Avanti - Network Requirements Documentation 1.92
Purpose
The purpose of this article is to outline the required network configurations for release 1.92.
Overview
Access can be thru a customer's network, dedicated wired Internet (cable or DSL), or cellular modem. The kiosk supports a connection using a standard CAT5/6 cable, WiFi connections and USB cellular modems are not supported. When using an internet connection where all outbound traffic is allowed no special configuration is usually required. If the following requirements are not met the kiosk may have poor performance or not work at all. It is strongly recommended that if the kiosk is being placed on a customer's network that it be placed on a segregated vLAN or in a DMZ where it will not have access to other resources on the network.
Minimum Bandwidth and Data Transfer Requirement
A symmetric .5Mbps connection is sufficient for daily kiosk operations. It is important to note that this is the actual bandwidth available, to achieve this with a dedicated internet connection the advertised speed must usually be 2Mbps down and 1Mbps up.
Under normal operations the kiosk will use less than 1GB of data a month, however Avanti Markets may at times need to use additional data to meet business needs.
IP Address and DNS Assignment
Avanti kiosks can be assigned IP addresses and DNS servers using DHCP. Using DHCP is the preferred method. If necessary a static IP and specific DNS servers can be specified. If specific DNS servers are not specified Avanti will utilize 8.8.8.8 and 8.8.4.4
Minimum Internet Access
The kiosk must be able to communicate with resources on the following domains and ports. It is assumed that the DNS servers will be able to resolve the following URLs.
|
Domain |
Protocol |
Port |
Direction |
Note |
|
kiosk.mykioskworld.com |
TCP |
443 |
Outbound |
Avanti kiosk asynchronous service. |
|
dishout.mykioskworld.com |
TCP |
443 |
Outbound |
Avanti kiosks synchronous service. |
|
dsc.mykioskworld.com |
TCP |
443 |
Outbound |
Desired State Configuration server. |
|
support.mykioskworld.com |
TCP |
443 |
Outbound |
Remote access and management for Avanti Support. |
|
time.nist.gov |
NTP / UDP |
123 |
Outbound |
Time synchronization |
|
prod.dw.us.fdcnet.biz |
TCP |
443 |
Outbound |
Payment gateway for credit and debit payment. |
|
hercules.usconnectme.com |
TCP |
443 |
Outbound |
USConnect Gateway if kiosk is USConnect enabled |
|
40.112.142.148
|
TCP |
443 |
Outbound |
Data Candy |
Additional Recommended Internet Access
|
Domain |
Protocol |
Port |
Direction |
Note |
|
*.mykioskworld.com |
TCP / UDP |
TBD |
Outbound |
Top level Avanti domain. Additional services and infrastructure may be made available as our services continue to evolve in this name space. It is Avanti Markets' preference that this entire space be white listed. Avanti Markets will update our market operators when this occurs. |
Remote Camera and DVR Access
The following requirements must be met to enable the market operator to remotely view the cameras and DVR recordings. If the requirement is not fully met the market operator may not be able to remotely access the DVR and cameras at all or performance may be very poor. Data usage will increase if remote DVR access is being utilized. Connection speed must be at minimum 1Mbps down and 1Mbps up. Additional bandwidth up may be required to achieve optimal remote viewing.
| Domain | Protocol | Port | Direction | Note |
|
*.hamachi.cc *.logmein.com |
TCP UDP |
12975 32976 17771 |
Outbound UDP hole punching |
LogMeIn Hamachi VPN attempts to create point to point connections between the kiosk and the market operator's PC running DVR client software. This point to point connection utilizes UPD hole punching. If this is not successful then a connections is made via the Hamachi relay server via UDP or TCP. |
Emails
Web Access and the email receipt function from the kiosk will send the market users emails from our email service. The following email address may need to be white listed on the customer mail server if the market users are permitted to use their company email address.
no-reply=avantimarkets.com@avanti.mykioskworld.com on behalf of no-reply@avantimarkets.com
Datawire Integration
The following requirements apply only to locations using Datawire stored value solutions.
|
Domain |
Protocol |
Port |
Direction |
Note |
|
https://vxn.datawire.net |
TCP |
443 |
Outbound |
Active Service Provider |
|
https://vxn1.datawire.net |
TCP |
443 |
Outbound |
Alternate Active Service Provider |
|
https://vxn2.datawire.net |
TCP |
443 |
Outbound |
Alternate Active Service Provider |
|
https://vxn3.datawire.net |
TCP |
443 |
Outbound |
Alternate Active Service Provider |
|
https://vxn4.datawire.net |
TCP |
443 |
Outbound |
Alternate Active Service Provider |
|
https://support.datawire.net |
TCP |
443 |
Outbound |
Instance registration server |
Network Requirements Supplemental Information
IP Ranges and Ports
Some firewalls do not support the white listing of the URLs provided in the network requirements. Some IT departments will also have this as a policy. The IP addresses in the below section are fairly stable but always "Subject to change without notification." Avanti Markets will notify operators of any planned changes to the IP addresses under Avanti Markets control. Emergency changes may be necessary in some cases and may not be communicated in advance. IP address not controlled by Avanti Markets may be changed without notification, Avanti Markets will notify our market operators when we become aware of changes to these IP addresses. Avanti Markets recommends white listing the URLs provided rather than the IP addresses to enhance resilience and reliability.
Credit and Debit Card Processor - Prod.dw.us.fdcnet.biz
The credit and debit transactions are passed directly to our processor on port 443 (TCP) at 216.66.222.254 and 208.72.254.254
Kiosk Asynchronous Service - kiosk.mykioskworld.com
The application asynchronously communicates on port 443 (TCP) and the IP address it connects to is 104.45.215.218
Kiosk Synchronous Service - dishout.mykioskworld.com
The application synchronously communicates on port 443 (TCP) and the IP address it connects to is 13.83.25.65
Desired State Configuration - dsc.mykioskworld.com
Configuration management communicates on port 443 (TCP) and the IP address it connects to is 13.91.108.167
Remote Management and Support - support.mykioskworld.com
Remote support appliance for remote access. Communicates on port 443 (TCP) and the IP address it connects to is 13.93.196.142
Time Synchronization - time.nist.gov
Time servers communication will be using NTP/UDP on port 123. A complete list of IP addresses can be found at: https://tf.nist.gov/tf-cgi/servers. cgi
Remote Camera and DVR Access - *.hamachi.cc
This allows the market operator to remotely view the DVR recordings and live footage from the market. The market operator only has access to the DVR. The Hamachi VPN client will use the following ports 443, 12975, 17771, and 32976 when it is is communicating with the Hamachi servers. The Hamachi servers are operated out of the same pool of addresses as other LogMeIn infrastructure.
Allow List:
https://support.logmeininc.com/hamachi/help/allowlisting-and-goto
For optimal bandwidth Hamachi attempts to negotiate a point to point connection via UDP hole punching with the market operator's PC running the Hamachi client. This will result in UDP traffic on unspecified ports from the market operator's IP address in addition to the address rages listed above. If the point to point connection fails the connection will be relayed through a Hamachi relay server.
USConnect Gateway if kiosk is USConnect enabled - hercules.usconnectme.com
Communicates on port 443 (TCP)
54.175.223.2
52.7.29.74
34.196.157.67
52.54.158.222
34.236.207.68
54.236.168.80
34.239.50.172
54.173.38.227
34.232.246.252
52.5.154.83
184.73.218.134
35.171.0.114
52.223.46.63
35.71.139.175
Datawire Integration - *.datawire.net
The following requirements apply only to locations using Datawire stored value solutions.
216.220.36.75
129.33.160.116
64.243.142.36
206.112.91.167
66.241.131.100
69.46.100.78