Norsk:

Simployer Capitech terminaler for kunder i vår sky.

Operativsystemet på terminaler er Windows 10 IOT.

Kommunikasjon:
Terminaler kommuniserer med 3 forskjellige endepunkt:

• https://TARS-IoT-Prod.azure-devices.net (IOT-Hub)

• https://sttarsstore.blob.core.windows.net (Blob-storage)

• https://<kundenavn>.capitech.no/Internal-API (Flow - kun live-oppslag for Plan-kunder)

• https://*.teamviewer.com (For tilgang for Capitech support / PS)

Terminalene kommuniserer med Azure region West Europe for å bruke funksjonalitet i IOT-Hub og Blob-storage.
Terminalene kommuniserer med Azure region Norway East for å bruke funksjonalitet i vår Flow-løsning.

All kommunikasjon skjer over TLS 1.2 på port 443.

IOT-hub:
Hver enkelt terminal har sin unike nøkkel.
Denne nøkkelen brukes til kommunikasjon mot Azure IOT Hub.
Denne nøkkelen kan vi trekke tilbake med umiddelbar virking.

Blob-storage:
Blir brukt til overføring av filer (ansatt-informasjon, dimensjoner, logger, osv.) til og fra terminal.
Hver fil har sin unike nøkkel, som er gyldig i 30 dager.
URL og nøkkel blir kommunisert til terminal via IOT-Hub.

Live-oppslag:
For live-oppslag går kommunikasjonen rett mot Flow sitt API.
Det godkjennes først med en delt nøkkel for kommunikasjon med Azure.
Så brukes en unik nøkkel per terminal videre i kommunikasjonen.

Teamviewer:

Teamviewer gir ikke ut en IP-adresse eller -range for oppkobling for sin programvare. Link nedenfor gir litt info angående porter og virkemåte.
Kort fortalt blir det prøvd følgende porter i rekkefølge: TCP/UDP 5938, TCP 443, TCP 80, alle mot *.teamviewer.com.

For mer info angående Teamviewer, se Ports used by TeamViewer .

For mer info angående TLS versjoner, se https://en.wikipedia.org/wiki/Transport_Layer_Security.
For mer info angående Azure, regioner og IP'adresser, se https://www.microsoft.com/en-US/download/details.aspx?id=56519.

English:

T&A Terminals – Technical info

Simployer Capitech T&A terminals for our cloud customers.

The terminals are running Windows 10 IOT.

Communication:
The terminals are communicating over 3 different access points:

• https://TARS-IoT-Prod.azure-devices.net (IOT-Hub)

• https://sttarsstore.blob.core.windows.net (Blob-storage)

• https://<customername>.capitech.no/Internal-API (Flow - only used for fetching live info for our customers that uses plan)

• https://*.teamviewer.com (Access for Capitech support / PS)

The terminals communicates with the Azure region located in West Europe to access and use functionalities from IOT-hub and Blog-Storages.
The terminals communicates with the Azure region located in East Norway to access functionalities from our Flow cloud solution.

All communication takes place over TLS 1.2 on port 443.

IOT-hub:

Every terminal will get their own unique key.
This key is used for communication with the Azure IOT Hub.
We can withdraw this key with immediate effect.

Blob-storage:

Is used for transferring files (employee information, dimensions, logs, etc.) to and from the terminal.
Each file has its unique key, which is valid for 30 days.
URL and key are communicated to the terminal via IOT-Hub.

Live-data fetching:

For live-data fetching, communication goes directly to Flow's API.
It is first authenticated with a shared key for communication with Azure.
A unique key is then used per terminal for further communication.

Team Viewer:

Team Viewer does not release an IP address or connection range for its software. The link below provides some information regarding ports and how they work.
Briefly, the following ports are tried in order: TCP/UDP 5938, TCP 443, TCP 80, all towards *.teamviewer.com.

For more information regarding Team Viewer: Ports used by TeamViewer

For more information regarding TLS versjoner: https://en.wikipedia.org/wiki/Transport_Layer_Security

For more information regarding Azure, regions and IP ’adresses: https://www.microsoft.com/en-US/download/details.aspx?id=56519.