Arcules is designed to make a minimal footprint on your network infrastructure, and requires a few rules to be put in place to allow us to access your Camera to Cloud devices, with permission, as well as to apply updates to the Arcules Software. Some minor changes may be required on the customer’s side to ensure all of these criteria are met.
Installation
Camera to Cloud devices should be unboxed, attached to POE power, connected to an internet-facing network, and onboarded prior to being added to the organization. Instructions for this can be found here:
Guidelines and Notes
Certificates
Arcules will only validate against trusted certificate authorities, and not self signed certificates when communicating via the public internet. If you have questions around this please reach out to our security and compliance team.
Multi-ISP Environments
When the Arcules system lives within an environment that contains multiple ISP's, a firewall rule should be implemented to ensure all Arcules traffic goes over the same ISP, with the fastest ISP speed. Load balancing this traffic can affect the performance of live video feeds.
Firewall Settings
All firewall rules are for Outbound traffic only. No Inbound Ports should need to be opened. We have designed this in order to provide maximum security, with minimal rules.
All network traffic concerning customer data is encrypted both at rest and in flight to ensure data integrity and security.
Arcules recommends using domain names over IP addresses when configuring Allow listing for outbound traffic. We cannot guarantee they will not change IP Addresses in the future.
This is also the reason why Arcules does not provide an IP address as a replacement for the domain name. If an IP address of a domain is required, using a ping or nslookup through your DNS of choice will give you the current IP Address of the domain(s).
SSL/TLS Deep Packet Inspection
Arcules does not support network appliances running deep packet inspection on our traffic. This can cause certificate issues, and trust issues with our traffic’s encryption, and will have a detrimental effect on the operation of the Arcules system.
Proxy Servers
Arcules does not support network appliances functioning as proxy servers for internet traffic.
Camera To Cloud Device Rules
The following domains and ports must be opened in order for the Arcules Camera to Cloud device to be able to function, pull down updates, and report home for proactive monitoring.
These domains and ports must be opened so that each Camera to Cloud device has access to these endpoints.
Domain Name | Purpose | Protocol | Port |
*.arcules.com | API Services | UDP/TCP/HTTPS,WSS | 443 |
|
|
|
|
*.cloud.google.com | Google Services | TCP/HTTPS | 443 |
*.googleapis.com | Google Services | TCP/HTTPS | 443 |
*.googleusercontent.com | Google Services | TCP/HTTPS | 443 |
|
|
|
|
*.gcr.io | Arcules Image Repository | TCP/HTTPS | 443 |
|
|
|
|
*.docker.io | Core Image Repository | TCP/HTTPS | 443 |
*.docker.com | Core Image Repository | TCP/HTTPS | 443 |
|
|
|
|
rcss-production.arcules.com | Remote Support | TCP/SSH | 2222 |
|
|
|
|
*.pool.ntp.org | Network Time Protocol | UDP | 123 |
8.8.8.8 & <Insert own DNS here> | Domain Name Services | TCP & UDP | 53 |
Client Network Rules
These client rules will allow for any system accessing the Arcules platform seamless usage. Any Inbound Ports associated to the requests would be client specified by the Client’s Operating System. Local Live / Local Playback feature requires clients to communicate directly to the cloud using UDP on Port 443. You cannot use Local Live / Local Playback if the client needs to go through proxies.
Domain | Usage | Protocol | Outbound Ports |
API Services | UDP/TCP/HTTPS,WSS | 443 | |
*.arcules.com | Remote Device Access | TCP | 4200 - 4250 |
*.intercom.com | Support And Chat | TCP/HTTPS/WSS | 443 |
*.split.io | Early release Features | TCP/HTTPS/WSS | 443 |
<Insert own DNS here> | Domain Name Services | TCP & UDP | 53 |
Internal Network Service Rules
All of these requirements are only within your local network, and no external application of these rules are required.
Connection Type | Purpose | Protocols | Ports |
|
CLIENT/SERVER | Local Live Viewing | UDP/RTP | 20000 - 24999 |
|