Service Requirements for Restricted Networks

Introduction to Restricted Networks

This information is provided to allow Network Security Administrators to understand and configure Network policies to allow access to ScreenScape5 Services over restricted networks. This information is subject to change without notice. It is recommended to configure whitelists by URL names. We will not attempt to provide IP address information in this document as with any cloud service this information may change dynamically to support scaling and availability.

SSL Inspection

SSL inspection should not be configured for listed URLs. ScreenScape SmartPlayer devices do not currently support SSL inspection.

Whitelisting

A whitelist rule is required to be configured for all listed URLs and HTTPS on TCP/443 to allow access to the full suite of ScreenScape services. If you only require access to the ScreenScape Media Manager only configure a rule for the first section.

Third-Party Content

The ScreenScape service includes support for third-party content services such as YouTube. These services are available through the ScreenScape service but require the hosting network to have access to the services. Customers operating with restricted networks who nevertheless wish to access third-party content will need to add the necessary network rules, as determined by the content provider they wish to access, for third-party content to function normally.

ScreenScape Media Manager (Online Application)

The Media Manager application requires access to the following URLs.

  • Marketing Website: https://screenscape.com
  • Support Website: https://support.screenscape.com
  • Web Application: https://screenmanager.prod.screenscape.com
  • Customer Data: https://api.prod.screenscape.com
  • Websites/RSS Feeds: https://*.proxy.prod.screenscape.com
  • Playlist Preview: https://smartplayer.prod.screenscape.com
  • Customer Assets: https://cloudstorage.prod.screenscape.com
  • Asset Uploads: https://cdn.filestackcontent.com
  • Web Paging in RPT: https://cdnjs.cloudflare.com
  • Login/ Authentication: 
    • https://cdn.auth0.com 
    • https://screenscape-prod.auth0.com
  • In-App Messaging:
    • https://api.appcues.net/
    • https://fast.appcues.com
    • https://my.appcues.com
  • Fonts:
    • https://fonts.googleapis.com
    • https://fonts.gstatic.com
  • Application Configuration/ Feature Flags:
    • https://app.launchdarkly.com
    • https://clientstream.launchdarkly.com
    • https://events.launchdarkly.com

ScreenScape Connect Devices (SmartPlayer)

The ScreenScape Connect devices should be open to *.screenscape.com for both http/https. The SmartPlayer application requires access to the following URLs:

  • Device Communication (MQTT/ HTTPS): a3u7w42nwoofyf-ats.iot.us-east-2.amazonaws.com
  • Security Updates: https://cloudfront.debian.net/debian
  • Websites/RSS Feeds: https://*.proxy.prod.screenscape.com
  • RPT Download and Time Sync: https://smartplayer.prod.screenscape.com
  • Custom Assets: https://cloudstorage.prod.screenscape.com
  • Weather Data: https://xml.customweather.com
  • Fonts: https://fonts.googleapis.com
  • YouTube Videos: https://www.youtube.com
  • Java Player: https://devicemessages.prod.screenscape.com
  • OS Update: http://ftp.debian.org/debian
  • Device Event Monitoring:
    • https://repos.influxdata.com/debian/
    • Keyserver.ubuntu.com:443
    • https://us-west-2-1.aws.cloud2.influxdata.com
    • https://sentry.io
  • Device Security and SmartPlayer Updates:
    • https://screenscape-prod-us-east-2-aptrepo.s3-us-east-2.amazonaws.com/
    • https://configuration.prod.screenscape.com

  • Customer Success Remote Support and Management Access:

    • https://s098176.mobicontrolcloud.com
    • https://s098176n443.mobicontrolcloud.com
    • https://s098176DS1.mobicontrolcloud.com:5494
    • https://switch.ehorus.com
    • https://brocoli.ehorus.com:8080

Required IP Addresses and Ports

We do not recommend IP-based rules for these resources. ScreenScape is hosted on Amazon Web Services (AWS) and will require access to a large (and changing) range of CloudFront IPs. Port usage is limited to 443 as much as possible.

ScreenScape Media Manager (Online Application)

Please add IP Address for AWS CloudFront and S3 – TCP/443

ScreenScape SmartPlayer Devices – All Platforms (Physical Hardware)

Please add IP Address for AWS CloudFront and S3 – TCP/443

 

Related Support Articles: