Contents x
      Prerequisites for iNode Connectivity
      • 28 Jul 2024
      • 2 Minutes to read
      • Print
      • Dark
        Light
      Contents

      Prerequisites for iNode Connectivity

      • Updated on 28 Jul 2024
      • 2 Minutes to read
      • Print
      • Dark
        Light
      Article summary

      This section covers the minimum network requirements and configurations to support iNode connectivity. For the latest information on system and hardware requirements for Edge iNodes and Virtual iNodes, see the Release Notes.

      Network configuration

      •  TCP port 443 Outbound must be open and available on the WAN network. iNodes need to establish an outbound TCP 443 connection to specific URLs and IPs for management plane connectivity.

      • As a minimum requirement, an iNode must be statically configured on the WAN interface with proxy FQDN/IP + port number.

      • In order for the iNode to establish connectivity, you must explicitly allow the following on the upstream firewall or proxy:

        • The public IP address (static) or FQDN for each virtual iNode

        • All required domains listed in the next section Allowlist domains

      Allowlist domains

      The following list is the minimum set of domains that iNodes require to function and run services. You must allow these top-level domains on your firewall or proxy (for instructions, see Configuring an iNode to Use Web Proxy):

      Note

      • The list below does not account for any geo-location redirects that external infrastructure (Container registries) may implement.

      • Domains/Hosts provided by Container Registries may change over a period of time or may be region specific, which is beyond our control.

      • We are unable to validate/verify whether these domains are reachable from a deployed site.

      • nodev3.iotium.io: Required for Edge iNode connection to Secure Edge Portal for management of iNodes.

      • *.google.com: Required for default NTP configuration of the Edge iNode. Not required if NTP configuration of iNode Northbound (WAN) was modified.

      • *.docker.io: Required for downloading Service images onto the Edge iNode. (Refer to note above.)

      • *.docker.com: Required for downloading Service images onto the Edge iNode. (Refer to note above.)

      • Public IP of Virtual iNodes

      Allowlist domains (with Unified Cloud Gateway)

      • nodev3.iotium.io

      • Public IP of Virtual iNodes

      Allowlist sub-domains (without Unified Cloud Gateway)

      The following lists include the recommended sub-domains to allow if you cannot use the wildcard top-level domains mentioned above.

      Non-Secure Edge managed, Google public (required for iNode to synchronize its clocks):

      • time1.google.com

      • time2.google.com

      • time3.google.com

      • time4.google.com

      iNodes uses this Google Public Network Time Protocol (NTP) to synchronize its clocks over the Internet.

      Non-Secure Edge managed, AWS ECR (required for service deployment from private registry):

      • Example: 811888326187.dkr.ecr.us-east-2.amazonaws.com (repository namespace)

      Refer to ECR for details. These may change based on account-id and region, etc. Contact your Customer Success representative or email [email protected] for assistance.

      Non-Secure Edge managed, Azure ACR (required for service deployment from private registry):

      • Example: privatereponame.azurecr.io (repository login server)

      Refer to ACR for details. These may change based on account-id/name. Contact your Customer Success representative or email [email protected] for assistance.


      Was this article helpful?
      What's Next