Prerequisites for Node and Cloud Connector connectivity

  • Updated on Jan 11, 2025
  • Published on Dec 6, 2024
  • 2 minute(s) read

This section outlines system and hardware requirements, and minimum network configurations necessary to support Edge Node (formerly Edge iNode), Virtual Edge Node (formerly Virtual Edge iNode), and Cloud Connector (formerly Virtual iNode) connectivity.

Supported hardware for Edge Nodes

Secure Edge supports use of the following hardware devices for Edge Nodes:

  • Dell Edge Gateway 5000

  • Lanner NCA-1510D

  • Lanner NCA-1510A

  • Supermicro SYS-E50-9AP

  • Advantech UTX-3115

  • Lanner LEC-7230M

  • Adlink MXE-210 Series

Cloud requirements

The following cloud platforms are supported:

  • Amazon AWS

  • Microsoft Azure

  • VMware vSphere v6.x

  • Google Cloud

Cloud Connector and Virtual Edge Compute Requirements

2 vCPU, 4GB RAM, 10GB HDD, Public IP address

Network configuration

  • TCP port 443 outbound: Must be open and available on the WAN network. Edge Nodes, Virtual Edge Nodes, and Cloud Connectors need to establish an outbound TCP 443 connection to specific URLs and IP addresses for management plane connectivity.

  • TCP port 443 inbound: Must be open and available for Cloud Connectors. Not required for Edge Nodes and Virtual Edge Nodes.

  • WAN interface configuration: As a minimum requirement, Edge Nodes must be statically configured on the WAN interface with the appropriate proxy FQDN/IP + port number.

  • Firewall and proxy allowances: To establish connectivity, you must explicitly allow the following on the upstream firewall or proxy:

    • The public IP address (static) or FQDN for each Cloud Connector (formerly Virtual iNode).

    • All required domains listed in the Allowlist domains section below.

Allowlist domains

The following top-level domains are the minimum required for Edge Nodes to operate and run services. Ensure these top-level domains are allowed on your firewall or proxy. For detailed instructions, see Configuring an Edge Node to use Web Proxy.

Notes

  • The list does not account for any geolocation redirects that external infrastructure (container registries) may implement.

  • Domains/Hosts provided by container registries may change over time or be region specific, which is beyond our control.

  • We are unable to validate/verify whether these domains are reachable from a deployed site.

  • nodev3.iotium.io: Required for Edge Node connection to Secure Edge Portal for management of nodes.

  • *.google.com: Required for default NTP configuration of Edge Nodes. This is not needed if NTP configuration for the Northbound (WAN) interface has been modified.

  • *.docker.io and *.docker.com: Required for downloading Service images onto Edge Nodes. (Refer to note above.)

  • Public IP of Cloud Connectors

Allowlist domains (with Unified Cloud Gateway)

  • nodev3.iotium.io

  • Public IP of Cloud Connectors

Allowlist sub-domains (without Unified Cloud Gateway)

If you cannot use the wildcard top-level domains, allow the following recommended sub-domains, which are not managed by Secure Edge. Contact your Customer Success representative or email [email protected] for assistance.

Google Public NTP: Edge Nodes utilize Google Public Network Time Protocol (NTP) to synchronize clocks over the internet.

  • time1.google.com

  • time2.google.com

  • time3.google.com

  • time4.google.com

AWS Elastic Container Registry (ECR): Required for service deployment from private registry. Refer to ECR for details, which may change based on your account ID and region.

  • Example: 811888326187.dkr.ecr.us-east-2.amazonaws.com (repository namespace)

Azure Container Registry (ACR): Required for service deployment from private registry. Refer to ACR for details, which may change based on your account ID and region.

  • Example: privatereponame.azurecr.io (repository login server)