Source | Destination | Port | Protocol | Connection details |
---|---|---|---|---|
Application VM | Database VM | 1433 | Raw socket | Standard SQL server port |
End user network | Application VM | 443 | HTTPS | User interaction with web front end |
CPO-NAE VM | Application VM | 47808 | BACnet/IP over UDP | Bidirectional communication for BAS data |
Application VM | CPO-NAE | 47808 | BACnet/IP over UDP | Bidirectional communication for BAS data |
Application VM | CPO-NAE | 443 | HTTPS | Additional user/point data pulled from web API |
Application VM | CPO-NAE | 80 | HTTP | Additional user/point data pulled from web API |
Application VM | *.noaa.gov (internet) | 443 | HTTPS | Weather forecast – https://graphical.weather.gov |
Application VM | *.accuweather (internet) | 443 | HTTPS | Weather forecast – https://xml.efas.aes.accuweather.com/ |
Application VM | *.logdna.com (internet) | 443 | HTTPS | Outbound-only port for log shipping for technical support to LogDna Dashboard |
Application VM | *.planningtoolapi.mysmartcentralplant.com (internet) | 443 | HTTPS | Optional outbound-only port to Plant Simulator API |
Application VM | *.jemprod.myenterprisemanagement.com (internet) | 80 | HTTPS | Optional outbound only port to JCI EIMS for authentication to Plant Simulator |
JCI VPN | All CUPO VMs | 3389 | RDP | Allows remote admin for JCI |
JCI VPN | All CUPO VMs | 10933 | Raw socket | Allows automated deployments from Octopus |
OpenBlue Bridge | OpenBlue Cloud | 443 | HTTPS, AMPQ, MQTT | OpenBlue Cloud authentication, telemetry data, command and control |
OpenBlue Bridge | OpenBlue Cloud | 443 | HTTPS | OpenBlue Bridge device updates |
OpenBlue Bridge | OpenBlue Cloud | 53 | DNS | Public DNS servers, if none are available on the customer network |
OpenBlue Bridge | OpenBlue Cloud | 123 | NTP | Public NTP server, if none is available on the customer network |
Application VM |
*.jemprod.myenterprisemanagement.com/authorization/ *.jemprod.myenterprisemanagement.com/validation/ *.jemprod.myenterprisemanagement.com/security/ |
443 | HTTPS | Access to the OpenBlue Enterprise Manager EIMS API |
Application VM |
*.jemprod.myenterprisemanagement.com/entity/ |
443 | HTTPS | Access to the OpenBlue Enterprise Manager Entity API |
Application VM |
*.jemprod.myenterprisemanagement.com/timeseries/ *.jemprod.myenterprisemanagement.com/java/ |
443 | HTTPS | Access to the Time Series API |
Application VM |
*jemprod.myenterprisemanagement.com/license/ |
443 | HTTPS | Access to OpenBlue Enterprise License Management API |
Application VM |
*.jemprod-publisher.myenterprisemanagement.com/ *.jemprod-websocket.myenterprisemanagement.co |
443 | HTTPS | Access to OpenBlue Enterprise Message Broker API |
Application VM |
*.jemprod.myenterprisemanagement.com/heartbeatapi/ |
443 | HTTPS | Access to OpenBlue Enterprise Heartbeat API |
Application VM |
*.jemp-autoconfiguration-ui.azurewebsites.net |
443 | HTTPS | OpenBlue Auto Configurator UI (OBAC) |
Application VM |
*.jemp-autoconfigurationtool.azurewebsites.net |
443 | HTTPS | OpenBlue Auto Configurator API (OBAC) |
Application VM |
*.jcids.jfrog.io |
443 | HTTPS | OpenBlue Bridge installation and maintenance |
Note: Apply open firewall rules to use
weather services. You only need to enable one weather-forecast service destination.
Use Accuweather outside North America. Fully air-gaped sites that operate based on
load prediction do not need weather forecast services.
Direction | Port number | Transport protocol | Protocol | Required | Endpoint | Purpose |
---|---|---|---|---|---|---|
Bidirectional |
47808 Port can be what is applicable by BMS settings |
UDP | BACnet/IP | Yes | OpenBlue Bridge and all engines IP addresses | To collect BACnet data and push it to OpenBlue Cloud |