Hardware Overview & Set Up
      Back to home
      1. Penny Black Support
      2. Warehouses
      3. Hardware Overview & Set Up

      Satellite network requirements

      This document outlines the network requirements in order for a satellite to function as expected. It is intended for IT network administrators.

      Requirements

      Wi-Fi

      ⚠️ This needs to be configured ahead of time, before the satellites are shipped to site.

      If the satellite is connecting via Wi-Fi we need:

      1. Network SSID (name)
      2. Password

      Connecting to a printer

      Usually, the printer will be connected directly to the satellite, however, if this is not the case and it is connected to the network then:

      1. The satellite and printer must be on the same network
      2. The printer must have a static IP so that the satellite can communicate with it
      3. Network policies must allow the satellite to communicate with the printer on TCP port 631
      4. The IP Address must be provided to Penny Black for configuring on the satellite

      Penny Black API access

      The satellite must be able to communicate with the Penny Black platform’s API in order to receive print data and report back the status of print jobs. It must also be accessible remotely for Penny Black engineers in order to run diagnostics from time to time.

      ⚠️ If you are concerned about network access Penny Black engineers may have, see the General recommendations below for suggested policies that would limit access.

      The following access is needed:

      1. Outbound network access on TCP port 22 to [vpn.pennyblack.io](<http://vpn.pennyblack.io>). this allows engineers to run diagnostics.
      2. Outbound network access on TCP port 8883 to iot.pennyblack.io - this allows the satellite to exchange print information with the Penny Black platform API

      Software updates

      1. Outbound network access on TCP port 443 to satellite-releases.pennyblack.io and deb.nodesource.com - the latter is to support operating system and system package updates
      2. Outbound network access on TCP port 80 to raspbian.raspberrypi.org and archive.raspberrypi.org - this allows system package updates to be downloaded and applied
      3. Outbound network access on TCP port 443 to [api.pennyblack.io](<http://api.pennyblack.io>) - this allows the fetching of release information for a satellite software update

      Logging & Health Checks

      We track the health of the satellite and printer so we can be alerted of any issues.

      1. Outbound allow mimir.observatory.pennyblack.io on TCP port 443
      2. Outbound allow [loki.observatory.pennyblack.io](<http://loki.observatory.pennyblack.io>) on TCP port 443

      Firewall Rules

      A condensed list of firewall rules summarising the above requirements.

      **ALLOW**
TCP 80   [raspbian.raspberrypi.org](<http://raspbian.raspberrypi.org/>)
TCP 80   [archive.raspberrypi.org](<http://archive.raspberrypi.org/>)
TCP 443  [deb.nodesource.com](<http://deb.nodesource.com/>)
TCP 443  [api.pennyblack.io](<http://api.pennyblack.io/>)
TCP 443  [satellite-releases.pennyblack.io](<http://satellite-releases.pennyblack.io/>)
TCP 443  [mimir.observatory.pennyblack.io](<http://mimir.observatory.pennyblack.io/>)
TCP 443  [loki.observatory.pennyblack.io](<http://loki.observatory.pennyblack.io/>)
TCP 22   [vpn.pennyblack.io](<http://vpn.pennyblack.io/>)
TCP 8883 [iot.pennyblack.io](<http://iot.pennyblack.io/>)

      General recommendations

      In a default setup, where the printer is connected directly to the Penny Black satellite we recommend the following:

      1. Apply network policies outlined in the Requirements section above only
      2. OPTIONAL: Allocate the satellite to its own subnet
      3. OPTIONAL: Ensure that the satellite cannot communicate with any other devices on your network

      Static IP address assignment

      In cases where a static IP address is required we recommend assigning the IP using DHCP to either the specific ethernet port to which the satellite is connected or if this is not possible, for example when on WiFi, then associating the IP to the MAC address.

      If this approach is not possible and you instead need us to manually set a static IP then we would need the following details

      • IP Address eg. 192.168.0.121
      • Subnet eg. 255.255.255.0
      • Gateway eg. 192.168.0.1
      • DNS These are typically allocated by your ISP, alternatively we can use public DNS servers such as Google (8.8.8.8) or CloudFlare (1.1.1.1).

      If using a public IP address please ensure traffic to the address given on both TCP and UDP is allowed on port 53

      ⚠️ If you use a Static IP address and change the network then the satellite will no longer function and must be returned to Penny Black. Please inform us ahead of such changes so that we can help with the migration.