Technical details for Internet access over the facility network
Nest NUCs
Each nest requires access to a facility provided hardwired Ethernet network connection. There are two options for how to connect your nest. Either you can allow all of the traffic under the Direct Access section below or you can choose to use our proxy. Directions under the Proxy section below.
Direct Access
The network connection should provide outbound access to the following domains and ports. These ports and domains should be accessible through any firewalls that may be in place.
Domain / Address | Ports | Usage Notes |
*.balena-cloud.com | 443 |
HTTPS OpenVPN |
*.balena.io | 443 |
HTTPS OpenVPN |
*.docker.com | 443 | |
*.docker.io | 443 | |
*.resin.io | 443 | |
0.resinio.pool.ntp.org 1.resinio.pool.ntp.org 2.resinio.pool.ntp.org 3.resinio.pool.ntp.org |
123 | NTP |
8.8.8.8 | 53 | DNS |
2vclazdqi5aa5pup6tldkpqz3m.appsync-api.us-east-1.amazonaws.com/ | 443 | GraphQL |
ware-kea-flightdata-us-east-1-prod.s3.amazonaws.com/ | 443 | HTTPS |
ao7h8nc43hzf2-ats.iot.us-east-1.amazonaws.com | 443 | MQTT |
ware-kea-prod-skydio-skills.s3.amazonaws.com/ | 443 | HTTPS |
Proxy
The network connection should provide inbound and outbound access to and from the following domains and ports. Please make sure to add rules in your firewall to allow this traffic. If you choose to use the proxy please let us know so that we can enable your Nuc to use the proxy. If you receive a Nuc that hasn't been configured to use the proxy before arriving then you will have to unblock all the balena and all the resin domains + ports listed in the Direct Access section. This will allow the proxy to be enabled by Ware. After the proxy is set and connected successfully then all the whitelisted balena and resin domains no longer need to be white listed
Domain / Address | Ports | Usage Notes |
proxy.ware.ai | 1080 |
UDP + TCP |
8.8.8.8 | 53 | DNS |
Security References
- https://www.balena.io/docs/learn/welcome/security/
- https://www.balena.io/docs/reference/OS/network/2.x/#network-requirements
- https://docs.aws.amazon.com/appsync/latest/devguide/data-protection.html
- https://boto3.amazonaws.com/v1/documentation/api/latest/guide/security.html
- https://docs.aws.amazon.com/iot/latest/developerguide/data-encryption.html
Drones
Do not require facility networking.
- Each drone provides a private WPA WiFi connection used only by:
- Smart phone/tablet running the Skydio application to control manual flights
- Nest NUC to offload image and data files from the drone after flight
- Drone static IP address: 192.168.10.1/24
Smart Phones/Tablets
Facility provided Android or Apple iOS phones or tablets are required to load and run the Skydio app. One per in-service drone.
Phone/tablet WiFi is used to connect to and control the drone from the Skydio app.
Phone/tablet cellular or WiFi is used to connect to Skydio over the Internet, to download drone configurations or, as needed, upload drone logs for troubleshooting.