Network Firewall Rules (2.0.x)

Modified on Tue, 26 Mar 2024 at 10:54 AM

NOTE: Network firewall rules updated with RemoteSpark 2.0.33

This article contains information for network teams to prepare their environment for deployment of RemoteSpark.


Glossary

Web Endpoint: is the API the RemoteSpark Client uses to interact with the system

Storage Endpoint: how the system uploads and downloads content

STUN/TURN: how video calls are established between the Expert and the remote worker

Traffic Manager: how the application selects which data centre to use for the application


Note: our cloud-based solution is hosted on Microsoft Azure. For more information on Azure services, see here.

Ports to open

  • 443 (TCP)
  • 3478 (TCP/UDP)

DNS

  • Public DNS resolution

Endpoints

The cloud configuration of RemoteSpark requires users to allow the Traffic Manager endpoint, the CDN endpoint, and each of the datacentre endpoints through their firewall.

  • Benefits of using Traffic Manager: increased availability and app response time, improved app performance and content delivery, along with DNS-based load balancing. If a specific datacentre is offline for any reason, your ability to connect to RemoteSpark services and perform video calls is not affected when using Traffic Manager.
  • By default, Traffic Manager in RemoteSpark (shown as RemoteSpark Cloud in the RemoteSpark Client settings page) will route your connection to the fastest available datacentre. Most often this is the closest one geographically to the user, but can vary depending on traffic and other factors.


Note: our cloud-based solution is hosted on Microsoft Azure. For more information on Azure services, see here.


Caution: RemoteSpark updates may require new endpoint rules.


Traffic Manager endpoint


CDN endpoint

  • cdn.kognitivspark.net


North America datacentre endpoints

Europe datacentre endpoints


STUN/TURN Redundancies

In the unlikely event that our (Azure's) STUN/TURN servers go offline we have the following redundancies in place to ensure that there is no interruption in service. Please ensure that they're added to your firewall settings for good measure.

  • global.turn.twilio.com
  • stun.google.com


Options for not whitelisting all traffic

If you choose to select a specific data centre, depending on your network configuration you will need to allow traffic on Port 3478 (TCP/UDP) and 5349 (TCP/UDP).


If you don’t whitelist all traffic on those two ports, you will need to contact Kognitiv Spark Support to determine the correct IP addresses for those ports.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article