Network Security - explicitly allowing services

Some networks have security restrictions on outbound (egress) internet traffic using firewalls, proxy servers or switches.  In this case, the firewall or proxy server will need to be configured to explicitly allow the streaming devices on the network to access the following Cloud Cover Music and Amazon Web Service hostnames/domains on port 443 only (TLS 1.2):

Note: allowing the wildcards for *.cloudcovermusic.com and *.amazonaws.com saves adding separate entries if compliant with company security policies. 

NTP

  • The CloudBox also needs to connect to an NTP server on port 123 to get the time and date, which is used for the certificate to verify and connect over https.

  • Depending on the generation (model) of the CloudBox, it will require either specifically time.cloudcovermusic.com on port 123UDP or from a NTP pool (multiple NTP sources). Our latest models (G9CX10 and above) of the Cloudbox use time.cloudcovermusic.com. CloudBox models G9CX9 and below use source from pool.ntp.org. If you have any questions support can confirm the specific NTP based on the generation of the CloudBox.

Mac Address

  • The CloudBox’s MAC address may also need to be specifically listed as a device to be allowed. The unique Ethernet MAC address is labeled on the Box, and will resemble 00:40:63:1C:AE:38. The CloudBox will need to be power cycled before the new 'allow' settings are applied.

Content Filters

  • If your firewall/proxy or endpoints have content filters installed, the following audio file types need to be allowed: OGG, MP4 (AAC Codec) and MP3

Bandwidth Requirements

  • Cloud Cover Music uses roughly 1.5GB - 2GB a day (24 hours) per streaming device. In order to stream music consistently and without interruption, you should dedicate at least 384 Kbps in bandwidth.

Did this answer your question?