To facilitate Cloud services in a PROD environment, the following server URLs must be reachable through the corresponding firewall ports. Additional information can be found in our to be released Hardening Guideline 

Service

Cloud Endpoint

Port

Notes

Bootstrap

Old: https://bootstrap.siemens.com

New: https://bootstrap.connectivity.siemens.com

443

Old entry to be allow-listed until further notice.

MQTT Broker

Old:

mqtts://mqtt.device.horizoncloud.io

New: mqtts://mqtt.connectivity.siemens.com

443

 

App Software Update

Old: https://registry.horizoncloud.io

New: https://ota-update.connectivity.siemens.com

443

 

OS System Updates

https://proxy-hawkbit.horizoncloud.io

https://hawkbit.horizoncloud.io

443

 

Authorization Proxy

Old:

https://sb-auth-proxy-v2.horizoncloud.io

New:

https://proxy.connectivity.siemens.com

443

 

Time Synchronization

0.siemens.pool.ntp.org (Main Server)

1.siemens.pool.ntp.org (Backup Server)

2.siemens.pool.ntp.org (Backup Server)

3.siemens.pool.ntp.org (Backup Server)

123 UDP

 

DNS Fallback

8.8.8.8

443

 

Current Container Repository from AWS

*.dkr.ecr.eu-west-1.amazonaws.com

And

https://registry.horizoncloud.io

New:

https://registry.connectivity.siemens.com

443

We are currently in the upgrade process from openshift to AWS, so both URLs are required.

 

Planned DNS

*.connectivity.siemens.com

 

In a future release we will migrate to new DNS where all connectivity endpoints will use this URL.