Network Requirements
This section lists the network and server requirements for InGenius.
Firewall Configuration
If you are using a firewall to restrict user access to the internet, you will need to follow the instructions on this page in order for the InGenius Admin and client applications to work correctly. You can either allow a list of domain names or allowlist a range of IP addresses.
1. Allowing Domain Names:
It is recommended that you use domains for outbound connections as it is simpler to manage and less prone to error. InGenius applications, authentication servers, and data hosting are served from Amazon's cloud based services across a range of IP addresses, and the addresses used to host those files are subject to change. Domains offer a reliable way to configure your connection without the need to continually update and monitor an IP range for any changes.
Domains are deployed according to region, and the <region> parameter in the table below will correspond to one of the following depending on your deployment:
-
ca-central-1
-
us-west-2
-
eu-west-1
-
ap-southeast-2
(e.g https://app.ca-central-1.ingenius.com)
If your network uses a firewall or allowlist, you must ensure that all of the following domains are accessible by the communicating components:
| Domain | Communication | Details |
| https://ingenius.auth.<region>.amazoncognito.com |
User Browser → Cloud CRM → Cloud |
Used for user authentication with Note: The "ingenius." segment of the domain is variable per release, and will need to be updated in the firewall or allowlist you maintain. |
| https://cognito-idp.<region>.amazonaws.com |
User Browser → Cloud Gateway → Cloud |
Used for user authentication with Note: The 'ServerSerivce.exe' requests through this URL and will require access. |
| https://app.<region>.ingenius.com |
User Browser → Cloud User Browser → CRM User Browser → Telephony |
Used to deliver browser based applications for InGenius. Note: Must be added to Salesforce CORS Allowlist |
| https://data.<region>.ingenius.com |
User Browser → Cloud |
Used to communicate with the InGenius application, involved in data retrieval and storage. |
| https://api.<region>.ingenius.com |
User Browser → Cloud |
Used to communicate with the InGenius application, involved in data retrieval and storage. |
| http://cdnjs.cloudflare.com |
User Browser → Cloud |
Used to deliver static content through a content delivery network. |
| InGenius Gateway Server URL |
User Browser → Gateway |
Used by the gateway to communicate with on-premise telephony |
Note: For more information on Salesforce Cross-Origin Resource Sharing (CORS), and how to add domains to the Salesforce CORS Allowlist, refer to the official Salesforce documentation.
2. Allowing IP Address Ranges:
As InGenius is hosted in a public cloud environment, IP addresses can change at any time. The addresses utilized by InGenius are drawn from a large public pool, which is also drawn from by many other organizations and services. If InGenius hosted services need to be moved or modified for security or performance reasons, Amazon AWS reassigns the IP addresses used from the corresponding pools. Making all of these addresses available to your network ensures that InGenius services are always accessible and securely connected.
To ensure that your users are able to connect to InGenius, verify that the following IP addresses are not being blocked by your firewall:
Note: Because Amazon IP addresses can change at any time, it is recommended that you allowlist domain names instead to allow your users access as described in the previous section. If you prefer to use IP addresses, continue with this section.
| Origin | IP addresses | Description |
| InGenius / AWS | See the Amazon AWS IP address ranges JSON file here. |
InGenius applications are hosted through Amazon AWS services. This service hosts a large set of dynamic IP addresses deployed per region which may frequently change. You are only required to allowlist addresses from the regional subset that you are deployed under. Using the AWS Tools for Windows Powershell, you can query the JSON file of Amazon addresses for the ones in your region, as per the following example:
In particular, note the two parameters; ServiceKey (AMAZON), and region (ca-central-1). The above example would list all of the addresses in the Amazon subset in the ca-central-1 region. Querying the same way, within the Amazon subset and in your deployed region, will result in all of the addresses you are required to allowlist. For more information on AWS IP address ranges, how to be notified of any changes to those addresses, and how to more easily parse through the AWS JSON file, refer to the AWS documentation here. |