Device Onboarding

Recommended Customer Best Practices

While CytoTronics makes every effort to deliver a secure device and deploy timely security patches, we recommend that customers treat this device with the same on-site security measures as for other IoT or untrusted devices (e.g. smart thermostats, guest devices). For example:

Isolate the device Pixel device from the main corporate network (e.g. using a VLAN)
Use maximally restrictive firewall rules. If outbound connections are blocked by default, ensure exceptions are made for the end points in the table below.

Required Outgoing Endpoints

Ensure that the network is configured to allow the device to make outbound connections to the following endpoints. No inbound connections are required.

To test that each of these endpoints is reachable, we provide an automated tool at https://cytotronics.io/network-test.

Host	Protocol	Port	Purpose
api.cytotronics.io	HTTPS	TCP 443	Measurement Storage
telemetry.cytotronics.io	HTTPS	TCP 443	Metrics and Logging
cytotronics-prod-data-default.s3.us-east-2.amazonaws.com	HTTPS	TCP 443	Measurement Storage
hosted.mender.io	HTTPS	TCP 443	OTA Firmware Updates
282558057640.dkr.ecr.us-east-2.amazonaws.com	HTTPS	TCP 443	OTA Firmware Updates
ecr.us-east-2.amazonaws.com	HTTPS	TCP 443	OTA Firmware Updates
api.ecr.us-east-2.amazonaws.com	HTTPS	TCP 443	OTA Firmware Updates
prod-us-east-2-starport-layer-bucket.s3.us-east-2.amazonaws.com	HTTPS	TCP 443	OTA Firmware Updates
c271964d41749feb10da762816c952ee.r2.cloudflarestorage.com	HTTPS	TCP 443	OTA Firmware Updates
time.aws.com (*)	NTP	UDP 123	Time Sync

(*) NTP Alternative
As an alternative to allowing outgoing NTP traffic, the device supports configuring a custom NTP server, which can be local to your internal network. See section 7 of the User Manual.

Upload Bandwidth

The Pixel device requires minimum 50 Mbps upload bandwidth to support the large scanning measurements that are collected and uploaded based on a user-configured scanning schedule.