Network Configuration
Integrating the SSH platform into an existing IT infrastructure
In order to make the most of the symmedia Hub features, it is important to make sure that the technical requirements regarding network connections are met.
In this section we assume, for the sake of simplicity, that the organization using the symmedia Hub has split its networking into (at least) two network segments:
The organization’s office network
The organization's machine network
Office Network
- The office network is assumed to contain all office computers that are run outside of the shopfloor (i.e. management, sales, procurement etc.).
- The primary use case of the symmedia Hub is assumed to be using the portal app to i.e. track Service Cases, upload and maintain machine documents etc.
- It is assumed that a general access to the internet is possible and that no URL restrictions are in place (through i.e. proxy or firewall rules).
Please consult the table below to make sure that all required URLs are reachable from the computers in the office network that need to access the symmedia Hub´s portal application.
Machine Network
The machine network is assumed to contain all the OT equipment on the shop floor (HMIs, Edge Devices etc.). It is further assumed that additional restrictions are in place that limit the kinds of network traffic to and from the network.
Portal
The portal is a web application, running in the browser. It offers the general user interface to interact with Service Cases, conferencing, remote access settings, machine documents etc. .
In order to use the app to its full extent, these urls need to be reachable:
URL | Port | Use |
---|---|---|
*.symmedia-hub.com (new) | 443 | Portal App |
443 | Portal App | |
*.secure-service-hub.io | 443 | Matrix integration |
fonts.googleapis.com | 443 | Google Fonts used in the portal app |
fonts.gstatic.net | 443 | Google Fonts used in the portal app |
*.windows.net | 443 | Assets/Texts stored in Azure |
aadcdn.msauth.net | 443 | Authentication |
aadcdn.msauthimages.net | 443 | Authentication |
login.live.com | 443 | Authentication |
login.microsoftonline.com | 443 | Authentication |
tokenprovider.termsofuse.identitygovernance.azure.com | 443 | Authentication |
symcloudplatformb2cprod.b2clogin.com | 443 | Authentication |
azfunc-symuserinvitation-prod.azurewebsites.net | 443 | Authentication |
azfunc-symuserinvitation-staging.azurewebsites.net | 443 | Authentication |
Firewall Configuration
The Edge Device requires connectivity to the internet, in order to establish a connection to symmedia Hub’s cloud platform.
Endpoint | IP address | Port / Protocol | Description |
---|---|---|---|
portunification.symmedia-hub.com (new) | 20.76.82.231 | 22552 | Unify PRODUCTION |
20.76.82.231 | 22552 | Unify PRODUCTION | |
device-certificate.symmedia-hub.com (new) | 20.76.82.231 | 443 | certificate provisioning on PROD |
20.76.82.231 | 443 | certificate provisioning on PROD | |
20.43.44.164 | 443 | Fallback Azure | |
20.43.44.164 | 5671 | Fallback Azure | |
20.43.44.164 | 8883 | Fallback Azure | |
8.8.8.8 | 8.8.8.8 | ICMP | Internet connectivity check ICMP |
8.8.8.8 | 8.8.8.8 | 53 | Fallback DNS used by Docker |