Network Security - services and whitelisting

Some networks have security restrictions on outbound (egress) internet traffic using firewalls, proxy servers or switches.  In this case, the firewall or proxy server will need to be configured (on a whitelist) to allow the streaming devices on the network to access the following Cloud Cover Music and Amazon Web Service hostnames/domains on port 443 (TLS 1.2):

  • cloudcovermusic.com
  • connect.cloudcovermusic.com
  • tune.cloudcovermusic.com
  • api.cloudcovermusic.com
  • api2.cloudcovermusic.com
  • api3.cloudcovermusic.com
  • api5.cloudcovermusic.com
  • media.cloudcovermusic.com
  • media2.cloudcovermusic.com
  • sqs.us-east-1.amazonaws.com
  • queue.amazonaws.com
  • cognito-identity.us-east-1.amazonaws.com
  • hr97cab2ci.execute-api.us-east-1.amazonaws.com

Note: allowing the wildcards for *.cloudcovermusic.com and *.amazonaws.com saves adding separate entries if compliant with company security policies. 

The CloudBox also needs to connect to an NTP server on port 123 (egress) to get the time and date, which is used for the certificate to verify and connect over https.

The CloudBox’s MAC address may also need to be whitelisted. The unique MAC address is labeled on the Box, and will resemble 00:40:63:1C:AE:38. The CloudBox will need to be power cycled before the new whitelist settings are applied.

If your firewall/proxy or endpoints have content filters installed, the following audio file types need to be allowed: OGG, MP4 (AAC Codec) and MP3

Did this answer your question?