Network requirements
The following network requirements must be in place before you install OHS:
-
Request a domain user account to run OHS. This account must comply with the following requirements:
-
The domain credentials must enable communication between the OHS service and other head-end applications (such as OpenWay Collection Engine, OpenWay Collection Manager, FND, or a Riva GenX system).
Note: For testing, OHSadmin is used as the domain user account.
-
The domain user must have file edit permissions to edit and delete files in the system.
-
The OHS Windows service must run with the logon set to this domain user account.
-
-
White-list the cloud service DNS names, endpoints, and ports for outbound traffic from the host where OHS is to be installed.
Important! Use only FDQN names for white-listing in the firewall. If IPs are used in lieu of DNS names, any change in the IP by Azure for our PaaS components will adversely affect the functioning of OHS. The new IPs must then be white-listed in the firewall again.
Component
Host
Port
Protocol
Required
Reference
Reason
Azure Application Insight for remote log analysis (Public) dc.applicationinsights.microsoft.com
dc.applicationinsights.microsoft.com
dc.services.visualstudio.com
*.in.applicationinsights.azure.com
443 HTTPS Optional IP addresses used by Azure Monitor Allows OHS and management services to send logs to Application Insights.
Azure Service Bus (Public) *.servicebus.windows.net
Refer to Hybrid Connector resources
5671, 5672 AMQP (default) Required Azure Service Bus FAQ Allows OHS to communicate with IHC-owned service bus and other service buses that OHS must communicate with (example: Azure Service Bus Destinations of Datafeed Subscriptions).
443 HTTPS 80 HTTP
Azure storage (Public) *.blob.core.windows.net 443 HTTPS, TLS Required Can be moved to TLS Allows OHS to access IHC owned storage account to perform file upload/download and data transfer operations through blob. Identity (Itron) For example: https://idenserver.itrontotal.com/connect/token 443 HTTPS Required Allows OHS to access identity endpoint to fetch token to authenticate / authorize IHC services. IHC.GW (Itron) For example: https://services.itrontotal.com/api 443 HTTPS Required Allows Gateway endpoint to access IHC related backend services. (Notification, SAS & Proxy services). Itron ADS URL (in case of OHS installation using release pipeline) https://itron.visualstudio.com 443 HTTPS Optional (required for OHS Installation using release pipeline) OHS remote installation using ADS pipelines. Monitor HUB URL For example: https://k8s.itrontotal.com 443 HTTPS Required Management service to perform Configuration and Health Check operations from Itron Portal. -
For OHS installation management through Curator, refer to the environment URLs published in this JSON file. The following table lists the Azure Service Bus hosts that enable OHS to communicate with IHC-owned service buses.
Environment Service Bus Storage
Test2 sb-usw-ihc-ps-secured.servicebus.windows.net https://str1use1ihc1test2.blob.core.windows.net Prod-0 sb-usw-ihc-ps-alias-stage.servicebus.windows.net https://str1use1ihc1stage.blob.core.windows.net Prod-USW sb-usw-ihc-ps-alias-prod.servicebus.windows.net https://str1use1ihc1prod.blob.core.windows.net Prod-EUN sb-eun-ihc-ps-alias-prod.servicebus.windows.net https://str1eun1ihc1prod.blob.core.windows.net Prod-INC sb-inc-ihc-ps-prod-premium.servicebus.windows.net https://str1inc1ihc1prod.blob.core.windows.net Prod-CAC sb-cac-ihc-ps-primary-prod.servicebus.windows.net https://str1cac1ihc1prod.blob.core.windows.net Prod-AUE
sb-aue-ihc-ps-primary-prod.servicebus.windows.net
https://str1aue1ihc1prod.blob.core.windows.net
See the following topics for details on the above environments: