Integrating the SSH platform into an existing IT infrastructure

In order to make the most of the symmedia Hub features, it is important to make sure that the technical requirements regarding network connections are met.

In this section we assume, for the sake of simplicity, that the organization using the symmedia Hub has split its networking into (at least) two network segments:

The organization’s office network
The organization's machine network

Office Network

The office network is assumed to contain all office computers that are run outside of the shopfloor (i.e. management, sales, procurement etc.).
The primary use case of the symmedia Hub is assumed to be using the portal app to i.e. track Service Cases, upload and maintain machine documents etc.
It is assumed that a general access to the internet is possible and that no URL restrictions are in place (through i.e. proxy or firewall rules).

Please consult the table below to make sure that all required URLs are reachable from the computers in the office network that need to access the symmedia Hub´s portal application.

Machine Network

The machine network is assumed to contain all the OT equipment on the shop floor (HMIs, Edge Devices etc.). It is further assumed that additional restrictions are in place that limit the kinds of network traffic to and from the network.

Portal

The portal is a web application, running in the browser. It offers the general user interface to interact with Service Cases, conferencing, remote access settings, machine documents etc. .

In order to use the app to its full extent, these urls need to be reachable:

URL	Port	Use
*.symmedia-hub.com (new)	443	Portal App
*.secure-service-hub.com	443	Portal App
*.secure-service-hub.io	443	Matrix integration
fonts.googleapis.com	443	Google Fonts used in the portal app
fonts.gstatic.net	443	Google Fonts used in the portal app
*.windows.net	443	Assets/Texts stored in Azure
aadcdn.msauth.net	443	Authentication
aadcdn.msauthimages.net	443	Authentication
login.live.com	443	Authentication
login.microsoftonline.com	443	Authentication
tokenprovider.termsofuse.identitygovernance.azure.com	443	Authentication
symcloudplatformb2cprod.b2clogin.com	443	Authentication
azfunc-symuserinvitation-prod.azurewebsites.net	443	Authentication
azfunc-symuserinvitation-staging.azurewebsites.net	443	Authentication

Firewall Configuration

The Edge Device requires connectivity to the internet, in order to establish a connection to symmedia Hub’s cloud platform.

Endpoint	IP address	Port / Protocol	Description
portunification.symmedia-hub.com (new)	20.76.82.231	22552	Unify PRODUCTION
portunification.secure-service-hub.com	20.76.82.231	22552	Unify PRODUCTION
device-certificate.symmedia-hub.com (new)	20.76.82.231	443	certificate provisioning on PROD
dcs-prod.secure-service-hub.com	20.76.82.231	443	certificate provisioning on PROD
global.azure-devices-provisioning.net	20.43.44.164	443	Fallback Azure
global.azure-devices-provisioning.net	20.43.44.164	5671	Fallback Azure
global.azure-devices-provisioning.net	20.43.44.164	8883	Fallback Azure
8.8.8.8	8.8.8.8	ICMP	Internet connectivity check ICMP
8.8.8.8	8.8.8.8	53	Fallback DNS used by Docker