Skip to content

Networking manual

Architecture

Terms

  • Cloud Storage: Cloud implementation of a BLOB Store Cloud

  • SQL: Cloud implementation of a SQL database

  • Vonage: Cloud communication platform to support speech, video and sms among others

  • Photon: Multiplayer network engine

  • Combell: Email server

  • Firebase: Realtime Event database

  • REST: Representational state transfer (REST) is a software architectural style that defines a set of constraints to be used for creating Web services. Web services that conform to the REST architectural style, called RESTful Web services, provide interoperability between computer systems on the Internet

  • SAAS: Software As A Service is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted.

Configuration

Passerelle XR is a multi-tenant SAAS solution. The standard configuration is private tenant. In this case, all tenant data is stored in a separate database on a shared gcloud SQL instance. Files are stored in a separate directory for the tenant on our shared gcloud storage bucket.

Systems

Google Cloud Platform

Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail and YouTube. Alongside a set of management tools, it provides a series of modular cloud services including computing and data storage.

Kubernetes

Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was originally designed by Google and is now maintained by the Cloud Native Computing Foundation. It aims to provide a "platform for automating deployment, scaling, and operations of application containers across clusters of hosts". It works with a range of container tools, including Docker.

Cloud (SQL) database

Data is stored in a relational database. By default the data is encrypted, secure and backed up daily. Cloud SQL automates backups, replication, and failover to ensure the database is reliable and highly available. Automatic data encryption at rest and in transit. Private connectivity with Virtual Private Cloud (VPC) and user-controlled network access that includes firewall protection. Compliant with SSAE 16, ISO 27001, PCI DSS v3.0, and HIPAA.

Cloud Storage

Cloud Storage provides highly durable object storage that scales to exabytes of data. By default all data is encrypted.

Firebase Realtime database

Used to publish and subscribe to events.

Streaming Server

Video between the different devices is streamed by means of a video server. The system currently in use is Vonage / Video API formerly known as TokBox OpenTok. The video server makes it easy to build a custom video experience within any mobile, web, or desktop application, and is built on the WebRTC industry standard that is available on billions of devices. The Streaming Service is building on standard always-on encryption, GDPR- and HIPAA-compliance.

SMS Service

An SMS is sent by means of a REST-based SMS Service. The system currently in use is the Vonage SMS Api.

Mail Service

Mails can be sent for notification purposes. There is no incoming mail service.

Passerelle XR

This is the core portal system of Passerelle XR and the bootstrap of the web-based frontend.

Field Engineer

System used on wearables. This includes both Mobile devices and Glasses. Web-based applications and Android/iOS native apps are available.

Enterprise Firewall Configuration

Ports

All communication is done over https and uses the standard secure port 443. Photon (Realtime / PUN / Fusion) uses random outbound ports on the client side to establish a connection — usually in the ephemeral port range (e.g. 49152–65535 on most systems).

DNS Whitelisting

Should your firewall block traffic towards these domains, they will need to be whitelisted

Passerelle XR - .passerelle.supportsquare.io - .supportsquare.io

Streaming server

According to the TokBox Network Requirement at least following domains should be whitelisted:

  • *.tokbox.com
  • *.opentok.com