Vertical Cloud Connect Security

VCC provides a highly secure cloud infrastructure for enterprise deployments. VCC cloud services (hosted on Google Cloud Platform) allows for on-premise Wave Servers and Vertical Cloud Connect Gateways (VCCG) to connect to VCC using industry-standard encryption over SSL/TLS connections. Browsers also connect to VCC servers using trusted SSL/TLS connections. 

Below are the key security protocols and connectivity supported - 

  • VCC uses a TLS Certificates.  Communications from VCCG, Wave, and browsers uses standard AES256 encryption.
  • VCCG instances and Wave instances are paired, which issues a client certificate for them to use when connecting back to VCC to identify them.
  • Browsers use HTTPS.
  • Voice and video traffic between VCCG and browsers use SRTP.
  • User passwords are not stored, but rather hashed using bcrypt and uniquely salted.  Browsers are issued a one-week token, and are forced to provide their password again after expiration.

Below are specific ports that are utilized inbound, outbound and browser connectivity - 

- VCCG Servers require Inbound UDP 20000-21000. This is for SRTP.

- VCCG Servers use outbound HTTPS (TCP 443) and encrypted TCP connections to port 50071 on vappcenter.com

- Wave Servers use outbound HTTPS (TCP 443) and encrypted TCP connections to port 50070 on vappcenter.com

- Wave Servers do not require any inbound connections for VPW or other vAppCenter applications (Note: ViewPoint Mobile on iOS or Android does require inbound Wave connections)

- Browsers use standard HTTPS (TCP 443) and HTTP (TCP 80), which is redirected to HTTPS