Orchid VMS Architecture

Orchid Fusion/Hybrid VMS

Orchid Core VMS

Orchid Core VMS

Orchid Core VMS

Web Browser User Interface

Orchid Fusion/Hybrid VMS:

Central Management Server

(in Cloud, or in Customer Data Center)

Orchid Recorder:�On-Premise Recording Server

Last updated:5/29/2024

Last reviewed: 5/15/2025

Orchid Recorder

Orchid Network Services

Required: HTTPS�(encrypted)

443/TCP

Optional: RTSPS�(encrypted)

554/TCP

Metadata & API

Video

Orchid Fusion/�Hybrid

VMS

Required: HTTPS and Websockets�(encrypted)

443/TCP

User interface, Low-bandwidth Mode Video

Optional: RTSPS�(encrypted)

554/TCP

Web Browser Client

WebRTC video transmitted over automatically negotiated ports using STUN protocol (requires full cone NAT, restricted cone NAT, or port restricted cone NAT)

These ports/services on the Orchid Recorder server must be directly accessible to Orchid Fusion VMS. For Orchid Hybrid customers, Orchid Hybrid is configured as a VPN server and multiple Orchid Core servers are configured as VPN clients -- in these cases, all Orchid Recorder <-> Orchid Hybrid communication happens over the VPN and no Orchid Recorder services are exposed to an external network.

Optional: WebRTC Firewall traversal via STUN (encrypted video) �3478/UDP+TCP

Firewall

Firewall

Video for 3rd party integrations, external services, etc.

Last updated:5/29/2024

Last reviewed: 5/15/2025