This document presents a list of network ports on which communication of particular functionalities of VERTEX controllers takes place. In order for all functionalities to work correctly, you must ensure proper network rules for controllers.
Internal network (LAN)
Operator stations and all VERTEX controllers in the local area network must be set up according to the following rules.
Vertex - basic functionalities
Service | Protocol | Port |
|---|---|---|
Main WebApplication | HTTP | 80 |
LogicEditor WebApplication | HTTP | 1880 |
VERTEX2VERTEXInternalMessageBUS | TCP-SOA-XML | 5280 |
Vertex commissioning - configuring with Firestarter
Service | Protocol | Port |
|---|---|---|
VERTEX-DISCOVERYNeighbourhoodDISCO | UDP-NATIVE | 30005 |
Services only for maintenance work
Service | Protocol | Port |
|---|---|---|
SSH-port | TCP | 22 |
ServicePort | TCP | 5222 |
Description of services required for the basic functionalities of VERTEX controllers
1. Main WebApplication
The user interface and access to system functionality:
Displaying information from individual modules/luminaires, monitoring
Triggering actions on devices in the system
Communication with a user who is on the same network through the website page
Consequences resulting from lack of access to the service:
Lack of possibility to monitor the system
No possibility to trigger any actions in the system
2. LogicEditor WebApplication
Logic editing interface of the lighting system:
Graphical logic editor of lighting system operation
Using it to create a logic of the lighting system
Communication with a user who is on the same network through the website page
Consequences resulting from lack of access to the service:
Lack of possibility to adapt the logic of the lighting system operation
3. VERTEX2VERTEX InternalMessageBUS
Service launched on VERTEX control units that are in the same local network, responsible for:
exchange of messages between VERTEX control units
synchronization of data between VERTEX control units
Consequences resulting from lack of access to the service:
Total lack of control on lighting devices
Description of commissioning and initial configuration services for VERTEX devices
1. VERTEX-DISCOVERY NeighbourhoodDISCO
The service is used to communicate with the FIRESTARTER application. The application is used for the initial configuration of VERTEX control units. The configuration is made once during the system setup or in emergency situations that require service.Enables changing:
The group in which Vertex works (1-8 or ungrouped)
The default gateway for each selected group
Subnets for each of the selected groups
DNS for each selected group
IP address for each device
Consequences resulting from lack of access to the service:
It is impossible to correctly start the VERTEX controller (change network parameters, remember addresses of modules/luminaires)
Description of services required to carry out maintenance work for VERTEX devices
1. SSH-port
Service that allows direct service access to the VERTEX controllers. Login and access only by an authorized Glamox employee
Consequences resulting from lack of access to the service:
There is no possibility to carry out service work
2. ServicePort
The service is used for local failure diagnostics. Login and access only by an authorized Glamox employee.
The consequences resulting from lack of access to the service:
There is no possibility to carry out service work
Outbound to GLAMOX infrastructure
For proper operation of SLS services, it is required to allow outgoing traffic in accordance with the following rules.
Source | Destination | Protocol | Port | Security | Description |
|---|---|---|---|---|---|
VERTEX connection with SLS service | |||||
ANY VERTEX (Static IP Address) | HTTPS | 443 | TLS1.0AES256 RSA2048 | Initial authorization of VERTEX in SLS service Sending compressed logs to the SLS service. At the request of the SLS operator. | |
ANY VERTEX (Static IP Address) | MQTT 3.1 | 1883 | TLS1.2AES256 RSA2048 | Continuous connection, updating the luminaire and control units status | |
ANY VERTEX (Static IP Address) | 80.211.241.221 | OpenVPN 2.3.2 | 1194 | TLS 1.0AES256 RSA2048 | Outgoing connection: SLS-VPN. Operated during service work after detecting a failure. At the requestof the SLS operator. |
Automatic updated of Vertex software | |||||
ANYVERTEX (Static IP Address) | HTTP | 17001 | AES256 | Cyclic control every 120 s, checking the availability of the new VERTEX software update. Downloading an encrypted package with software. | |
Automatic time synchronisation in Vertex (optional, the device has a RTC clock) | |||||
ANY VERTEX (Static IP Address) | 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org | NTP | 123 | - | Increasingthe accuracy of the clock in VERTEX If necessary, it is possible to set the NTP time server in the internal network infrastructure. For this purpose, individual configuration of each VERTEX over SSH by authorized Glamox employeeis needed. |
0 Comments