Firewall Guidelines

Following endpoints are required for the complete Ouva Assistant solution.

General Requirements

Most endpoints require access to ports 80, 443. If you are able to provide global access, that resolves most of the need for additional filtering. Otherwise, below is the list of Ouva and third-party components described as accurately as possible.

Operating System Updates

  • http://mirror.centos.org

    • 128.196.204.204:80

  • https://dl.fedoraproject.org

    • 209.132.181.23:443

    • 209.132.181.24:443

    • 209.132.181.25:443

  • https://download1.rpmfusion.org

    • 193.28.235.60:443

Application Updates

All Ouva software and required third-party packages are hosted with Nexus on AWS server. When setting up the Operating System, updating application software, the end-device pulls the latest binaries from these servers.

  • repo.internal.ouva:80

  • repo.internal.ouva.co:443

Screen Monitoring

Ouva assistant screens takes a low resolution screenshot and uploads it to Ouva storage on AWS S3. This allows our maintenance team to have a live view of all devices and ensures that everything is working as expected without having to log into devices individually. (Optional)

  • ouvadevops.s3.amazonaws.com:443

Diagnostic Monitoring

Device diagnostic data (e.g. CPU temperature, memory utilization) is sent to Ouva-hosted server (on AWS) which processes data using Zabbix software. If there is anything out of ordinary, it automatically pings Ouva maintenance staff. (Optional)

  • zabbix.internal.ouva.co:10051

Audit Log

Logs are collected on Ouva-hosted server (on AWS) and are processed using Elasticsearch, Logstash and Kibana stack. (Optional)

  • log.internal.ouva.co:9200

Mapbox

Facility map data is hosted in GeoJson format on Mapbox servers privately. The screen end-device application certifies credentials and pulls the data from the below servers.

  • mapbox.com

  • www.mapbox.com

  • api.mapbox.com

  • api.tiles.mapbox.com

  • a.tiles.mapbox.com

  • b.tiles.mapbox.com

  • c.tiles.mapbox.com

  • d.tiles.mapbox.com

Speech Recognition Server

We use the following Google Cloud endpoints to utilize their speech recognition servers. The audio data generated from the end-device is securely transferred via TLS, turned into a transcript and sent back to the end-device. No data is stored on the servers.

  • *.googleapis.com

  • accounts.google.com

  • speech.googleapis.com/*

  • accounts.google.com/*

  • www.googleapis.com/*

  • oauth2.googleapis.com/*

  • cloud.google.com/*

PreviousData Flow ArchitectureNextMonitoring and Support Infrastructure

Last updated