ncr aloha network configuration guide - texas pos · ncr corporation® 2016 page 1 of 13 ncr aloha...

NCR Corporation® 2016 of 13

NCR Aloha Network Configuration Guide Overview

The network is the key entry point into any server environment where sensitive data is transferred between systems. Maintaining a high level of network integrity is essential for ensuring quality service and effectively managing operational risks.

NCR understands the need for enhanced security measures and designs its line of Aloha Enterprise services and products to work with most firewall or proxy servers you might use, promoting a safer network connectivity environment.

Network Configuration Requirements

The following Hosted Solutions table provides the parameters you need to allow Aloha Enterprise services and products acces s through established firewalls

NCR Hosted Solutions

Application Program/Feature Exceptions Port/Protocol Direction URL / Purpose IP Address

Aloha Configuration Center (CFC) v15.6 and below

AeMInStoreProcessor.exe

AeMInStoreService.exe

80 – HTTP

443 – TCP www.configurationcenter.com 206.123.121.72

Aloha Configuration Center (CFC) v16.4 and above



80 – HTTP www.configurationcenter.com 206.123.121.72

443 – HTTPS host.configurationcenter.com

dd.configurationcenter.com

38.107.252.69

38.107.252.78

CFC Password Reset 443 – HTTPS https://web.ncrbackoffice.com 38.107.252.120

General Firewall / Router Requirements for AlohaEnterprise.com Services Depending on firewall configuration you may need to add the following addresses/IPs to your router to allow access to the following sites commonly used by our Aloha Enterprise applications. 206.123.121.2 thru 206.123.121.126

NCR Aloha Network Configuration Guide Last Updated: August,28 2016 v16.8


NCR Aloha Network Configuration Guide


CFC Password Reset UAT v15.6 and below

443 – HTTPS https://ppdweb.ncrbackoffice.com 38.107.252.124

CFC Password Reset UAT v16.4 and above

443 – HTTPS https://web.testconfigurationcenter.com

72.249.149.151

Aloha Manager (AM) 80 – HTTP www.configurationcenter.com 206.123.121.72

443 – HTTPS services.configurationcenter.com 38.107.250.156

CFC HR Bridge 443 – HTTPS services.configurationcenter.com 38.107.252.61

CFC UAT v15.6 and below



80 – HTTP

443 – TCP www.testconfigurationcenter.com 72.249.149.146

CFC UAT v16.4 and above



80 – HTTP www.testconfigurationcenter.com 72.249.149.146

443 – HTTPS host.testconfigurationcenter.com

dd.testconfigurationcenter.com

72.249.149.157

72.249.149.158

CFC UAT HR Bridge 443 – HTTPS services.testconfigurationcenter.com 72.249.149.147

Aloha Insight

FTP/FTP Download

AlohaFTP.exe

Alohas.exe

FTP (Passive mode)

21 – TCP

1024-65535 – TCP

FTP (Active mode)

21 – TCP

20 – TCP

Outbound

Outbound

Outbound

Inbound

ftp.alohaenterprise.com

ftp1.alohaenterprise.com

ftp2.alohaenterprise.com

ftpfarm.alohaenterprise.com

archive.alohaenterprise.com

download1.alohaenterprise.com

download2.alohaenterprise.com

download.alohaenterprise.com

webfarm.alohaenterprise.com

archive.alohaenterprise.com

206.123.121.70

206.123.121.70

206.123.121.70

206.123.121.70

206.123.121.71

206.123.121.89

206.123.121.89

206.123.121.90

206.123.121.90

206.123.121.71

Radiant Heartbeat (PollCheck)

Hbaloha.dll

PollCheck.exe

80 – HTTP

80 – TCP

8080 – HTTP

8080 – TCP

443 – HTTPS

esinst.alohaenterprise.com 206.123.121.90

Aloha Insight

Data Warehouse

N/A 1433-UDP

1433-TCP

206.123.121.4

ftp://ftp.alohaenterprise.com/

ftp://ftp1.alohaenterprise.com/

ftp://ftp2.alohaenterprise.com/




Aloha Insight

Web site, Reporting, Document Download, & MemberLink Access

InsightInstall.exe

GenPoll.exe

eGrind.exe

80 – HTTP

80 – TCP

8080 – HTTP

8080 – TCP

443 – HTTPS

4430 – HTTPS

webfarm.alohaenterprise.com

download.alohaenterprise.com

<co name>. alohaenterprise.com

Insight Reporting Range

206.123.121.90

206.123.121.2 thru .126*

Aloha Restore (Heartbeat)

PollCheck.exe

AlohaRestore.exe

443 – HTTPS

80 – HTTP

ssfm.alohaenterprise.com (data transport)

esinst.alohaenterprise.com (software updates)

206.123.121.88 or 38.107.252.20

206.123.121.90

Aloha Loyalty Redirector.exe

9099-TCP In/Outbound

efreq.alohaenterprise.com 206.123.121.92

Aloha Stored Value

Version SV1

StoredValue.Boh.App.exe

StoredValue.Boh.UpdateService.exe

21 – FTPS

443 - HTTPS

sv1ftp.alohaenterprise.com

storedvalue.alohaenterprise.com 38.107.252.80 38.107.252.89

Aloha Stored Value Version G1

ATDDB.exe

GCLegacy.exe

VBOConnect.exe

8080 – HTTP ecard.alohaenterprise.com

vbo.alohaenterprise.com 206.123.121.91

Aloha Stored Value Terminal Edition

N/A 443 – HTTPS storedvalue.alohaenterprise.com 38.107.252.89

Aloha Online

NOTE: the Aloha Online product has dependencies on Command Center and Restaurant Guard.

80 – HTTP/TCP

8082 –HTTP

8082 – TCP

443 – TCP

9880 – TCP

8888 - TCP

4430 – UDP

9888 – UDP

443 – HTTPS

443 – HTTPS

443 – HTTPS

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Outbound

Outbound

Outbound

weborder.alohaenterprise.com








api.alohaorderonline.com

adminapi.alohaorderonline.com

*.alohaorderonline.com

206.123.121.25

38.107.252.57

38.107.252.57

206.123.121.75




Aloha Guest Manager

GuestManagerFiles.exe

GuestManagerHost.exe

GuestManagerUpdate.exe

GMSettings.exe

DeviceHost.exe

8500 – TCP

80 – HTTP

8095 – TCP

443 – TCP

22769 – UDP

Inbound

Inbound

Inbound

In/Outbound

guestmgr.alohaenterprise.com

webtexting.alohaenterprise.com

206.123.121.25

38.107.252.74

Aloha Update AlohaSuiteInstaller.exe

80 – HTTPS

8080 – HTTPS

443 – TCP

Inbound

Inbound

Inbound

www.radiantupdate.com

alohaupdate.ncr.com

package.alohaupdate.ncr.com

206.123.121.72

Command Center

Whitelisting

Certificate Validation

CMCInst.exe

CMCAgent.exe

CmcSvcWatcher.exe

RadSprtA.exe

Pvnc.exe

Pollcheck.exe

HBProxy.exe

HBPrint.exe

CMCProxy.exe

HBUtil.exe

80 – TCP

8080 – TCP

443 – HTTPS

22 or 80/443 – TCP

9150 – TCP

9151 – TCP

9157 – TCP

11000 – TCP

11001 – UDP

11002 – UDP

9200 – TCP/ UDP

9201 – TCP/ UDP

9202 – TCP/ UDP

9203 – TCP/ UDP

9204 – TCP/ UDP

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

rdf2.alohaenterprise.com

ssh.alohaenterprise.com

crl.godaddy.com

crl.verisign.com

206.123.121.24

206.123.121.27

72.167.18.237

72.167.18.238

72.167.239.237

72.167.239.238

188.121.36.237

188.121.36.238

182.50.136.237

185.50.136.238

50.63.243.228

50.63.243.229

199.7.48.0:20

199.7.71.0:24

199.7.72.0:22

199.7.76.0:24




Digital Menu Boards

80 – HTTP

443 – HTTPS

5938 – TCP

Outbound

Outbound

Outbound

www.ncrvitalcast.com

vcserver6.txdigital.com

*.teamviewer.com

nist1-pa.ustiming.org or

time.windows.com or

time.nist.gov

*.ws.symantec.com

*.symcb.com

*.symcd.com

153.69.71.29

219.81.32.122

Resolved by DNS

50.63.202.59 or

23.99.222.162 or

128.138.141.17

Actual IP addresses are subject to change by Symantec

NCR BackOffice Application

80 – HTTP

443 – HTTPS boa.menulink.net 206.123.121.44

NCR BackOffice Installs 80 – HTTP

443 – HTTPS install.ncrbackoffice.com 38.107.252.122

NCR BackOffice Data Service

443 – HTTPS data.ncrbackoffice.com 38.107.252.121

NCR BackOffice HR Bridge

443 – HTTPS secure.menulink.net 38.107.252.126

NCR BackOffice Anywhere

443 – HTTPS anywhere.ncrbackoffice.com 38.107.252.120

NCR BackOffice Integration

443 – HTTPS integration.ncrbackoffice.com 38.107.252.123

NCR Back Office Licensing

10781 – TCP license.menulink.net 64.244.148.153

NCR Back Office Replication

1433 –TCP/UDP

1434 –TCP/UDP (configurable)

NCR Back Office Pulse User Provisioning

(for My Schedule and Mobile Inventory)

443 – HTTPS data.ncrbackoffice.com 38.107.252.121




NCR Back Office Pulse User Provisioning

(for My Schedule and Mobile Inventory)

443 – HTTPS anywhere.ncrbackoffice.com 38.107.252.120

NCR BackOffice UAT Application

80 - HTTP

443 - HTTPS lab.menulink.net 38.107.252.47

NCR BackOffice UAT Installs

443 - HTTPS install.ncrbackoffice.com 38.107.252.122

NCR BackOffice UAT Data Service

443 - HTTPS ppdweb.ncrbackoffice.com 38.107.252.124

NCR BackOffice UAT HR Bridge

443 - HTTPS lab.menulink.net 38.107.252.47

NCR BackOffice UAT Anywhere

443 - HTTPS ppdweb.ncrbackoffice.com 38.107.252.124

NCR Endpoint Protection 80 – HTTP

443 – TCP

content.radiantmsp.com

remote.radiantmsp.com

206.123.121.83

38.107.252.22

38.107.252.31

38.107.252.32

NCR Guest Pad 443 — TCP

443 — TCP

In/Outbound

In/Outbound

Client-RU.NCRGuestPad.com

Client.NCRGuestPad.com

38.107.252.68

38.107.252.67

https://lab.menulink.net/

https://install.ncrbackoffice.com/

https://ppdweb.ncrbackoffice.com/

https://lab.menulink.net/

https://ppdweb.ncrbackoffice.com/




NCR Mobile Pay*

*(also see NCR Mobile Pay under Store-Side Solutions)

IMAgent.exe

MPAgent.exe

80 – HTTP

443 – HTTPS

8082 — TCP

9801 – TCP

7893 — TCP

7893 — TCP

7897 — TCP

7896 — TCP

7898 — TCP

7899 — TCP

Internal BOH

Internal BOH

Internal FOH

Internal FOH

Internal FOH

ssfm.alohaenterprise.com

ssfm.alohaenterprise.com


esinst.alohaenterprise.com

store.radiantmobileapp.com

www.radiantmobileapp.com

www.ncrpay.com

ncrpaystatus.com

*.paypal.com

crl.godaddy.com

certificates.godaddy.com

crl.starfieldtech.com

certificates.starfieldtech.com







IMAgent

Mobile Pay BOH Service

Mobile Pay Process

FOH Activity Intercept

FOH Print Intercept

206.123.121.88

38.107.252.20

206.123.121.25

38.107.252.90

38.107.252.90

38.107.252.90

206.123.121.41

23.21.213.53

Resolved by DNS

72.167.18.237

72.168.18.238

72.167.239.237

72.167.239.238

188.121.36.237

188.121.36.238

182.50.136.237

182.50.136.238

50.63.243.228

50.63.243.229

NCR Patch Management 80 – HTTP

443 – TCP

content.radiantmsp.com

remote.radiantmsp.com

206.123.121.83

38.107.252.22

38.107.252.31

38.107.252.32

Pulse IMAgent.exe

PulseAgent.exe

21 – TCP

21 – FTPS

443 – TCP

443 - HTTPS

9801 – TCP

Outbound


store.radiantmobileapp.com


pif.radiantmobileapp.com

38.107.252.90

38.107.252.90

38.107.252.90

38.107.252.86

http://www.radiantmobileapp.com/

http://www.ncrpay.com/




Quest

80 – HTTP/TCP

8884

8885 – TCP

8890 – UDP

206.123.121.50 thru .59

Restaurant Guard 443 – HTTPS

80 – HTTP

ssfm.alohaenterprise.com (data transport)

esinst.alohaenterprise.com (software updates)

restaurantguard.com

ns1.alohaenterprise.com

ns2.alohaenterprise.com

root.alohaenterprise.com

206.123.121.88 or 38.107.252.20

206.123.121.90

206.123.121.87

Store-Side Solutions

Application Program/Feature Exceptions

Port/Protocol Direction URL / Purpose IP Address

Aloha CAP StoreActivityRecorder.exe 8195 – TCP/ UDP Inbound Store Activity Recorder

Aloha EDC EdcSvr.exe Edc.exe

443 TCP/ UDP Inbound Electronic Data Capture Internet-based credit card authorizations





Aloha POS v7.0 and later

Default Base Port=49214

(Configurable use Base Port + 1-5, 7, 8)

CtlSvr.exe

RfsSvr

Iber.exe

Iberqs.exe

AlohaAlertEngine.exe

49214 – UDP

49215 – TCP

49216 – UDP

49217 – DCP

49218 – TCP

49219 – UDP

49221 – TCP

49222 – UDP

12345 – UDP

12346 – UDP

445 – TCP/UDP

60050 – TCP

8019 – TCP

9018 – TCP

1333 UDP

135 – TCP/UDP

139 – UDP/TCP

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Base Port\Discovery

Front of House

Front of House

Discovery

CtlSvr

CtlSvr

RFS

RFS

Discovery

Discovery

Front-of-House/Back-of-House

RFS File Sharing

Alerts Engine

Databus communication

Term to Term / Term to BOH

communication

DCOM for Aloha Connect (3 rd Party)

Aloha Connect remote calls

Aloha RFS RfsSvr.exe 60050 – UDP/TCP

Remote File System is part of the Aloha POS communication framework (override with "RFSPORTNUMBER" in Aloha.ini)

Aloha Transaction Gateway

AlohaTransactionGateway.exe

ATGHelperService.exe

8899 –TCP/UDP

7788 –TCP

8887 – TCP/UDP

8889 – TCP

45888 – UDP

10000 and above

Inbound BOH

Inbound BOH

Inbound BOH

Inbound BOH

Inbound BOH

Inbound BOH

.NET remoting on site controller

.NET remoting on the client

REST services within Iber

REST services hosted by ATG

Service Discovery as part of multicast group 230.134.226.241

Dynamically assigned thru .NET Remoting





Aloha Kitchen AlohaKitchen.exe

1221 – UDP

1222 – TCP

1333 – UDP

9090 – TCP

9088 – TCP

11011 – UDP

13555 – TCP

14770 – TCP

FOH/BOH

FOH/BOH

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

AK Databus Discovery Broadcast

/Multicast over 225.0.0.37

Kitchen Databus Communication

Broadcast/Multicast over 225.0.0.37

AK Databus UDP Discovery

Default Kitchen service port

Broadcast /Multicast over 225.0.0.37

Default Kitchen Interface port

AK Broadcast Mgr Discovery Port

AK File Sharing port

BOH AK Instance

Aloha Licensing 37420 — TCP

37421 — TCP

Port to connect to the Aloha Licensing server.

Aloha Mobile*

*Aloha Mobile Versions 12.1.7 - Current

80 – TCP

5353 – UDP

5656 – UDP

7004 – UDP

7787 – TCP

7788 – TCP

8896 – TCP

8897 – TCP

8898 – TCP

8899 – TCP

1024-65535 TCP

24999 – TCP

25000 – UDP

7005 – TCP

7017 – TCP

10000 – TCP

22 – TCP

Inbound

Inbound

Inbound

System Center

System Center

System Center

System Center



iOS communication

iOS communication

Aloha Mobile Monitor

Aloha Mobile Monitor

OM 7 communication (in cradle)

Orderman7/SOL communication

Orderman7/SOL communication

Orderman7 communication

Orderman7 communication

OM7 Base station4 communication

OM7 Multi-SvcCradle communication





System Center 2 (Orderman)

Bonjour (service name)

scservice.exe

5353 – TCP

5353 – UDP/mDNS

80 – TCP

80 – HTTP

7005 – TCP

Inbound

In/Outbound

In/Outbound

In/Outbound

Outbound

Orderman Device Discovery

Orderman Device Discovery

Configuration UI - OMB4 and

OM7 Service Station

Configuration of OM7

Localhost

Localhost

Aloha SPY 3999 – TCP Surveillance security interface (override with "ALOHASPYPORT" environment variable)

Aloha Takeout

Radiant.Hospitality.AlohaToGo.exe

ServiceHost.exe

1478 - UDP

2478 - TCP

8020 – HTTP/TCP

8021 – TCP

8030 - TCP

8040 - TCP

9020 – HTTP/TCP

9021 – TCP

9600 – TCP

10550 – TCP

10551 – TCP

1221 – UDP

1222 – TCP

21769 – UDP

32768 – HTTP/TCP

32769 - TCP

In/Outbound

In/Outbound

Inbound

Inbound

In/Outbound

In/Outbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

Inbound

In/Outbound

In/Outbound

ATO Databus Discovery Port

ATO Databus Communication

Primary/Master ATO service ports

BOH ATO-ATG/Loyalty Comm.

FOH ATO-ATG/Loyalty Comm.

Primary/Master ATO service ports

Aloha Kitchen Interface for ATO

(ATO v1.1, v1.2.19 and earlier)

Intercept remoting ports

Intercept remoting ports

Aloha Kitchen discovery port for ATO (ATO v1.2.20 and later)

Kitchen Databus Communication

Broadcast/Multicast over 225.0.0.37

Service discovery port

Primary/Master ATO Client Ports

OrderPoint! RSSEngine.exe

135 – RPC

1801 – TCP

1801 – UDP

2101 – RPC

2103 – RPC

2105 – RPC

3527 – UDP

Message Queuing





Aloha UPI 55055 – TCP TCP/IP interface to Universal Payment Interface (override with "REMOTEPORT" in Edc.ini)

Remote Auto Loader (RAL)

AlAdmSvr.exe

AlhAdmin.exe

11000 –TCP/UDP

11001 –TCP/UDP

11002 –TCP/UDP

11003 –TCP/UDP

Socket Listen

Multicast Listen

Multicast Send

Discovery Broadcast

©2016 NCR Corporation – All rights reserved. The information contained in this publication is confidential and proprietary, and may not be reproduced or disclosed to othe rs.


Proxy Server Considerations

A proxy server acts as a gateway between two networks, such as a company network and the Internet. Proxies block direct acces s between networks, which makes it much more difficult for intruders to obtain private network information. Proxies may also cache Web pages; sto ring a temporary copy locally, which increases network performance.

In general, the Aloha Enterprise line of products allows traffic through a proxy server, without additional configuration requirements. The MenuLink application, which is a very robust, comprehensive solution, supports proxy access with minor proxy server configuration.

MenuLink version 5.9 and later support access using key proxy configuration settings. Because the majority of MenuLink content is dynamic, and not suitable for caching, it would be feasible to exclude MenuLink traffic from the proxy. To this end, you need to modify the In ternet Explorer proxy options to exclude MenuLink remoting traffic.

To exclude NCR BackOffice remoting traffic from the proxy server:

1. Select Tools > Internet Options from the Internet Explorer main

menu.

2. Click the Connections tab.

3. Click LAN Settings.

4. Select the Use a proxy server for your LAN check box.

5. Click Advanced.

6. Under ‘Exceptions,’ type the URL you want to exclude from the

proxy (e.g., http://boa.menulink.net/<companyname>).

This excludes the remoting traffic from the proxy, but still allows code updates and other essential traffic.

When you are finished making changes, click OK until you return to

Internet Explorer.

ncr aloha network configuration guide - texas pos · ncr corporation® 2016 page 1 of 13 ncr aloha...

Documents