Support

Ray Appliances are cloud-controlled, the controller uses Amazon Web Services(AWS). There are multiple network requirements for establishing a connection with Ray cloud servers. Your business should comply to these requirements otherwise the Ray cloud servers will be unreachable. 

Ray requires a long-lived TCP connection. Occasional requests will be made so the connection does not stay idle. However, you will have to ensure that your firewall, router, security, etc. do not terminate long-lived TCP connections.

The document covers the requirements for the following:

• Ports
• Protocols
• Domains 
• IP Addresses

Ports:

• For Incoming Traffic: 

        Your business firewall will protect the network from incoming data as normal.

• For Outgoing Traffic:

        The following three ports are used for outgoing traffic, 

• 8884 - mqttcloud.ray.life
• 443 - hubcloud.ray.life 
• 80 - pushprox.ray.life

These ports are used for maintaining a connection between the cloud and the device, not for incoming traffic or

listening. 

Protocols:

      The Ray Appliances use the following protocols:

1. MQTT
2. HTTPS
3. Ping

• Ray uses the MQTT protocol for communication between the Appliances and the Controller. MQTT is an open OASIS and ISO standard lightweight, publish-subscribe network protocol that transports messages between devices. The required ports should be open and whitelisted for all outgoing traffic. Some firewalls and proxies terminate non-SSL connections, which can interfere with the appliances' ability to connect to the Ray Controller.
• Ray uses HTTPS during the registration step, and it is necessary for restarts. We do not recommend blocking HTTPS after registration because you may need to re-register or restart your appliance at any time.
• Ray uses the Ping protocol as one of the steps in the network performance test.

Domains:

       Ray requires connectivity with the following domains:

• ray.life 
• captivecloud.ray.life
• s3.amazonaws.com
• time1.google.com (NTP Server)
• time2.google.com (NTP Server)
• time3.google.com (NTP Server)
• time4.google.com (NTP Server)

       Whitelisting can be done by domain name rather than IP addresses. 

IP Addresses:

Depending on your firewall and its functionality, simply whitelisting hostnames may not suffice; you may need to whitelist all IP addresses instead.

Examples of firewall behaviors that may not work with hostname whitelisting include:

• Firewalls that run a DNS query (against the DNS configured in your data center) and use the resulting IPs in the whitelist.
• Firewalls that monitor outbound DNS queries from machines in the data center and whitelist the IP addresses returned in the response.
• Firewalls that rely on hostnames identified during the HTTP/HTTPS handshake.

If your firewall exhibits any of these behaviors, IP whitelisting will be required.

For the list of IP addresses, please contact us at support@ray.life.

While you can attempt to whitelist all the IP addresses, the best approach is to allow all outgoing traffic and connections from the specified ports.

Note: If all of the above requirements are met and you are still unable to send messages through your network, please contact us at support@ray.life.