To ensure proper operation and cloud connectivity for PDK Cloud Nodes and Controllers, the following configurations must be in place.
Cloud Node Communication
The Cloud Node acts as the gateway to the pdk.io cloud. It requires internet access and handles all outbound management traffic.
Network Configuration
- IP Addressing: DHCP must be available. If using a Static IP, the Cloud Node must be able to ping (ICMP) the gateway to verify the connection.
- Infrastructure Support: Must support IPv4 and/or IPv6.
- Subnet Restriction: Do not use 172.17.x.x or 172.18.x.x (reserved for internal VPN routing).
- Performance: 10 Mbps Up/Down minimum; ~1 GB monthly data usage.
NOTE: A Cloud Node must be brought online prior to being set statically. Contact PDK Tech Support to assign a Static IP
Cloud Node Port Requirements Outbound
Protocol | Port | Purpose | Destination or Domain |
|---|---|---|---|
| TCP | 443 | Primary TLS VPN Control Plane (preferred) | cloudlink.pdk.io |
| TCP | 3140 | Alternative TLS VPN Control Plane | cloudlink.pdk.io |
| UDP | 123 | Time Synchronization (NTP) | *.pool.ntp.org |
| UDP/TPC | 53 | DNS Resolution | DNS Server |
| TCP | 443 | Software Updates | gri.io, us-docker.pkg.dev |
| TCP | 443 | System Backups | *.amazonaws.com |
Cloud Node Port Requirements Internal
Protocol | Port | Purpose | Direction |
|---|---|---|---|
| TCP | 9999 | Aperio Device Communication (if applicable) | Internal |
| TCP | 10001 | Connections to Controllers | Internal: Controller to Cloud Node |
| UDP | 5353 | Discovering Red Controllers | Internal: Controller to Cloud Node |
Controller Communication
Controllers manage local door hardware and communicate directly with the Cloud Node on the local network.
Network Configuration
- Discovery: Uses IPv6 Link-Local addresses for auto-discovery.
- Static IP: Can be configured for Static IPv4, but the controller must first be discovered/connected to the Cloud Node to apply these settings.
- Logic: The Cloud Node always initiates the connection to the controllers.
Controller Port Requirements (Local/Internal)
| Protocol | Port | Purpose | Direction |
|---|---|---|---|
| TCP | 10001 | TLS Communication from Cloud Node | Internal |
| UDP | 5353 | DNS Device Discovery | Internal |
| UDP | 68 | DHCP Client Request | Outbound |
Summary Domain Allow List
If the site uses a "Whitelisting" firewall policy, ensure the following domains are fully accessible:
- HTTPS (TCP 443) or (TCP 3140) for Remote Control and Mobile Button
- cloudlink.pdk.io
- HTTPS (TCP 443) for Software Updates
- gcr.io
- us-docker.pkg.dev
- HTTPS (TCP 443) for Backups
- s3.us-east-1.amazonaws.com
- s3.dualstack.us-east-1.amazonaws.com
- NTP (UDP 123) for Time Servers
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
NOTE: If a custom NTP server is required, contact PDK Tech Support with the IP address and bring the Cloud Node online via an unrestricted network for reprogramming.
Comments
0 comments
Please sign in to leave a comment.