Technical details for Internet access over the facility network
Nest NUCs
Each nest requires access to a facility provided hardwired Ethernet network connection. The network connection should provide outbound access to the following domains and ports. These ports and domains should be accessible through any firewalls that may be in place.
Domain / Address | Ports | Usage Notes |
*.balena-cloud.com | 443 |
HTTPS OpenVPN |
*.balena.io | 443 |
HTTPS OpenVPN |
*.docker.com | 443 | |
*.docker.io | 443 | |
0.resinio.pool.ntp.org 1.resinio.pool.ntp.org 2.resinio.pool.ntp.org 3.resinio.pool.ntp.org |
123 | NTP |
8.8.8.8 | 53 | DNS |
2vclazdqi5aa5pup6tldkpqz3m.appsync-api.us-east-1.amazonaws.com/ | 443 | GraphQL |
ware-kea-flightdata-us-east-1-prod.s3.amazonaws.com/ | 443 | HTTPS |
ao7h8nc43hzf2-ats.iot.us-east-1.amazonaws.com | 443 | MQTT |
Security References
- https://www.balena.io/docs/learn/welcome/security/
- https://www.balena.io/docs/reference/OS/network/2.x/#network-requirements
- https://docs.aws.amazon.com/appsync/latest/devguide/data-protection.html
- https://boto3.amazonaws.com/v1/documentation/api/latest/guide/security.html
- https://docs.aws.amazon.com/iot/latest/developerguide/data-encryption.html
Drones
Do not require facility networking.
- Each drone provides a private WPA WiFi connection used only by:
- Smart phone/tablet running the Skydio application to control manual flights
- Nest NUC to offload image and data files from the drone after flight
- Drone static IP address: 192.168.10.1/24
Smart Phones/Tablets
Facility provided Android or Apple iOS phones or tablets are required to load and run the Skydio app. One per in-service drone.
Phone/tablet WiFi is used to connect to and control the drone from the Skydio app.
Phone/tablet cellular or WiFi is used to connect to Skydio over the Internet, to download drone configurations or, as needed, upload drone logs for troubleshooting.