Skip to main content
All CollectionsTechnical Documents & FAQ's
Network Readiness Guide for Camera To Cloud
Network Readiness Guide for Camera To Cloud

This is will go over the network steps a you must perform for optimal performance of the system and operation of the Camera to Cloud Device.

Updated over 6 months ago

Arcules is designed to make a minimal footprint on your network infrastructure, and requires a few rules to be put in place to allow us to access your Camera to Cloud devices, with permission, as well as to apply updates to the Arcules Software. Some minor changes may be required on the customer’s side to ensure all of these criteria are met.

Installation

Camera to Cloud devices should be unboxed, attached to POE power, connected to an internet-facing network, and onboarded prior to being added to the organization. Instructions for this can be found here:

Guidelines and Notes

Certificates

  • Arcules will only validate against trusted certificate authorities, and not self signed certificates when communicating via the public internet. If you have questions around this please reach out to our security and compliance team.

Multi-ISP Environments

  • When the Arcules system lives within an environment that contains multiple ISP's, a firewall rule should be implemented to ensure all Arcules traffic goes over the same ISP, with the fastest ISP speed. Load balancing this traffic can affect the performance of live video feeds.

Firewall Settings

  • All firewall rules are for Outbound traffic only. No Inbound Ports should need to be opened. We have designed this in order to provide maximum security, with minimal rules.

  • All network traffic concerning customer data is encrypted both at rest and in flight to ensure data integrity and security.

  • Arcules recommends using domain names over IP addresses when configuring Allow listing for outbound traffic. We cannot guarantee they will not change IP Addresses in the future.

  • This is also the reason why Arcules does not provide an IP address as a replacement for the domain name. If an IP address of a domain is required, using a ping or nslookup through your DNS of choice will give you the current IP Address of the domain(s).

SSL/TLS Deep Packet Inspection

  • Arcules does not support network appliances running deep packet inspection on our traffic. This can cause certificate issues, and trust issues with our traffic’s encryption, and will have a detrimental effect on the operation of the Arcules system.

Proxy Servers

  • Arcules does not support network appliances functioning as proxy servers for internet traffic.

Camera To Cloud Device Rules

The following domains and ports must be opened in order for the Arcules Camera to Cloud device to be able to function, pull down updates, and report home for proactive monitoring.

These domains and ports must be opened so that each Camera to Cloud device has access to these endpoints.

Domain Name

Purpose

Protocol

Port

*.arcules.com

API Services

UDP/TCP/HTTPS,WSS

443

*.cloud.google.com

Google Services

TCP/HTTPS

443

*.googleapis.com

Google Services

TCP/HTTPS

443

*.googleusercontent.com

Google Services

TCP/HTTPS

443

*.gcr.io

Arcules Image Repository

TCP/HTTPS

443

*.docker.io

Core Image Repository

TCP/HTTPS

443

*.docker.com

Core Image Repository

TCP/HTTPS

443

rcss-production.arcules.com

Remote Support

TCP/SSH

2222

*.pool.ntp.org

Network Time Protocol

UDP

123

8.8.8.8 & <Insert own DNS here>

Domain Name Services

TCP & UDP

53

Client Network Rules

These client rules will allow for any system accessing the Arcules platform seamless usage. Any Inbound Ports associated to the requests would be client specified by the Client’s Operating System. Local Live / Local Playback feature requires clients to communicate directly to the cloud using UDP on Port 443. You cannot use Local Live / Local Playback if the client needs to go through proxies.

Domain

Usage

Protocol

Outbound Ports

API Services

UDP/TCP/HTTPS,WSS

443

*.arcules.com

Remote Device Access

TCP

4200 - 4250

*.intercom.com

Support And Chat

TCP/HTTPS/WSS

443

*.split.io

Early release Features

TCP/HTTPS/WSS

443

<Insert own DNS here>

Domain Name Services

TCP & UDP

53

Internal Network Service Rules

All of these requirements are only within your local network, and no external application of these rules are required.

Connection Type

Purpose

Protocols

Ports

CLIENT/SERVER

Local Live Viewing

UDP/RTP

20000 - 24999

Did this answer your question?