The other, simpler method would be to VLAN your hubs with a basic firewall. For example, set the service listen port to 30000 and allow (inbound to the Hub VLAN):
TCP port 30000
UDP ports 1025-65535 (i.e. all non-privileged ports)
Any ports required by plugins
You could theoretically restrict the UDP ports to the 20,000 mentioned earlier, but the operating system (in this case, Windows) is ultimately responsible for selecting the ports to use and may pick one outside that range.