/
Connect Remote Connectivity
Document toolboxDocument toolbox

Connect Remote Connectivity

Owned by Documentation Reviewer
Last updated: Jan 29, 2024 by Kimberly Onnen

Connect's cloud-based analytics hinge on the ability to collect and send data from the Building Automation System (BAS) to the Cloud server. Approval and assistance are requested from the network administrator for gaining access to the BAS network and securing a connection to the cloud server. Once outbound network access is allowed, the Connect MiniAgent will serve as a data pump, collecting and pushing data from the BAS to the cloud. All the data is SSL encrypted and uses the following outbound ports listed below.

Please review the IP addresses listed in the Application Servers section below as they may have changed recently.



Static IP address to assign Device (if DHCP is not enabled): _______________________

Databases


Port: UDP/TCP 5432



Application Servers


For the Application Servers, you must enter either the two URLs OR the three IP addresses for the outbound traffic rule.

URLsIP Addresses

appservice-01.connect.key2act.io
connect.cirrus.key2act.com
 

34.226.68.99
34.225.187.111
52.201.18.79


 
Port: TCP 57000, 57001


  • Rule: Allow outbound traffic to: See table above.
  • Reason: Allow communication to the Connect licensing server to validate software license.


Port: TCP 57XXX (unique per WennSoft Customer)


  • Rule: Allow outbound traffic to: See table above
  • Reason: Allow communication to Connect application server

Time Synchronization

  • Rule: Allow outbound UDP port 123 traffic (NTP).

  • Reason: Synchronize the operating system clock on the Mini-Agent. Time requests are made to pool.ntp.org. As that is a DNS round-robin pool, the actual IP address will vary each time. Accurate time will ensure samples and log entries will be synchronized with servers and other events.

Domain Name Service (DNS)

  • Rule: Allow outbound UDP port 53, either to the site router or to the public DNS server.
  • Reason: The Mini-Agent needs to resolve domain names such as the above URLs and NTP servers. If the "static IP address" option is checked in the Mini Agent Setup screen, then the DNS server listed there will be used. If the "static IP address" option is not checked, then the DHCP server will be consulted. In either case, the Mini Agent will also attempt to use 8.8.8.8, a public Google nameserver. Only one of these methods needs to succeed.
    If the event log shows a message like "Could not resolve host 'appservice-01.connect.key2act.io'", then DNS should be checked.

Optional: Ping (ICMP)

  • Rule: Allow outbound ICMP to 4.2.2.2, a public Google address.

  • Reason: Upon booting, the Mini-Agent checks for a successful Internet connection by sending a ping to a well-known, public address. If it does not detect this connection, it will wait for one minute in its boot phase until it gets one. The event log will show the message "Waiting for network connection..." After this minute it will attempt to continue anyway.