Cloud access requirements - BlueCat Edge - Service Point v3.x.x

BlueCat Edge Deployment Guide
Locale
English
Product name
BlueCat Edge
Version
Service Point v3.x.x

The following section lists out CNAME records and endpoints that the Service Point must be able to resolve and connect to, ensuring that the Service Point can successfully communicate with the BlueCat Edge Cloud.

The Service Point must be able to lookup and resolve the following CNAME records before it can successfully connect to the BlueCat Edge Cloud:
  • cwlogs-<customer name>.edge.bluec.at
  • cwmetrics-<customer name>.edge.bluec.at
  • kinesis-<customer name>.edge.bluec.at
  • spm-<customer name>.edge.bluec.at

Where <customer name> is the name of your BlueCat Edge Cloud instance. For example, if your BlueCat Edge Cloud instance name is demo, a CNAME record that must be resolvable would be cwlogs-demo.edge.bluec.at.

If your Service Point has direct access to the BlueCat Edge Cloud, the Service Point must be able to resolve and connect to the following endpoints:
Note: These endpoints change periodically –– you must add them to the allowlist to prevent them from being blocked.
  • *.bluec.at – Used to communicate with the BlueCat Edge Cloud API and UI.
  • *.us-west-2.elb.amazonaws.com or *.eu-central-1.elb.amazonaws.com(for European regions) – Used to check for changes in the configuration, such as policy and namespace updates.
  • logs.us-west-2.amazonaws.com – Used to send container logs and system-level logs for BlueCat to monitor and troubleshoot.
  • monitoring.us-west-2.amazonaws.com or monitoring.eu-central-1.amazonaws.com (for European regions) – Used to send various system metrics for BlueCat to monitor and troubleshoot.
  • firehose.us-west-2.amazonaws.com or firehose.eu-central-1.amazonaws.com (for European regions) – Used to send all DNS events that flow through the Service Point to the BlueCat Edge Cloud.
  • *.ecr.us-east-1.amazonaws.com – Used to pull updated docker images during upgrades.
  • public.update.core-os.net – Used by the CoreOS of the Service Point to poll for updates.
  • prod-us-east-1-starport-layer-bucket.s3.us-east-1.amazonaws.com – Used to pull updated docker images during upgrades.
  • update.release.core-os.net – Used by the CoreOS of the Service Point to poll for updates.

If you are using a proxy, the proxy must be able to resolve and connect to the previously mentioned endpoints. Your Service Point must only be able to resolve and connect to your proxy.