Connect+/SendPro P Series Networking Technical Specification

Similar documents
Dolby Conference Phone Support Frequently Asked Questions

Enterprise Installation

BMC Remedyforce Integration with Remote Support

Secure File Transfer Protocol (SFTP) Interface for Data Intake User Guide

BMC Remedyforce Integration with Bomgar Remote Support

Knowledge Exchange (KE) System Cyber Security Plan

CounterSnipe Software Installation Guide Software Version 10.x.x. Initial Set-up- Note: An internet connection is required for installation.

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

ABELMed Platform Setup Conventions

Troubleshooting of network problems is find and solve with the help of hardware and software is called troubleshooting tools.

Planning, installing, and configuring IBM CMIS for Content Manager OnDemand

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

These tasks can now be performed by a special program called FTP clients.

ABELDent Platform Setup Conventions

White Paper. Contact Details

Please contact technical support if you have questions about the directory that your organization uses for user management.

Configuring Database & SQL Query Monitoring With Sentry-go Quick & Plus! monitors

OASIS SUBMISSIONS FOR FLORIDA: SYSTEM FUNCTIONS

How to setup Nokia N Series Mobiles with Tpad

CCNA Security v2.0 Chapter 3 Exam Answers

I. Introduction: About Firmware Files, Naming, Versions, and Formats

Welcome to Remote Access Services (RAS) Virtual Desktop vs Extended Network. General

SafeDispatch SDR Gateway for MOTOROLA TETRA

1 Getting and Extracting the Upgrader

Client Configurations

TPP: Date: October, 2012 Product: ShoreTel PathSolutions System version: ShoreTel 13.x

Firmware Upgrade Wizard v A Technical Guide

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

IT Essentials (ITE v6.0) Chapter 8 Exam Answers 100% 2016

1. The first section examines common performance bottlenecks that need to be considered.

Skype Meetings

USER MANUAL. RoomWizard Administrative Console

iallworx User s Guide

Dynamic Storage (ECS)

Dear Milestone Customer,

I. Introduction: About Firmware Files, Naming, Versions, and Formats

1 Getting and Extracting the Upgrader

Announcing Veco AuditMate from Eurolink Technology Ltd

CCNA 1 Chapter v5.1 Answers 100%

Password Reset for Remote Users

Gemini Intercom Quick Start Guide

Exosoft Backup Manager

2. When logging is used, which severity level indicates that a device is unusable?

Stoneware Inc. Citrix NFuse Configuration. Stoneware, Inc. Configuration Sheet Date: January 2005

EView/400i Management Pack for Systems Center Operations Manager (SCOM)

Release Notes. Dell SonicWALL Security firmware is supported on the following appliances: Dell SonicWALL Security 200

Lecture 6 -.NET Remoting

Admin Report Kit for Exchange Server

Yes. If you are an iphone user, you can download a free application via the App Store in itunes. Download the BSP iphone app.

USO RESTRITO. SNMP Agent. Functional Description and Specifications Version: 1.1 March 20, 2015

Managing User Accounts

SMART Room System for Microsoft Lync. Software configuration guide

Uploading Files with Multiple Loans

MySabre API RELEASE NOTES MYSABRE API VERSION 2.1 (PART OF MYSABRE RELEASE 7.1) DECEMBER 02, 2006 PRODUCTION

- International Offline. Installation Guide. For authorised Franklin Templeton use only

Your New Service Request Process: Technical Support Reference Guide for Cisco Customer Journey Platform

Click Studios. Passwordstate. RSA SecurID Configuration

ADSS Server Evaluation Quick Guide

ClassFlow Administrator User Guide

CaseWare Working Papers. Data Store user guide

CCNA 1 v5.1 Practice Final Exam Answers %

VMware EVO:RAIL Customer Release Notes

Second Assignment Tutorial lecture

Stock Affiliate API workflow

CCNA 1 Chapter v5.1 Answers 100%

Installing AX Server with PostgreSQL

1 Getting and Extracting the Upgrader

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

Milestone XProtect. NVR Installer s Guide

INVENTION DISCLOSURE

SUPPLIER CONNECTION SUPPLIER REFERENCE GUIDE FOR LEAR SUPPLIERS

AppSense Management Center. Product Guide Version 10.1

HPE LoadRunner Best Practices Series. LoadRunner Upgrade Best Practices

App Orchestration 2.6

CCNA 1 Chapter v5.1 Answers 100%

2. What is the most cost-effective method of solving interface congestion that is caused by a high level of traffic between two switches?

User Guide. Document Version: 1.0. Solution Version:

Wave IP 4.5. CRMLink Desktop User Guide

CyCop FAQ For Internal Use Only. CyCop Frequently Asked Questions

SIEM Use Cases 45 use cases for Security Monitoring

HW4 Software version 3. Device Manager and Data Logging LOG-RC Series Data Loggers

PT Activity 2.6.1: Packet Tracer Skills Integration Challenge

Web Application Security Version 13.0 Training Course

Log shipping is a HA option. Log shipping ensures that log backups from Primary are

Overview of Data Furnisher Batch Processing

Re-Flashing Your CDM-760 Advanced High-Speed Trunking Modem

IT Essentials (ITE v6.0) Chapter 7 Exam Answers 100% 2016

CSC IT practix Recommendations

System Requirements for SurveyTracker Plus 6.0

INSTALLING CCRQINVOICE

Proficy* SmartSignal 6.1 Installation Guide

UPGRADING TO DISCOVERY 2005

Table of Contents. 1 Introduction Connecting to the API HTTP request syntax API release versions... 4

1 Introduction Functions... 2

NSE 8 Certification. Exam Description for FortiGate 5.2 and higher

Cloud Storage Migration Suite 1.1.0

Networks: Communicating and Sharing Resources. Chapter 7: Networks: Communicating and Sharing Resources

Paraben s Phone Recovery Stick

Service Level Agreement

Imagine for MSDNAA Student SetUp Instructions

Transcription:

Shipping & Mailing Pstage Meters Cnnect+/SendPr P Series Netwrking Technical Specificatin Intrductin 2 Netwrk Requirements 2 Prt/Cmmunicatin Requirements 2 URL Infrmatin 3 FAQs 10 Service Cllateral SV62440 Rev P March, 13 2017

Intrductin This dcument details the netwrking technical cnsideratins fr the Cnnect+/SendPr P Series. Netwrk Requirements The Cnnect+/SendPr system will require a high-speed netwrk cnnectin. The Cnnect+/SendPr system will initiate all cmmunicatin. The Cnnect+/SendPr system will initiate all cmmunicatin (via HTTP r HTTPS), s it can safely sit behind mst crprate firewalls. The Cnnect+/SendPr system will cmmunicate t external Web Services via HTTP ver Prt 80. The Cnnect+/SendPr system will cmmunicate t PB secure server(s) via HTTPS ver prt 443. The Cnnect+/SendPr system will use Prt 53 fr DNS lkup. Pitney Bwes requires a minimum netwrk bandwidth f 384 kbps (upstream and dwnstream) t perate, but we recmmend 1 Mbit/sec fr best perfrmance. It is recmmended that DSL r 3G mdem devices are nt shared acrss multiple Cnnect+/SendPr systems. Custmer wned web filtering devices r sftware, as well as SSL packet inspectin shuld be disabled fr these prts as they can affect perfrmance. Prt/Cmmunicatin Requirements All cmmunicatin is initiated frm the Cnnect+/SendPr system via prts 80 (HTTP) and 443 (HTTPS). All cmmunicatin frm the Cnnect+/SendPr system t the back end system is in the frm f XML messages. Prt 80 (HTTP) OS Update AV Updates Web Services TeamViewer Pitney Bwes Service Cllateral March, 2017 Page 2 f 11

Prt 443 (HTTPS) Cnnect+ will send requests t refill r audit its PSD (Pstal Security Device) based n a lw funds r inspectin date. Refills currently ccur when the PSD funds drp belw $xx.xx). Audits ccur if the PSD inspectin date has expired. During initial install, the system will autmatically request an Operatinal Blck, frm the infrastructure, fr the PSD. On PSD replacement the System will autmatically request the cnfiguratin data fr the replacement PSD. Transactin Recrds frm the Cnnect+/SendPr system are autmatically upladed when: The System ges int Sleep Mde. While pwering dwn the system. Activating Web Accunting Services. Uplading Pstal Infrmatin. On pwer up the System freshens the Web Service (checks fr Sftware, Rates and Graphic Updates. It will als cntact Supplies, My Accunt, Tracking etc.) cnfiguratin data. Prt 53 DNS lkup IT departments that use a "rules based" methd fr allwing specific prts t pass traffic n their netwrk fr prt 53 and make sure t allw BOTH UDP and TCP traffic fr this prt. Prt 53 listens fr DNS requests and may respnd n either prtcl, based n the type f request it receives. Shrt respnses shuld cme in ver UDP. Lnger, mre detailed respnses n TCP. URL Infrmatin The fllwing URLs must be accessible frm the Cnnect+/SendPr system, withut any bstructins. It is strngly recmmended that the firewall reference the URL rather than IP address, which can change ver time. If IP addresses must be referenced, it is suggested t keep pen the blck f IP addresses 199.231.32.0 t 199.231.47.255, 152.144.128.0 t 152.144.128.255, 209.85.128.000 t 209.85.255.255. Pitney Bwes Service Cllateral March, 2017 Page 3 f 11

Teamviewer TeamViewer is used by service and sales fr remte diagnstics and training. A TeamViewer sessin can nly be initiated by smene n the custmer end and therefre the system cannt be accessed withut the custmers knwledge. All cmmunicatin is initiated frm the Cnnect+/SendPr system via prts 80 (HTTP) and 443 (HTTPS). All cmmunicatin frm the Cnnect+/SendPr system t the back end system is in the frm f XML messages. There are tw ptins t unblck Teamviewer: 1. General unlcking f Prt 5938 TCP fr utging cnnectins (recmmended). Prt 5938 is nly used by a few prgrams and therefre is n security risk. This traffic shuld then neither be filtered r cached. 2. Unlcking f URLs f the fllwing frmats (t any Server) GET /din.aspx?s= &client=dyngate GET /dut.aspx?s= &client=dyngate POST /dut.aspx?s= &client=dyngate Regardless f which methd is chsen t unblck TeamViewer, als check that n cntent filter r similar is blcking ne f the fllwing URLs: *.teamviewer.cm *.dyngate.cm. Required firewall exceptins Cnnect+/SendPr P Series Netwrk Linux Prxy Test Descriptin: Built in tls that pings select PB servers fr cnnectivity testing. Used by PB Service (Resides n Linux Desktp). Netwrk Test: Pitney Bwes Service Cllateral March, 2017 Page 4 f 11

http://www.ggle.cm (Dmain www.ggle.cm; IP=72.14.253.104) http:// www.l.ggle.cm (Dmain www.ggle.cm; IP=74.125.230.81, 74.125.230.82, 74.125.230.83, 74.125.230.84, 74.125.230.80) http://www.nvell.cm SUSE Linux Prxy Test Dmain ftp.nvell.cm IP = 130.57.1.88 http:// www.l.ggle.cm (Dmain www.ggle.cm; IP=74.125.230.81, 74.125.230.82, 74.125.230.83, 74.125.230.84, 74.125.230.80) Distributr Descriptin: Main PB Server that authenticates machine fr access t ther PB web service. Distributr: http://distservp1.pb.cm/dstprduct.asp https://distservp1.pb.cm/dstprduct.asp (Dmain distservp1.pb.cm; IP=152.144.128.244, 152.144.128.230, 199.231.44.31, 199.231.43.31, 199.231.45.46) Funds (Funds Management & Refills) Descriptin: Funds are managed thrugh a separate Funds Server system. http://cmetservc1.pb.cm/t3cmetserver_03.asp https://cmetservc1.pb.cm/t3cmetserver_03.asp (Dmain cmetservp1.pb.cm; IP=152.144.128.230, 152.144.128.236, 199.231.45.37, 199.231.43.215) Rates and Updates (Dwnlad Services) Descriptin: Dwnlads, new sftware, graphics, rate price data etc. Misc. Data Uplad: https://pbgdspp1.pb.cm/ms1cnfiguratinuplad/ms1prductcnfiguratinuplad.svc (Dmain pbgdspp1.pb.cm; IP= 199.231.44.222, 199.231.44.148 and 199.231.45.41,199.231.45.35) Pitney Bwes Service Cllateral March, 2017 Page 5 f 11

ClamAV: http://clamserver.pb.cm (Dmain clamserver.pb.cm; IP=199.231.45.165; 199.231.44.54, 199.231.33.54,199.231.35.165) Errr lg uplads: (Dmain pbdlsp1.pb.cm; IP=199.231.44.30; 199.231.45.38) Cnfiguratin web page: https://myms1cnfiguratin.pb.cm (Dmain MyMS1Cnfiguratin.pb.cm; IP=199.231.44.166) OS Updates: https://smt.pb.cm (Dmain SMT.pb.cm; IP=199.231.44.54; 199.231.35.165) File Updates: https://pbgdspp1.pb.cm/ms1/dlaservice.svc (Dmain pbgdspp1.pb.cm; IP=199.231.44.222) Orders (CCD): https://pbgdspp1.pb.cm/ms1ccd/dlaccdservice.svc (Dmain pbgdspp1.pb.cm; IP=199.231.44.222) Manage Accunts (Accunting): Descriptin: Separate PB Server that manages Accunting including Accunt Creatin, Reprts etc. Accunting Web Applicatin: https://ms1app.pb.cm/ (Dmain ms1app.pb.cm; IP=199.231.32.67) Accunting Web Services: https://ms1app.pb.cm/ms1atweb/services/ (Dmain ms1app.pb.cm; IP=199.231.32.47) Pitney Bwes Service Cllateral March, 2017 Page 6 f 11

On Line Help Descriptin: This is the n line website. http://supprt.pb.cm/help_vides/sv62370-help/default.htm (Dmain supprt.pb.cm, IP=152.144.192.210, IP=152.144.192.211) Buy Ink Express Descriptin: Allws direct access t Ink Ordering page http://www.pitneybwes.us/shp/ink-and-supplies/pstage-meter-ink-supplies/cnnectseries--1/en-us/streus (Dmain: www.pitneybwes.cm; IP Address 199.231.33.6, 199.231.44.12) Health Data Update Descriptin: Machine Health Infrmatin uplad https://cplus-lgs-fusin.pb.cm/api/v1/uplads (Dmain: www.pb.cm ; IP Address = 199.231.33.6, 199.231.44.12) Optinal firewall exceptins (enabled by default) Verify Address (address cleansing) Descriptin: Utility website t validate addresses against USPS database http://www.pb.cm/ms1av/checkaddress.jsp (Dmain www.pb.cm; IP=199.231.44.12) Yur Accunt (PB.cm) Descriptin: Utility website t access yur accunt n PB.cm. https://www.pb.cm/cgi-bin/pb.dll/jsp/lgin.d?lang=en&cuntry=us&ga1=ms1 (Dmain www.pb.cm; IP=199.231.44.12) (Dmain http://www.ggle.cm/analytics; IP=209.85.128.000, 209.85.227.101, 209.85.227.113) Pitney Bwes Service Cllateral March, 2017 Page 7 f 11

Discunt & Presrt Services Descriptin: Utility website t manage Discunts & Presrting. http://www.pb.cm/mailstream/mailing-services (Dmain www.pb.cm; IP=199.231.44.12) Buy Supplies Descriptin: Utility website t rder Cnnect+/SendPr P Series supplies http://www.pb.cm/mailstream/supplies/ms1 (Dmain www.pb.cm; IP=199.231.44.12) Track a Package Descriptin: Carrier independent web tracking site fr packages. http://pb.bxh.cm/ (Dmain pb.bxh.cm; IP=72.47.250.186) Apps & Tls Descriptin: Utility website fr additinal applicatins and tls. http://www.pb.cm/cnnectplus/apps/ (Dmain www.pb.cm; IP=199.231.44.12) Optinal firewall exceptins (disabled by default) Ship a Package Descriptin: Package shipping applicatin. http://shipapackage.us.pitneybwes.cm (Dmain www.pb.cm; IP address = 199.231.44.12) Ship A Package is a legacy Shipping Applicatin that is being replaced by SendPr. If this is a new installatin, yu d nt need t pen up the firewall fr Ship A Package. Pitney Bwes Service Cllateral March, 2017 Page 8 f 11

SendPr Descriptin: Newest package shipping applicatin. https://sending.us.pitneybwes.cm/ (Dmain www.pitneybwes.cm; IP address 199.231.33.6, 199.231.44.12) SendSuite Tracking Descriptin: SendSuite Tracking applicatin. http://sendsuitetracking/pitneybwes.cm/ (Dmain: www.pitneybwes.cm; IP Address 199.231.33.6, 199.231.44.12 ) Pitney Bwes Service Cllateral March, 2017 Page 9 f 11

FAQs Questin Answer What OS des this device run? SUSE Linux Sled 11 What cntrls are in place t prtect this device against netwrk-based malware (viruses/wrms) threats? Cntrls include: White list f URL s HTTPS Anti Virus Sftware Only executes services needed t perfrm activities OS distributin has been ptimized and lcked dwn Des it have a firewall? Wh cntrls the firewall rules? Hw are the firewall rules cnfigured? What is the security patch prcess? What anti-virus cntrls des Cnnect+ use? What is the sftware update prcess, and hw ften des this ccur? What is the netwrk traffic flw t and frm the Cnnect+/SendPr system? What firewall rules need t be in place t allw the necessary cmmunicatin? Yes Pre-cnfigured and nt mdifiable Allw nly the prts Http, Https and DNS Cnnect+ security patches are applied by emergency updates via PB nly, and n a regular schedule thrugh PB services. ClamAv is installed n every system. AV signature updates regularly updated As required, in sme cases mnthly Outging cntact initiated (n push) utilizing HTTPS, URLs prvided by PB services Outging - transactinal data Incming is bth transactinal data and files and Web Services Can yu identify suspicius activity affecting Cnnect+? Yes. An audit prcess exists t validate the financial integrity f the system. Errr lgs are available and can be upladed t the PB data center. Regularly scheduled physical visits frm PB Service Pitney Bwes Service Cllateral March, 2017 Page 10 f 11

Questin What are the access cntrls in place t secure Cnnect+? Hw d yu authenticate an individual? A service? Are there audit trails in place? Is data stred n the device? What cntrls prtect the data? Des the Cnnect+ Series allw remte administratin? Answer The applicatin access is managed by the custmer using User IDs and passwrds. Unique, cryptgraphically strng passwrds fr each machine restricts access t the perating system. The applicatin access is managed by the custmer using User IDs and passwrds. The Cnnect+ Series des nt prvide services ver a netwrk s authenticatin nt required. Yes. PSD transactinal audits, extensive lgs all financial transactins are audited by the PB infrastructure. The Cnnect+ Series lgs all errr cnditins, and maintains ink usage lgs, print usage lgs, etc. Yes. The Cnnect+ Series stres transactinal data, graphic images, custmer prfiles and settings, files (rates, etc.). All files and data interface utilizing HTTPS. Incming data and files are signed and verified prir t use. If cnsumed by the printer, it is verified n each use. If used by the applicatin, it is verified n lad. Pitney Bwes will use TeamViewer t trublesht system prblems remtely. The end user will initiate the sessin using a special cde. Pitney Bwes Service Cllateral March, 2017 Page 11 f 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback