SYSCON Utilizes the NinjaOne monitoring agent installed on our APU and also the SYSCON Customer Connect Windows PC included with your installation.
The NinjaOne agent allows SYSCON to monitor the PlantStar system on a continuous basis and respond to alerts often before they are noticed by the customer.
Splashtop is used to connect to the SYSCON Customer Connect Windows PC to provide our development team and support team with tools to manage the APU and DCMs. Splashtop requirements follow the Ninja requirements.
The Ninja agent port and whitelist information is described here:
COM ports:
NinjaRMMAgent communicates over ports 80 and 443.
- NinjaRMM allows 80/HTTP in only two use cases:
- The internet facing web portal and API URL listen on 80/HTTP for an initial connection request, and then immediately redirects to 443/HTTPS where TLS v1.2 with Perfect-Foward-Secrecy (PFS) and FIPS 140-2 compliant cryptographic modules are used to encrypt all data and information.
- Some 3rd party vendors provide anonymous 21/FTP and 80/HTTP downloads of their software updates, for which the Ninja agent may use if repeated 443/HTTPS download attempts fail.
Bitdefender communicates over ports 80, 443, and 7074/7075.
URLs:
URLs with wildcards
If your firewall allows the use of wildcards, the following URLs may be whitelisted to cover the NinjaRMMAgent & patcher, Cloud RDP rendezvous points, File Explorer rendezvous points, and websocket rendezvous points. However, if your firewall does not allow the use of wildcards, the full lists of URLs are provided below.
US instance
- *.ninjarmm.com
- *.ninjarmm.net
- *.rmmservice.com
- https://ninjauploads.s3.amazonaws.com/app.ninjarmm.com*
- http://ninjaresources.s3.amazonaws.com/AgentBinaries/patchmgmt/
- https://ninjabuilds.s3.amazonaws.com/
- http://s3-us-west-2.amazonaws.com/
- sentry.io*
URLs without wildcards
NinjaRMMAgent & Patcher
US instance
- app.ninjarmm.com
- agent-app.ninjarmm.com
- resources.ninjarmm.com
- fts-prod-oregon-1.ninjarmm.com
- fts-prod-oregon-2.ninjarmm.com
- rtc-us-west-1.ninjarmm.com
- rtc-us-west-2.ninjarmm.com
- agent-tun-usw-1.ninjarmm.com
- agent-tun-usw-2.ninjarmm.com
- agent-tun-usw-3.ninjarmm.com
- https://ninjauploads.s3.amazonaws.com/app.ninjarmm.com*
- http://ninjaresources.s3.amazonaws.com/AgentBinaries/patchmgmt/
- https://ninjabuilds.s3.amazonaws.com/
- http://s3-us-west-2.amazonaws.com/
Cloud RDP Rendezvous Points
- agent-tun-usw-2.ninjarmm.com
- agent-tun-usw-3.ninjarmm.com
- tun-uswest-0.ninjarmm.com
- tun-uswest-1.ninjarmm.com
- tun-uswest-2.ninjarmm.com
- tun-uswest-3.ninjarmm.com
- agent-tun-usw-0.ninjarmm.com
- agent-tun-usw-1.ninjarmm.com
- tun-useast-0.ninjarmm.com
- tun-useast-1.ninjarmm.com
- agent-tun-use2-0.ninjarmm.com
- agent-tun-use2-1.ninjarmm.com
- tun-eu-central-0.ninjarmm.com
- agent-tun-euc-0.ninjarmm.com
- tun-uk-0.ninjarmm.com
- agent-tun-euw2-0.ninjarmm.com
- tun-apse2-0.ninjarmm.com,
- agent-tun-apse2-0.ninjarmm.com
File Explorer Rendezvous Points:
- fts-prod-oregon-1.ninjarmm.com
- fts-prod-oregon-2.ninjarmm.com
- fts-prod-oregon.ninjarmm.com
- fts-prod-frankfurt.ninjarmm.com
- fts-prod-ohio.ninjarmm.com
- fts-prod-london.ninjarmm.com
- fts-prod-sydney.ninjarmm.com
Websocket Rendezvous Points:
- rtc-ap-southeast-2-0.ninjarmm.com
- rtc-us-west-1.ninjarmm.com
- rtc-us-west-2.ninjarmm.com
- rtc-eu-central-1.ninjarmm.com
- connect-us-west-sXX.ninjarmm.com (where ‘XX’ is ‘0-31’)
- connect-eu-central-sXX.ninjarmm.com (where ‘XX’ is ‘0-7’)
- connect-ap-southeast-2-sXX.ninjarmm.com (where 'XX' is '0-3')
Splashtop
Ivanti (3PP)
- *.lumension.com
- *.patchlinksecure.net
- http://ninjamsp.cdn.heatsoftware.com/
- cache.HEATsoftware.com
- go.microsoft.com
- download.microsoft.com
- download.windowsupdate.com
- download.skype.com
- www.download.windowsupdate.com
- ardownload.adobe.com
- armdl.adobe.com
- download.adobe.com
- swupdl.adobe.com
- www.adobe.com
- http://ftp.mozilla.org
- http://support1.uvnc.com
- http://downloads.sourceforge.net
- http://download.videolan.org
- linux-update.oracle.com
- itrc.hp.com
- ftp.itrc.hp.com
- mirror.centos.org
- vault.centos.org
- rhn.redhat.com
- https://getupdates.oracle.com
IPs:
In addition to the above URLs, it is recommended to whitelist the following specific IPs:
Splashtop
- 35.163.67.164
- 35.164.249.120
- 35.165.57.160
- 35.165.63.30
- 52.10.166.39
Cloud Monitors
- US
- 52.41.220.244
Mail Server (notifications/alerts)
- 198.37.154.203
Email addresses:
Ninja email notifications and reports come from the following email address:
- noreply@ninjarmm.com
- (For global region) *.api.splashtop.com (* represents wildcard)
- (For EU region) *.api.splashtop.eu (* represents wildcard)
- (For both) *.relay.splashtop.com (* represents wildcard)
- (For both) sn.splashtop.com (for endpoints auto-update)
Port 443 needs to be open, including ssl and non-ssl traffic