Service Requirements for Restricted Networks

Introduction

This information is provided to allow Network Security resources to understand and configure Network policies to allow access to ScreenScape5 Services over restricted networks. This information is subject to change without notice. It is recommended to configure whitelists by url names. We will not attempt to provide IP address information in this document as with any cloud service this information may change dynamically to support scaling and availability.

 

Whitelisting

We recommend that a whitelist rule be configured for all listed urls for https on TCP/443 to allow access to the full suite of ScreenScape services.

 

SSL Inspection

SSL inspection should not be configured for listed URLS. ScreenScape SmartPlayer devices do not currently support ssl inspection.

 

ScreenScape ScreenManager Service (Online Application)

The ScreenManager application requires access to the following urls:

  • https://screenscape.com
  • https://accounts.prod.screenscape.com
  • https://screenmanager.prod.screenscape.com
  • https://api.prod.screenscape.com
  • https://smartplayer.prod.screenscape.com
  • https://cloudstorage.prod.screenscape.com
  • https://support.screenscape.com
  • https://cdn.filestackcontent.com
  • https://screenscape-prod.auth0.com
  • https://api.appcues.net/
  • https://cdnjs.cloudflare.com
  • https://bam.nr-data.net
  • https://fonts.googleapis.com
  • https://fonts.gstatic.com
  • https://fast.appcues.com
  • https://cdn.auth0.com
  • https://my.appcues.com
  • https://screenscape-prod.auth0.com
  • https://app.launchdarkly.com
  • https://fullstory.com
  • https://rs.fullstory.com
  • https://clientstream.launchdarkly.com
  • https://js-agent.newrelic.com
  • https://events.launchdarkly.com

 

ScreenScape SmartPlayer Devices – All Platforms (Physical Hardware)

The ScreenScape Connect should be open to *.screenscape.com for both http/https The SmartPlayer application requires access to the following urls:

  • http://manage.screenscape.com
  • https://screenmanager.prod.screenscape.com
  • https://api.prod.screenscape.com
  • https://smartplayer.prod.screenscape.com
  • https://cloudstorage.prod.screenscape.com
  • https://configuration.prod.screenscape.com
  • https://devicemessages.prod.screenscape.com
  • https://cdn.filestackcontent.com
  • https://screenscape-prod.auth0.com
  • https://screenscape-prod-us-east-2-aptrepo.s3-us-east-2.amazonaws.com/

The Network Time Protocol (NTP) will be from TBD

 

Required URLS for Linux and SmartPlayer Updates

ScreenScape controls it’s device software updates via the following urls:

  • https://screenscape-prod-us-east-2-aptrepo.s3-us-east-2.amazonaws.com/
  • https://configuration.prod.screenscape.com

 

Customer Success Remote Support and Management Access

ScreenScape may require remote access to support or debug complex network scenarios. To do so, the ScreenScape devices require access to the following urls:

  • https://switch.ehorus.com
  • https://brocoli.ehorus.com:8080

 

SmartPlayer Performance and Health

For real-time performance and health status of the ScreenScape hardware, we rely on the NewRelic Infrastructure. In order to report data to New Relic, Infrastructure needs outbound access to these domains, networks and ports:

 

Required IP Addresses and Ports

We do not recommend IP based rules for these resources. ScreenScape is hosted on Amazon Web Services (AWS) and will require access to a large (and changing) range of CloudFront IP’s. Port usage is limited to 443 as much as possible.

 

ScreenScape ScreenManager Service (Online Application)

Please add IP Address for AWS CloudFront and S3 TCP/443

 

ScreenScape SmartPlayer Devices – All Platforms (Physical Hardware)

Please add IP Address for AWS CloudFront and S3 TCP/443
*  

The Network Time Protocol (NTP) will be from TBD

 

Third-Party Content

The ScreenScape service includes support for third party content services such as YouTube. These services are available through the ScreenScape service but require the hosting network to have access to the services. Customers operating with restricted networks who nevertheless wish to access third party content will need to add the necessary network rules, as determined by the content provider they wish to access, for third party content to function normally.

Need Assistance?

Can’t find the answer you’re looking for? Don’t worry we’re here to help! Give us a call at 1-877-666-1975 (Option 7) OR send us a help ticket using the button below. We’re available Mon – Fri from 7AM – 8PM Eastern Time.

SUBMIT A TICKET