Edge Devices come as part of the machines. They are attached to a machine and runs its own firewall software, to restrict traffic from/to the local network. In addition to using the local network, Edge Devices can also establish their own wifi network to easily integrate additional wireless equipment.
Integrating the SSH platform into an existing IT infrastructure
In order to make the most of the SSH features, it is important to make sure that the technical requirements regarding network connections are met.
In this section we assume, for the sake of simplicity, that the organization using the Secure Service Hub has split its networking into (at least) two network segments:
The organization’s office network
The organization's machine network
Office Network
- The office network is assumed to contain all office computers that are run outside of the shopfloor (i.e. management, sales, procurement etc.).
- The primary use case of the Secure Service Hub is assumed to be using the portal app to i.e. track Service Cases, upload and maintain machine documents etc.
- It is assumed that a general access to the internet is possible and that no URL restrictions are in place (through i.e. proxy or firewall rules).
Please consult the table below to make sure that all required URLs are reachable from the computers in the office network that need to access the SSH’s portal application.
Machine Network
The machine network is assumed to contain all the OT equipment on the shop floor (HMIs, Edge Devices etc.). It is further assumed that additional restrictions are in place that limit the kinds of network traffic to and from the network.
Portal
The portal is a web application, running in the browser. It offers the general user interface to interact with Service Cases, conferencing, remote access settings, machine documents etc. .
In order to use the app to its full extent, these urls need to be reachable:
| URL | Port | Use |
|---|---|---|
| *.secure-service-hub.com | 443 | Portal App |
| *.secure-service-hub.de | 443 | Portal App (Staging environment) |
| *.secure-service-hub.io | 443 | Matrix integration |
| fonts.googleapis.com | 443 | Google Fonts used in the portal app |
| fonts.gstatic.net | 443 | Google Fonts used in the portal app |
| *.windows.net | 443 | Assets/Texts stored in Azure |
| aadcdn.msauth.net | 443 | Authentication |
| aadcdn.msauthimages.net | 443 | Authentication |
| login.live.com | 443 | Authentication |
| login.microsoftonline.com | 443 | Authentication |
| tokenprovider.termsofuse.identitygovernance.azure.com | 443 | Authentication |
| symcloudplatformb2cprod.b2clogin.com | 443 | Authentication |
| azfunc-symuserinvitation-<env>.azurewebsites.net | 443 | Authentication |
Firewall Configuration
The Edge Device requires connectivity to the internet, in order to establish a connection to the Secure Service Hub’s cloud platform.
Endpoint | IP address | Port / Protocol | Description |
|---|---|---|---|
20.31.126.39 | 22552 | Unify STAGING | |
20.76.82.231 | 22552 | Unify PRODUCTION | |
20.76.82.231 | 443 | certificate provisioning on PROD | |
20.76.82.231 | 443 | certificate provisioning on STAGING | |
20.43.44.164 | 443 | Fallback Azure | |
20.43.44.164 | 5671 | Fallback Azure | |
20.43.44.164 | 8883 | Fallback Azure | |
8.8.8.8 | 8.8.8.8 | ICMP | Internet connectivity check ICMP |
8.8.8.8 | 8.8.8.8 | 53 | Fallback DNS used by Docker |