Introduction
The CopperCube uses SSL encryption on all of its network communications to the CopperTree servers. SSL is a more secure method to transmit information across the Internet. It uses the AMQPs and HTTPS protocols when sending building data (trend log samples, BACnet objects, controller databases, events) and CopperCube device status messages (heartbeats) to CopperTree. These protocols reduce the security threats, should the data streams be intercepted. You need to ensure that your I.T. network configuration allows data to use these ports & protocols.
Outbound Ports
The CopperCube requires the following outbound TCP ports to be enabled:
| Port | Traffic | Destination Server Name | IP | Description of Traffic |
|---|---|---|---|---|
| 53 | DNS | network Domain Name Server as configured by the gateway | The CopperCube uses DNS to resolve the IP addresses of the servers it communicates with; primarily the CopperTree servers listed as destinations in this table | |
| 5671 | AMQPs | intake1.coppertreeanalytics.com | 35.182.117.170 | This port is used to send building data to the CopperTree Vault. Pre-1.6 CopperCubes used port 5672 (AMQP) for this purpose. Port 5672 can be closed after upgrading to 1.6 |
| 80 | HTTP | cucube-updates.coppertreeanalytics.com OR cucube-updates.deltacontrols.com | 209.52.68.117 | This port is used to connect to the repository servers hosting updates for the software packages comprising the CopperCube. Older versions use coppertree update, As of version 1.23 the Delta Controls update server is used |
| 443 | HTTPS | kaizen.coppertreeanalytics.com | 35.182.117.170 | This port is used to send a device status heartbeats to CopperTree every 15 minutes. |
| 123 | NTP | Network-Time-Protocol server | Optional The CopperCube uses NTP to obtain the current date-time and use this timestamp for its data. |
Inbound Ports
No inbound ports are required to use CopperCubes on a daily basis. However, CopperTree technicians may ask you to enable the following TCP inbound ports for the purposes of upgrading the CopperCube firmware or troubleshooting technical issues.
- Port 22 (SSH): Used to reach the CopperCube operating system, initiate the upgrade & perform any additional manual adjustments. Please provide CopperTree with the external IP of the CopperCube.
- Port 80 (HTTP): Used to reach the CopperCube user-interface to verify the post-upgrade operation of the CopperCube.
These ports can be closed after the technician completes his task. If you wish to keep the inbound ports closed, you can use the following workaround to grant our technicians access to your CopperCube:
- Connect a computer to the same network as the CopperCube (or connect a computer to the CopperCube’s secondary network port, if your computer has 2 network ports)
- Install a remote desktop control tool (such as join.me, TeamViewer, Remote Desktop) (please ask us for more information at [email protected])
- Download an SSH terminal utility (such as putty.exe) – (please ask us for more information at [email protected])
- Arrange a shared time when you and the technician may access both the computer and Coppercube. Provide us with the connection details. Grant control of your computer to our technician in order to access the CopperCube.
