1. Home
  2. Knowledge Base
  3. Licensing & Software Manager
  4. Configuring cloud connection for secure environments or proxy servers

Configuring cloud connection for secure environments or proxy servers

PrintFactory uses the LicenseServer service to connect to its cloud infrastructure. The LicenseServer acts as a proxy for all applications. By acting as a proxy there is no need to have Internet access on the production floor as long as the LicenseServer is reachable by the applications.

Required connections

In order to establish the bi-directional communication between the on premises and cloud applications the LicenseServer expects to have access to the following servers and ports:

Default configuration (SSL enabled):

  • api.aurelon.com, port 443 (https)
  • app.aurelon.com, port 443 (https)
  • connect.aurelon.com, 27499 (wss)
  • notification.aurelon.com, port 8080 (ws)
  • updates.aurelon.com, 443 (https)
  • order.aurelon.com, 443 (https)

When SSL is disabled (default configuration before version 6.4.7):

  • api.aurelon.com, port 80 (http)
  • app.aurelon.com, port 80 (http) and 443 (https)
  • connect.aurelon.com, port 27498 (ws)
  • notification.aurelon.com, port 8080 (ws)
  • updates.aurelon.com, port 80 (http)
  • order.aurelon.com, port 80 (http) and 443 (https)

Software Manager will do a check using the LicenseServer if the connections can be established. The left green tick shows if the Software Manager (and therefore all other on-premises application) can reach the LicenseServer Proxy, the right tick shows if the LicenseServer can reach the cloud applications. A green tick shows successful bi-directional communication an amber tick means that it is allowed to send data to the cloud but not able to receive information back. The latter means that WebSocket connectivity is blocked (connect.aurelon.com).

If the right tick is amber coloured then not all connections are successfully established. To find out what fails hover over the tick and a tooltip window will appear listing the details of each of the connections.

Common practice

A common set-up is to install the LicenseServer in a secure environment controlled by the IT department. The LicenseServer is installed on an edge server and the firewall is set-up only to allow access to and from the aforementioned servers on the interface that connects to the Internet and allow unrestricted access to the production floor or a firewall limited to ports:

  • UDP port 5436 (Proxy discovery)
  • UDP port 5437 (RIP discovery)
  • TCP port 5438 (RIP REST API and RIP Web UI)
  • TCP port 5536 (Configuration proxy)
  • TCP port 5470 (Internet proxy)

Secure communication and storage

All communication is by default encrypted between the proxy and the cloud. The connection acts as VPN between your local installation(s) and the secure cloud storage.

The data is redundantly stored on multiple devices across multiple facilities in an Amazon S3 Region close to your location.

Reporting only set-up

An exceptional case is to have a webproxy server, allowing to report statuses and statistics to the cloud but not receiving automation instructions from the cloud.

By default, the LicenseServer application tries to connect to the Internet and also tries to establish the Proxy settings automatically.

In case the proxy settings are not found, the file “DRMSettings.ini” is interpreted. This file can be created next to the “License.cfg” file. The proxy settings can be defined into this file, using the particular proxy, port, username and password of your network.

You can find below an example for this “DRMSettings.ini” file:

<?xml version="1.0"?>
<ProxySettings>
   <Proxy>www.google.com</Proxy>
   <Port>123</Port>
   <User>User</User>
   <Pass>Pass</Pass>
</ProxySettings>

Disable Cloud Connectivity

To fully disable the API connectivity for your company go to the cloud set-up and disable “Data Collection”

Updated on June 23, 2021

Was this article helpful?

Related Articles