Cloud9 supports voice transmission over UDP or TCP protocol. To ensure you can communicate with external parties using Cloud9, please make sure your network is configured to support one of these protocols.
We recommend using UDP for voice traffic; however, if you do not allow external UDP traffic, please use TCP via web proxy using the instructions below.
UDP media transport
If you elect to utilize UDP for your SRTP media transport, then the following ports must be made available:
- UDP port 3478 for STUN
- UDP 16384 to 65535 for SRTP
If outbound UDP is blocked by default, then outbound UDP to the following addresses must be allowed to have Cloud9 provide the TURN media rendezvous/relay services. More of these servers will be added over time, thus it is important that all IP’s below are whitelisted for Cloud9 to provide media relay services globally for all customers.
IPs
- Virginia: 54.174.51.240/28
- Singapore: 52.77.127.240/28
- Frankfurt: 52.58.127.240/29
- Frankfurt: 52.28.21.193/32
- Sydney: 3.27.175.208/29
Web proxy configuration - TCP port 443 traffic – signaling and media
The Cloud9 domain for all services are *.xhoot.com, *.prod1.xhoot.com, *.<rgn>.prod1.xhoot.com, where <rgn> is use1, euc1, apse1, apse2. Cloud9 uses subdomains of xhoot.com for all its services. Some web proxies may block this domain citing it as an inappropriate domain; however, most web classification services should recognize this domain as ‘Business/Economy’. You may require whitelisting of this domain via your web proxy if your firm is more restrictive by default.
The general guidance is to whitelist *.xhoot.com, *.prod1.xhoot.com. Note that ZScaler proxies do not support the ‘*’ so for ZScaler proxies add .xhoot.com or .prod1.xhoot.com.
Customers often ask which subdomains to whitelist instead of whitelisting all of the xhoot.com domain as mentioned above. Cloud9 may change the subdomains it uses at any time; therefore, whitelisting subdomains is not recommended. If the customer security solution doesn’t allow wildcard whitelisting as mentioned above, then the following hostnames should be whitelisted with the caveat that this could change without warning:
APIs
ctiapi.prod1.xhoot.com calldataapi.xhoot.com managementapi.xhoot.com c9auditapi.xhoot.com c9apiproxy.xhoot.com ctiapitrader.prod1.xhoot.com
Login/logs/user settings
c9rest.xhoot.com
Cloud9 Admin Portal (user admin portal)
c9portal.xhoot.com
Recording upload
jrec.prod1.xhoot.com jrec-jjj.prod1.xhoot.com
Signaling
c9so-eip.xhoot.com c9so-apse1.xhoot.com c9so-apse2.xhoot.com c9so-euc1.xhoot.com c9so-use1.xhoot.com so.use1.prod1.xhoot.com so.euc1.prod1.xhoot.com so.apse1.prod1.xhoot.com so.apse2.prod1.xhoot.com
Media servers
use1-stun1.xhoot.com use1-stun2.xhoot.com use1-stun3.xhoot.com use1-stun4.xhoot.com use1-stun5.xhoot.com use1-stun6.xhoot.com use1-stun7.xhoot.com use1-stun8.xhoot.com use1-stun9.xhoot.com use1-stun10.xhoot.com (doesn’t exist yet) use1-stun11.xhoot.com (doesn’t exist yet) stun1.use1.prod1.xhoot.com (in the future) stun2.use1.prod1.xhoot.com (in the future) stun3.use1.prod1.xhoot.com (in the future) stun4.use1.prod1.xhoot.com (in the future) stun5.use1.prod1.xhoot.com (in the future) stun6.use1.prod1.xhoot.com (in the future) stun7.use1.prod1.xhoot.com (in the future) stun8.use1.prod1.xhoot.com (in the future) stun9.use1.prod1.xhoot.com (in the future) stun10.use1.prod1.xhoot.com (in the future) stun11.use1.prod1.xhoot.com (in the future)
euc1-stun1.xhoot.com euc1-stun2.xhoot.com euc1-stun3.xhoot.com euc1-stun4.xhoot.com euc1-stun5.xhoot.com euc1-stun6.xhoot.com euc1-stun7.xhoot.com euc1-stun8.xhoot.com euc1-stun9.xhoot.com (doesn’t exist yet) euc1-stun10.xhoot.com (doesn’t exist yet) stun1.euc1.prod1.xhoot.com (in the future) stun2.euc1.prod1.xhoot.com (in the future) stun3.euc1.prod1.xhoot.com (in the future) stun4.euc1.prod1.xhoot.com (in the future) stun5.euc1.prod1.xhoot.com (in the future) stun6.euc1.prod1.xhoot.com (in the future) stun7.euc1.prod1.xhoot.com (in the future) stun8.euc1.prod1.xhoot.com (in the future) stun9.euc1.prod1.xhoot.com (in the future) stun10.euc1.prod1.xhoot.com (in the future) stun11.euc1.prod1.xhoot.com (in the future)
apse1-stun1.xhoot.com apse1-stun2.xhoot.com apse1-stun3.xhoot.com apse1-stun4.xhoot.com apse1-stun5.xhoot.com (doesn’t exist yet) apse1-stun6.xhoot.com (doesn’t exist yet) stun1.apse1.prod1.xhoot.com (in the future) stun2.apse1.prod1.xhoot.com (in the future) stun3.apse1.prod1.xhoot.com (in the future) stun4.apse1.prod1.xhoot.com (in the future) stun5.apse1.prod1.xhoot.com (in the future) stun6.apse1.prod1.xhoot.com (in the future)
apse2-stun1.xhoot.com apse2-stun2.xhoot.com apse2-stun3.xhoot.com apse2-stun4.xhoot.com stun1.apse2.prod1.xhoot.com stun2.apse2.prod1.xhoot.com stun3.apse2.prod1.xhoot.com stun4.apse2.prod1.xhoot.com stun5.apse2.prod1.xhoot.com (doesn’t exist yet) stun6.apse2.prod1.xhoot.com (doesn’t exist yet)
Signaling support
Cloud9 uses WebSockets for signaling by implementing the socket.io (http://socket.io/) HTTP Web Sockets implementation. Please note that some older web proxies are not capable of supporting the HTTP UPGRADE method required for Websocket creation. This will block Cloud9 client’s ability to log in to the service.
Media (TCP SRTP) support
If you are capable of logging in to the service via your web proxy, then you will also be capable of sending your SRTP media via the web proxy without any additional configuration required on your network. However, within the Cloud9 Admin Portal, there is a setting known as “Voice via Web Proxy” that needs to be activated for each user.
Enabling Web Proxy in the Cloud9 application
When electing to transport media traffic over TCP, you will need enable the 'Automatically detect settings' option under Proxy Settings found in Settings on the Cloud9 login screen.
- Launch Cloud9.
- Click the Settings icon in the bottom right corner.
- Click Automatically detect settings under 'Proxy Settings' and then click OK.