Older Satellite Hardware (Raspberry PI)
      Back to home
      1. Penny Black Support
      2. Warehouses
      3. Older Satellite Hardware (Raspberry PI)

      Satellite v1 (Raspberry PI) - Network requirements

      This document outlines the network requirements for a satellite to function as expected. It is intended for IT network administrators.

       

      This page is for legacy Raspberry PI Satellites (version 1). For the latest network requirements for a router Satellite see Satellite Network Requirements.

      Connection Requirements

      Wi-Fi

      This needs to be configured in advance of the Satellites being shipped to the site.

      If the Satellite is connecting via Wi-Fi we need:

      1. Network SSID (name)
      2. Password

      Static IP address assignment

      In cases where a static IP address is required for the Satellite, we recommend assigning the IP using DHCP to either the specific ethernet port to which the satellite is connected or if this is not possible, for example when on WiFi, then associating the IP to the MAC address.

      If this approach is not possible and you instead need us to manually set a static IP then we would need the following details:

      • IP Address eg. 192.168.0.121
      • Subnet eg. 255.255.255.0
      • Gateway eg. 192.168.0.1
      • DNS These are typically allocated by your ISP, alternatively, we can use public DNS servers such as Google (8.8.8.8) or CloudFlare (1.1.1.1).

      If using a public IP address please ensure traffic to the address given on both TCP and UDP is allowed on port 53

      If you use a Static IP address and change the network then the satellite will no longer function and must be returned to Penny Black. Please inform us ahead of such changes so that we can help with the migration.

      Connecting to a printer on your network

      Usually, the printer will be connected directly to the Satellite, however, if this is not the case and it is connected via your network then:

      1. The Satellite and printer must be on the same network
      2. The printer must have a static IP so that the Satellite can communicate with it
      3. Network policies must allow the Satellite to communicate with the printer on TCP port 631
      4. The IP Address must be provided to Penny Black for configuring on the Satellite

      External communication & firewalls

      General recommendations

      In a default setup, where the printer is connected directly to the Penny Black Satellite we recommend the following:

      1. Apply network policies outlined below only
      2. OPTIONAL: Allocate the satellite to its own subnet
      3. OPTIONAL: Ensure that the Satellite cannot communicate with any other devices on your network

      Penny Black API access

      The Satellite must communicate with the Penny Black platform’s API to receive print data and report back the status of print jobs. It must also be accessible remotely for Penny Black engineers to run diagnostics.

      If you are concerned about network access Penny Black engineers may have, see the General recommendations below for suggested policies to limit access.

      The following access is needed:

      1. Outbound network access on TCP port 22 to [vpn.pennyblack.io](<http://vpn.pennyblack.io>)This allows engineers to run diagnostics.
      2. Outbound network access on TCP port 8883 to iot.pennyblack.io . This allows the Satellite to exchange print information with the Penny Black platform API

      Software updates

      1. Outbound network access on TCP port 443 to satellite-releases.pennyblack.io and deb.nodesource.com - the latter is to support operating system and system package updates
      2. Outbound network access on TCP port 80 to raspbian.raspberrypi.org and archive.raspberrypi.org - this allows system package updates to be downloaded and applied
      3. Outbound network access on TCP port 443 to [api.pennyblack.io](<http://api.pennyblack.io>) - this allows the fetching of release information for a satellite software update

      Logging & Health Checks

      We track the health of the satellite and printer so we can be alerted of any issues.

      1. Outbound allow mimir.observatory.pennyblack.io on TCP port 443
      2. Outbound allow vector.observatory.pennyblack.io on TCP port 443

      Firewall Rules

      A condensed list of firewall rules summarising the above requirements.

      **ALLOW**
TCP 80   [raspbian.raspberrypi.org](<http://raspbian.raspberrypi.org/>)
TCP 80   [archive.raspberrypi.org](<http://archive.raspberrypi.org/>)
TCP 443  [deb.nodesource.com](<http://deb.nodesource.com/>)
TCP 443  [api.pennyblack.io](<http://api.pennyblack.io/>)
TCP 443  [satellite-releases.pennyblack.io](<http://satellite-releases.pennyblack.io/>)
TCP 443  [mimir.observatory.pennyblack.io](<http://mimir.observatory.pennyblack.io/>)
TCP 443  [loki.observatory.pennyblack.io](<http://loki.observatory.pennyblack.io/>)
TCP 22   [vpn.pennyblack.io](<http://vpn.pennyblack.io/>)
TCP 8883 [iot.pennyblack.io](<http://iot.pennyblack.io/>)