3Shape Unite (Dental Desktop) Network requirements and Connections

3Shape Unite (Dental Desktop) Network requirements and Connections

07/11/2023

Introduction

This article describes the network speed requirements and network traffic used by 3Shape Unite (Dental Desktop) solutions. This is relevant for any customer that intends to use 3Shape Unite (Dental Desktop) so their network is prepared to use them properly without having any disruptions caused by unintended blockers, this needs to be done by the customer Network administrator or IT department.

Network speed requirements

Parameter

TRIOS, Implant Studio, Design Studio, Dental System, Ortho System

3Shape Unite Server

Internet upload (1)

Minimum - 5 Mbit/s 
Recommended - 25 Mbit/s or faster

Internet download (1)

Minimum - 5 Mbit/s 
Recommended - 25 Mbit/s or faster

Internal network - wired

Recommended - 1000BASE-T (1 Gbit/s) 

Internal network - wireless

Recommended  - 5Ghz 802.11AC (100-300Mbit/s) (2,3)

Must be wired

(1) The effective internet upload and download speed may be tested using free tools available on the internet, e.g. www.speedtest.net

(2) The minimum effective upload and download speed between wireless client and dental desktop server: 50 Mbit/s (effective speed)

(3) Wired network connection recommended for dedicated design stations for TRIOS Design Studio, Implant Studio and Dental System.

Overview versions & executables

Version name

Dental Desktop versions included
Client executable
Server executable

Dental Desktop (pre-Unite)

1.1.1.0 - 1.7.18.0

DentalDesktop.exe

DentalDesktopServer.NTService.exe

Unite 21.x

1.7.19.0 - 1.7.40.0

DentalDesktop.exe

DentalDesktopServer.NTService.exe

Unite 23.x

1.7.80.0 - 1.7.8x.x

DentalDesktop.exe

DentalDesktopServer.NTService.exe

Unite 24.x

1.8.0.0 - 1.8.x.x

DentalDesktop.exe

DentalDesktopServer.Service.exe

External Traffic (over the Internet)

Traffic from 3Shape Unite (Dental Desktop) system on internal network to internet (i.e. across customers' firewalls). 

Note: 3Shape's software uses URLs to identify service endpoints, not IP-addresses. Customers blocking outgoing traffic in their firewalls based on IP-addresses becomes vulnerable as URL to IP mapping are changing over time outside 3Shape's control. This will cause outgoing traffic to be blocked and the system to partly stop working.

3Shape Communicate

Case sharing between Clinics, Labs and Design Services.

URL Port Protocol Encryption Executable Current IP addresses
eu15.3shapecommunicate.com (Europe only) 443 TCP, HTTPS TLS AES-256 Server

94.245.89.109, 

52.169.75.116
am15.3shapecommunicate.com (Americas only) Server

191.236.56.157, 

40.76.58.234
as15.3shapecommunicate.com (Asia only) Server

191.234.23.106, 

52.229.154.166
dme.3shapecommunicate.com Server

191.237.69.109, 

23.96.105.230
activeregions.3shapecommunicate.com Server 104.211.49.150
caseorigin.3shapecommunicate.com Server

 
masterdatadiscovery.3shapecommunicate.com    

3Shape Account

Authentication of client and lab Communicate accounts, sign in to 3Shape Unite and other 3Shape services.  

URL

Port

Protocol

Encryption

Executable

Current IP addresses

auth.3shapecommunicate.com

443

TCP, HTTPS

TLS AES-256

Server

137.116.115.186,

104.45.193.253

companymigration.identity.3shape.com

Client

 

connections.3shapecommunicate.com

Client

 

data.identity.3shape.com

Server, Client

20.85.251.32, 

104.45.193.253

identity.3shape.com

Server, Client

20.85.251.32, 

104.45.193.253

profile.identity.3shape.com

 Client

 

treatmentgroups.identity.3shape.com

 Client

 

ui.companymigration.identity.3shape.com

 Client

 

users.3shapecommunicate.com

Server

137.116.115.186, 

104.45.193.253

users.3shapecommunicate.com

Client

 

portal.3shapecommunicate.com

80

TCP, HTTP

 

Client

 

Cloud Storage

URL

Port

Protocol

Encryption

Machine/application

cloud.raven.3shape.com (CNAME), production-trafficmanager.westeurope.azurecontainer.io (A Record)

5455

TCP

SSL/TLS (based on KMS certificates)

Hosted on Azure

Region 1 (Americas): 4.156.253.43

Region 2 (Asia): 20.255.43.66

Region 3 (Europe): 108.141.98.45

Region 4 (China): 143.64.162.78

7000-7100,

8501

Hosted on Azure

Cloud License

URL Port Protocol Encryption Executable Current IP addresses
client.license.3shape.com 443 TCP, HTTPS TLS AES-256 Client 10.16.24.7, 13.107.213.44,13.107.246.44 (Azure managed)

Workflow Automation

Cloud-based algorithms for workflow automation. Only used by some 3Shape Apps, for instance TRIOS Treatment Simulator, TRIOS Patient Monitoring and Automate Crown.  

URL

Port

Protocol

Encryption

Executable

Current IP 
addresses

eucloudservices.3shapecommunicate.com (Europe only)

443

TCP, HTTPS

TLS AES-256

Client

40.91.205.128

amcloudservices.3shapecommunicate.com (Americas only)

52.171.58.190

ascloudservices.3shapecommunicate.com (Asia only)

52.148.92.120

Windows OS Updates

Security and certificate updates (through WSUS - Windows Server Update Services). Only relevant for TRIOS Move and TRIOS Cart installations, and laptops supplied by 3Shape.  

Notes: 

URL Port Protocol Encryption Executable Current IP 
addresses
triosmsu.westeurope.cloudapp.azure.com 8530 HTTP None Windows 40.113.140.19
triosmsu.3shape.com CNAME

3Shape Unite Store (Software Updates)

Used when updating 3Shape Unite (Dental Desktop) and its software modules. 

URL Port Protocol Encryption Executable Current IP addresses
beta.store.3shape.com 443 HTTPS TLS AES-256 Client 13.107.213.69 (Azure managed)
ui.store.3shape.com 13.107.213.69 (Azure managed)
asset.productmarketingcloud.com 13.90.213.204
pages.3shape.com 104.17.72.206, 104.17.70.206, 104.17.71.206, 104.17.73.206, 104.17.74.206
updates.3shape.com 80 TCP, HTTP None Server, Client 195.49.233.139
3shapeconfig.com 443 TCP, HTTPS TLS Server 52.178.142.100
cdn.3shapeconfig.com Server CNAME

fonts.googleapis.com

443

HTTPS

TLS 1.2/1.3

Client

Google managed

maps.googleapis.com

443

HTTPS

TLS 1.2/1.3

Client

Google managed

pimcdn.3shape.com

443

HTTPS

TLS 1.2/1.3

Client

Azure managed

dc.services.visualstudio.com

443

HTTPS

TLS 1.2/1.3

Client

Microsoft managed

prodbetast77.blob.core.windows.net

443

HTTPS

TLS 1.2/1.3

Client

Microsoft managed

fonts.gstatic.com

443

HTTPS

TLS 1.2/1.3

Client

Google managed

asset-prod1a-euw.productmarketingcloud.com

443

HTTPS

TLS 1.2

Client

20.31.30.204 (managed by eCom team PIM setup)

addressvalidation.googleapis.com

443

HTTPS

TLS 1.2/1.3

Client

Google managed

Licensing (dongle-based)

Renewal of license subscriptions, CAD points, and site options.  

URL Port Protocol Encryption Executable Current IP addresses
www.3shape.com 80 TCP, HTTP Custom

Server, Client

DongleServer.exe

 CNAME record pointing to CloudFlare https://www.cloudflare.com/ips/

Remote access for Support

Two integrations are needed for to be able to provide support for customers:

  1. Teamviewer-based screen sharing so the customer can enable reseller or 3Shape Customer Support to access the system remotely for trouble-shooting. For more information on TeamViewer connections, see here: https://www.teamviewer.com/en/trust-center/security/#destination-ip-address
  2. Connection to 3Shape to allow customers to access direct support from 3Shape (as a part of TRIOS Care). This integration is needed for Dental Desktop 1.7.19.0 and newer. The connection will be performed on the Dental Desktop client executable before 1.7.23.0 and on the Dental Desktop Server executable with 1.7.23.0 and newer
URL Port Protocol Encryption Executable Current IP addresses
teamviewer.com (incl. all sub domains such as master10teamviewer.com ) 5938 TCP AES-256 3Shape_Support_Participant.exe, (Teamviewer.exe)

Examples of IPs: 185.188.32.4, 195.244.97.214.   

(can change dynamically according to www.teamviewer.com)
communicate-framework.3shape.com 443 HTTP

TLS,

AES-128

Client

(1.7.19.0-1.7.22.*)

Server

(1.7.23.0 and newer)

CNAME to eu-communicate-framework-p-trafficmanager.trafficmanager.net

Reserved IP 168.61.91.95
login.microsoftonline.com 443 HTTPS

TLS,

AES-256

 CNAME

Training videos 

Used when accessing the training videos in 3Shape Unite Help Center. 

URL Port Protocol Encryption Executable Current IP addresses
community.3shape.com 443 TCP, TLS AES-256 Client 104.20.92.111 
104.20.93.111

Feedback Reports 

Used when sending feedback reports to 3Shape for advanced trouble-shooting. All ePHI data is removed locally before the case is being sent.  

URL Port Protocol Encryption Executable Current IP addresses
ftp.3shape.com

21,

40000-41000

 TCP, FTP ZIP-based encryption Client 195.49.233.138

Usage Statistics 

Used for sending Information on the usage on the system for product improvements purposes. The transferred information contains no user or patient information.  

URL

Port

Protocol

Encryption

Executable

Current IP addresses
feedback.3shape.com* 80 TCP, HTTP Proprietary Server, Client, ThreeShape.BlueWhale.DataService.exe

195.49.233.146

CNAME to feedback.3shape.com.cdn.cloudflare.net  
dataservice.3shape.com 443 TCP, HTTPS TLS AES-256 ThreeShape.BlueWhale.DataService.exe CNAME to d1ym2p1v6r5g6z.cloudfront.net
orca.3shape.com      TBC CNAME to orca.3shape.com.cdn.cloudflare.net

Internet checking 

Used for diagnostics purposes (checking if the system has an internet connection).  

URL Port Protocol Encryption Executable Current IP addresses
3shape.com

80,

443

TCP,

HTTP,

HTTPS

 None Server, Client 52.169.143.141
microsoft.com 40.112.72.205
www.google.com

216.58.192.0 -

216.58.223.255

  
Internal Traffic (within customer's network) 

This section lists all connections within the local network between the Dental Desktop Server, Dental Desktop Client PCs, TRIOS scanner, CAM and locally running 3rd party integrations. 

Client-Server 

The ports mentioned should be open for incoming traffic on the Dental Desktop Server PC. Only relevant if using a client-server setup.  

URL Port Protocol Encryption Executable Examples of IP addresses
N/A 5480 HTTP   Server, Client N/A
N/A 5481 TCP, SSL TLS  
N/A 5482-5483 UDP   N/A
N/A 5484 HTTPS TLS N/A
N/A 27027 TCP Custom Client to DongleServer.exe N/A
N/A 27027 TCP Custom Server to DongleServer.exe N/A
N/A N/A ICMP   Client N/A

Database Traffic 

Dental Desktop installs SQL Server Express 2012 locally. Network traffic is not required for standard server installations. The installer allows the administrators to specify an external database server. Installing Dental Desktop with remote SQL server is not fully supported.  

URL Port Protocol Encryption Executable Examples of IP addresses
N/A custom (default: 1433) TCP none / SSL (optional) Server, DentalDesktopServer.MigrationToRaven.exe N/A

Local 3rd Party Integration: Webservice for PMS (API) and DTX Studio Clinic 

The ports mentioned should be open for incoming traffic on the Dental Desktop Server PC. Only relevant if using a 3rd party software accessing the PMS (Practice Management System) API. This can be PMS systems or imaging systems like DTX Studio Clinic from Envista.  

URL Port Protocol Encryption Executable Examples of IP addresses
N/A 5484 HTTPS/TCP TLS/SSL Server (PMS software) N/A
N/A 5490/5491 HTTPS/TCP TLS/SSL ThreeShape.Integrations.PracticeManagement.WebService.exe N/A

Local 3rd Party Integration: Straumann/DentalWings CARES Visual Chairside and coDiagnostiX 

Dental Desktop 1.7.3.0 and later is able to send cases to CARES Visual Chairside and coDiagnostiX software from Straumann / DentalWings. This is an optional feature that will have to be enabled and configured by the end-user.  

URL Port Protocol Encryption Executable Examples of IP addresses
N/A 5353 UDP 
multicast 		none Client N/A
N/A

20099 

Cares Visual Chairside

HTTP/TCP

 

 Server local network
N/A 20100 
CoDiagnostiX

Local 3rd Party Web Embedded Integration: ClearCorrect App, Automate Nightguard, Reveal DDX App and Automate Crown 

URL Port Protocol Encryption Executable Examples of IP addresses

https://api.clearcorrect.com/
https://eshop-dr.clearcorrect.com/ 
https://dr.clearcorrect.com/authentication

N/A

 HTTPS/TCP

TLS/SSL

 ThreeShape.Integrations.ClearCorrect.WebEmbedded.dll

N/A

https://automate.3shape.com/

ThreeShape.Integrations.Automate.Nightguard.WebEmbedded.dll

https://ddxdental.com/

ThreeShape.Integrations.DDX.Reveal.WebEmbedded.dll

https://automate.3shape.com/

ThreeShape.Integrations.Automate.Crown.WebEmbedded.dll

Remote scanning 

When using remote lab scanning in ScanIT Dental, the ports mentioned should be open for incoming traffic on the remote scanning PC.

URL Port Protocol Encryption Executable Examples of IP addresses
N/A 3781 TCP none ScanServer.exe N/A


Scanner Traffic 

This section lists all connections between the physical TRIOS 3 Scanner device and the Dental Desktop Client PC. 

TRIOS 3 Wired, TRIOS 3 Wireless & TRIOS 4

Only relevant for PCs connected to either a wired or wireless TRIOS 3 or 4 scanner. Note, for wireless scanners there is a difference between running a direct connection (using a TP-Link adapter, where the scanner has a set fixed IP addresses 10.33.3.1/10.33.3.3) and a TRIOS Share connection (where the scanner has a dynamic IP address obtained from a DHCP server). Wired scanners adhere to the fixed IP scenario.

URL Port Protocol Encryption Executable Examples of  IP addresses
Fixed or dynamic IP address 58220-58230 (local) or dynamic UDP None Client (Inbound rule from remote port 58218)

10.33.3.3 (fixed IP),

192.168.1.42 (dynamic IP)

TRIOS 3 Wireless & TRIOS 4 

Only relevant for PCs connected to wireless TRIOS 3 or TRIOS 4 scanner. This is an addition to the above.

URL Port Protocol Encryption Executable Examples of  IP addresses
Fixed or dynamic IP address 21 (FTP), 80 (HTTP), TCP, FTP, HTTP None Client

10.33.3.1 (fixed IP),

192.168.1.42 (dynamic IP)
Fixed or dynamic IP address 23796 (SMORP) TCP SMORP is a secure proprietary protocol Client

10.33.3.1 (fixed IP),

192.168.1.42 (dynamic IP)

TRIOS 5

Only relevant for PCs connected to wireless TRIOS 5.

URL Port Protocol Encryption Executable Examples of  IP addresses
Dynamic IP address 23796 (SMORP) TCP SMORP is a secure proprietary protocol Client 192.168.1.42

F8

Only relevant for PCs connected to a wired F8 Lab scanner.

URL Port Protocol Encryption Executable Examples of  IP addresses
Dynamic or link-local IP address 23796 (SMORP) TCP SMORP is a secure proprietary protocol ScanServer.exe 192.254.137.42,192.168.137.42

 

CAM 

Only relevant for PCs having the CAM server installed. The CAM installer adds rules for these ports to the local firewall. 

Milling machines & 3D printers  

URL Port Protocol Encryption Executable Machine/application
N/A 2277 TCP  

CAMbridge.exe

 

 Ivoclar PrograMill One cp1 software
N/A 2278 TCP   Ivoclar PrograMill One cp 2 software
N/A 1900 UDP   Ivoclar PrograMill One cp 1 and cp2 software
N/A 2048 
-2070 		TCP   CAMbridge.exe / DswHost.exe Ivoclar PrograMill One
http://localhost:8000 
/CeramillMotion/S1274 		8000 TPC AES-256 CAMbridge.exe Ceramill Motion

3Shape Produce

3Shape Produce is the new CAM integration Module replacing the former CAMbridge/CAMserver solution. Produce exposes a grpc API. In the grpc context Produce is the client and software implemented by partners (milling machines or printer manufacturers) are servers. These servers can be installed somewhere in the same local network as Unite.  

URL Port Protocol Encryption Executable
All active adapters addresses (for broadcast) any address inputted for unicast 6643 UDP (brodcast and unicast) None DentalDesktop.exe 
Any address in the local network Any port the partner chooses HTTP (grpc) Might use SSL   

CAMServer  

URL Port Protocol Encryption Executable Examples of IP addresses
N/A 4380 TCP   CAMbridge.exe http://localhost:4380/CAMbridge
N/A 5480 TPC   CAMbridge.exe  

Was this article helpful?

Give feedback about this article

Related Articles