0. Network Requirements

Overview

The document marks numbers for terms such as “deviceShare Enterprise[5]” to denote Kobiton-specific concepts, kindly see section 5. Glossary at the bottom for their definitions.

 

Kobiton’s architecture provides the ability for mobile devices to be hosted within the customer’s location and connect these devices to the Kobiton Cloud. This is the customer-hosted devices model, which is described in the high-level diagram below.Screen_Shot_2022-09-08_at_4.14.28_PM.png

Customers can host their devices inside their organization premises and connect them to the Kobiton cloud. In this model, they will have:

  • One (or multiple) workstations[1] to run Kobiton deviceShare Enterprise (DSE)[5] and Device App Signing (DAS)[6] which controls plugged-in devices
  • Optionally, one (or multiple) Dell[2] servers to run Kobiton GEM[7]

Kobiton Users[8] will access the Kobiton Portal[3] from inside of the organization network and/or their personal network (house or coffee shop).

This document describes the network requirements of the customer-hosted devices model that the organization network needs to qualify, so that the Kobiton software inside the customer’s network can function and the Kobiton User can use Kobiton.

 

Network Requirements

This section describes mandatory network requirements which are required for Kobiton software (DSE, DAS) on the workstation, mobile devices, and Kobiton User’s PC to function well and connect to the Kobiton Portal.

 

Network Connections

The network connections for these components are depicted below:

Screen_Shot_2022-09-08_at_4.16.10_PM.pngThe connection is represented as a colored line with a label (like T(3)). The arrow in the line indicates the listening side of the communication, so A --> B means A is the initiator of the connection (e.g. the client side) and B is the receiver of the connection (e.g. the server side).

The above diagram shows that all components always initialize connections (e.g. client role) to the Kobiton Portal and AWS S3 (e.g. server role).

Customer-hosted devices must use the customer Wifi network where the devices are located.

The line (H4) is just a demonstration of a case where the Kobiton User is outside of the organization network. There is no action needed for it in this section.

 

Requirements

All of the servers in Kobiton Portal and S3 serve at port 443 and there are many server addresses. The below table lists these addresses which are connected by clients inside the organization’s network:

Num.

Domain

Application Protocol

Description

1

portal.kobiton.com

HTTPS, HTTP/1.1 and 2

The web server serving the web asset files for Kobiton Portal site

2

api.kobiton.com

HTTPS, HTTP/1.1 and 2

The REST API server. It’s used for the Portal frontend app, customer Appium scripts and customer scripts integrating to Kobiton

3

prod-api-grpc.kobiton.com

HTTPS gRPC, HTTP/2

The gRPC servers consumed by Kobiton software on the Linux / Mac computer i.e. deviceConnect, deviceShare

4

prod-ws-hub-[1-15].kobiton.com


For instance: prod-ws-hub-1.kobiton.com , prod-ws-hub-2.kobiton.com

HTTPS Websocket, HTTP/1.1

The Websocket servers consumed by the Portal frontend app to receive device data when being-used like screenshots, logs, etc.

5

prod-grpc-[1-15].kobiton.com


For instance: prod-grpc-1.kobiton.com , prod-grpc-2.kobiton.com

HTTPS gRPC, HTTP/1.1 and 2

The gRPC servers consumed by the Portal frontend app to receive device data when being-used like screenshots, logs, etc.

6

s3.amazonaws.com

kobiton.s3.ap-south-1.amazonaws.com

HTTPS, HTTP/1.1 and 2

The Kobiton-owned AWS S3 bucket which keeps large binary files like session screenshots, video, etc.

 

The below table lists the listening port and application protocol on the workstation inside the organization’s network.

Machine

Port

Application Protocol

Description

Workstation

22

SSH

Allow the GEM to communicate with DSE

10160

TCP, Kobiton in-house protocol

Allow the Kobiton virtualUSB application to communicate with DSE

Dell server

22

SSH

Allow DSE to communicate with GEM

 

10162

TCP, Kobiton in-house protocol

Allow DSE to communicate with GEM

 

The organization network needs to allow connections set out in the above diagram to Kobiton servers. A more detailed description of connections is below. Note: the value in Kobiton Portal servers column is the Num. column at the above table. For instance, the 2 means the server at https://api.kobiton.com

Connection

Kobiton Portal Servers

Description

(H1)

2

The mobile devices have an internal heartbeat for initializing HTTP requests to the Kobiton server.

There is a report feature called Device Network Connectivity, which requires the above connectivity. This report is enabled by default but you can opt-out through setting in dc.ini , and then the mobile device won’t send any more.

(H2)

3 and 7

DSE and DAS initialize gRPC calls to Kobiton Portal.

And they also initialize HTTP requests to AWS S3 for retrieving and uploading binary files like app installer.

(H3)

1, 2, 4 to 7

The Portal Web[4] makes calls to these Kobiton servers.

(T3)

Both the workstation and Dell server initialize connections to each other.

In case your deployment doesn’t have Dell server, please ignore this connectivity.

 

Network Requirements for Lightning Mode

DISREGARD this section if the Kobiton setup in the organization doesn’t have the Dell server, as the Dell server is required for Lighting mode.

 

The GEM in the Dell server provides the capability of streaming the video of the device screen at 30 frames per second (fps) in a Manual session. This capability is called Lightning mode.

 

This section describes the network requirements to enable Lightning mode. In case the organization network doesn’t meet the requirements, the Kobiton Portal has a fallback capability to use screenshots for rendering the device screen. Although this behavior consumes a larger bandwidth than video, the Manual session still functions as is.

 

This video streaming technology requires direct connectivity between the Kobiton User’s PC and the Dell server. The GEM listens on the port range of 30000-65535 in DTLS (Datagram Transport Layer Security) application protocol. However, the workstation can stay either inside or outside of the organization’s network. The network requirement depends on what kind of networking technique the organization uses for the outside workstation reaching to the Dell server.

 

The network engineer from the organization needs to review 02 below sections The requirements with VPN and The requirements with Port-Forwarding and choose the appropriate option since the configuration step at setup GEM depends on the decision here

 

The Requirement with VPN

If the organization already has a VPN in place, Kobiton highly recommends to use this approach as it causes less network infrastructural work and more scalability for more Dell servers.

 

When the organization uses VPN for their outside Kobiton User’s PC to connect to the internal server Dell, the network diagram for the Lighting mode looks like below:Screen_Shot_2022-09-08_at_4.24.48_PM.png

In this type, the Operator[9] configures the Private IP[10] of the Dell server for GEM, and this IP is advertised to the Kobiton User’s PC when activating the Lightning mode. It means the PC receives the same IP no matter what is inside or outside of the organization’s network.

Connections in the above diagram are explained in the below table and the organization network needs to allow them to enable the Lightning mode.

 

Connectivity 

Description

(U2a)

The VPN routing allows the outside PC to reach inside Dell server by its Private IP through VPN connection

(U2b)

The VPN routing allows the inside Dell server to reach outside PC by its VPN IP through VPN connection

(U1)

The network organization allows communication between the inside PC and the Dell server

 

The Requirement with Port-Forwarding

When the organization uses the port-forwarding feature on the Firewall to allow the outside Kobiton User’s PC to connect to the internal server Dell, the network diagram for the Lighting mode looks like below:Screen_Shot_2022-09-08_at_4.25.19_PM.png

In this scenario, it requires the system administrator of the organization to do some prior actions below:

  • Work with ISP (Internet Service Provider) to purchase multiple static Outbound IP[11] addresses per each inside Dell server
  • Go to the Firewall, add a port-forwarding setting for each Outbound IP which says:
    • With incoming (from the Internet) UDP traffic at a specific Outbound IP, forward it to a specific inside Dell server
    • With outgoing (to the Internet) UDP traffic from a specific Dell server, allow it to go through (toward to Internet)

For each Dell server, the Operator configures a specific Outbound IP for the GEM, and this IP is advertised to the Kobiton User’s PC when activating the Lightning mode. It means the PC receives the same IP no matter what it’s inside or outside of the organization’s network.

Connections in the above diagram are explained in the table below and the organization network needs to allow them to enable the Lightning mode.

 

Connectivity

Description

(U2a)

The port-forwarding in the Firewall delivers the traffic arriving in a specifc Outbound IP (which sent from outside PC) to a specific Dell server

(U2b)

The organization network allows the GEM to send traffic to the Internet IP of the outside PC

(U1a) (U1b)

The internal PC sends traffic to the internal GEM with Outbound IP of the GEM (since the PC receives the Outbound IP for the GEM’s address), so the organization network requires to route the traffic to the internal GEM instead of toward to the Firewall

(U1c)

The organization network allows the internal GEM to send traffic to the internal PC

 

Guideline: how to get the MAC address of the ethernet card in the Dell server that connects to the organization’s network

In case your network administrator needs to know the MAC address of the ethernet card in the Dell for allowing the network changes in the organization, below is the steps to find that

  • SSH to the Dell server (port 22), below suppose you’re in the SSH shell of the Dell server
  • Execute the below command to show all network interfaces. Note: the snippet below also shows the sample outcome after executing for your reference

[root@nixos:~]# ifconfig

br-4f2b2abb1cb5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 172.28.0.1  netmask 255.255.0.0  broadcast 172.28.255.255

        inet6 fe80::42:3dff:fe5f:66ed  prefixlen 64  scopeid 0x20<link>

        ether 02:42:3d:5f:66:ed  txqueuelen 0  (Ethernet)

        RX packets 356393  bytes 26106192 (24.8 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 379946  bytes 46454760 (44.3 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


eno4: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

        ether 5c:6f:69:27:0e:6d  txqueuelen 1000  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

        device interrupt 17


eno1np0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.35.7  netmask 255.255.255.0  broadcast 192.168.35.255

        inet6 fe80::5e6f:69ff:fe27:e6e  prefixlen 64  scopeid 0x20<link>

        ether 5c:6f:69:27:0e:6e  txqueuelen 1000  (Ethernet)

        RX packets 57973  bytes 6533044 (6.2 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 43318  bytes 2878111 (2.7 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


eno2np1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

        ether 5c:6f:69:27:0e:6f  txqueuelen 1000  (Ethernet)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1000  (Local Loopback)

        RX packets 552743  bytes 67922171 (64.7 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 552743  bytes 67922171 (64.7 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


... (truncated)

 

  • Look for the interfaces with prefix eno1n and pick the one that has a private IP address matching CIDR in your private network. In the above sample, it’s the eno1np0
  • The MAC address is at field ether . In the above sample, the MAC address is 5c:6f:69:27:0e:6e

 

The Network Requirements for Virtual USB

DISREGARD this section if teams using Kobiton in the organization don’t use or don’t have plan to use the Virtual USB feature

 

The Virtual USB feature allows the Kobiton User’s PC to see remote devices as they’re plugged into the machine. This section describes the network requirements to enable the VU (Virtual USB). In case of whatsoever reason that the organization network doesn’t meet the requirement, the feature can’t be used

 

The VU feature is made by communicating between DSE and the VU application running on the Kobiton User’s PC. The VU app connects to the workstation at 10161 TCP port which is handled by DSE. However the PC can locate both inside and outside of the organization, the network requirement depends on what kind of network technique the organization uses for the outside PC to reach the internal DSE.

 

The network engineer from the organization needs to review 02 below sections The requirements with VPN and The requirements with Port-Forwarding and choose the appropriate option since the configuration step at setup DSE depends on the decision here



The Requirement with VPN

If the organization has the VPN system already, Kobiton highly recommends the use of this approach which causes less network infrastructural work and more scalability on having more workstations

 

When the organization uses VPN for the outside Kobiton User’s PC to connect to the DES running on the internal workstation, the network diagram for the VU looks like below:Screen_Shot_2022-09-08_at_4.28.00_PM.png

In this type, the Operator configures the Private IP of the workstation for DSE, and this IP is advertised to the VU app running on Kobiton User’s PC. It means the PC receives the same IP no matter what it’s inside or outside of the organization’s network. Therefore, using VPN allows the outside PC to effortlessly reach the workstation with Private IP

Connections in the above diagram are explained in the table below and the organization network needs to allow them to enable the VU feature.

 

Connectivity

Description

(T1a) (T1b)

The VPN routing allows the outside PC to reach to the workstation by its Private IP through the VPN connection

(T2)

The organization network allows the inside PC to reach the inside workstation by its Private IP

 

The Requirement with Port-Forwarding

When the organization uses the port-forwarding feature on the Firewall to allow the outside Kobiton User’s PC to connect to the internal workstation, the network diagram for the VU looks like below:Screen_Shot_2022-09-08_at_4.28.48_PM.png

In this type, it requires the system administrator of the organization to do some prior actions below:

  • Work with ISP (Internet Service Provider) to purchase one static Outbound IP[11] address
  • Go to the Firewall, add a port-forwarding setting for each inside workstation that says
    • With incoming (from the Internet) TCP traffic at the Outbound IP on a specific available Outbound port, forward it to a specific inside workstation at 10161 port
    • With outgoing (to the Internet) TCP traffic from a specific Dell server and 10161 source port, allow it to go through (toward to Internet)

For each workstation, the Operator configures the Outbound IP and Outbound port for DSE, and this Outbound IP:Outbound port is advertised to the VU app running on Kobiton User's PC. It means the PC receives the same Outbound IP:Outbound port no matter what is inside or outside of the organization's network.

Connections in the above diagram are explained in below table and the organization network needs to allow them for enabling the VU.

 

Connectivity

Description

(T1a)

The outside VU app sends the traffic to the Outbound IP:Outbound port which arrives the Firewall

(T1b)

The port-forwarding in the Firewall delivers the matching traffic (which is sent from outside PC) to a specific workstation at 10161 port

(T2a) (T2b)

The inside VU app sends traffic to the Outbound IP:Outbound port (since it’s configured by the Operator), so the organization network requires to route the traffic to the inside workstation instead of to the Firewall

 

Glossary

  1. Workstation: a desktop computer or Mac desktop (Mac mini, Mac Studio, iMac, etc.)
  2. Dell server: the Dell PowerEdge R740 Rack Server is required by Kobiton setup guideline
  3. Kobiton Portal: the SaaS Kobiton system runs on the AWS cloud and is accessible on the Internet
  4. Portal Web: the Single-page Application within the Kobiton Portal runs at the end user's browser
  5. deviceShare Enterprise (DSE): the Kobiton software deployed in the workstation to control plugged devices
  6. Device App Signing (DAS): the Kobiton software deployed on Mac desktop to resign the iOS app
  7. Graphics Extension Manager (GEM): the Kobiton software provides real-time video and audio (currently, audio is iOS devices only) streaming at 30fps in the Manual session (e.g. Lightning mode).
  8. Kobiton User: the employee or contractor in the organization who uses the Kobiton solution
  9. Operator: the employee in the organization who is responsible for setting up the Kobiton solution in the organization
  10. Private IP: the IP address is reachable only within the organization’s network

Outbound IP: the IP address allocated from ISP (Internet Service Provider) and reachable from the Internet

Was this article helpful?
0 out of 0 found this helpful