Morro global file system is built on top of the public cloud infrastructure, such as AWS, Wasabi, Azure, etc. For the cloud-based file system to function, CacheDrive needs to access the cloud, needing to use only HTTPS (port 443) to communicate with cloud resources, so you must enable all HTTPS (port 443) outbound traffic.


Traditionally, administrators can help secure their network by restricting outbound connections to known trusted IP addresses, also known as whitelisting.  This was meant to prevent devices from accessing unauthorized sites. However, cloud services can be dynamic and scalable and are not necessarily at fixed IP addresses. It may grow address ranges as service grows. 


For Morro CacheDrive and Morro Edge devices, we strongly recommend against whitelisting outbound destinations by IP address.  While a given list of IP addresses may work today, there is no guarantee that they will continue to work tomorrow as Morro's cloud services and cloud storage providers continue to grow.  If the IP addresses for cloud storage or services change to the outside of the whitelisted range, access issues may arise.  


Instead of whitelisting IP addresses, we recommend using URLs instead. Please see the following lists of URLs used for the Morro Data Global File Services. As our service grows, the lists may be updated as needed. We reserve the right to update these lists without prior notice.


Amazon S3

To find the URL for your S3-based cloud storage, see the following article:


https://docs.aws.amazon.com/general/latest/gr/rande.html

https://aws.amazon.com/premiumsupport/knowledge-center/s3-find-ip-address-ranges/


For example, if your cloud storage uses S3 region us-west-1, the URL would be:


https://s3.us-west-1.amazonaws.com

https://*.s3.amazonaws.com (https://mc-dlink-production.s3.amazonaws.com for share link)

https://*.s3.us-west-1.amazonaws.com



Wasabi

To find the URL for your Wasabi-based cloud storage, see the following article:


https://wasabi-support.zendesk.com/hc/en-us/articles/360015106031-What-are-the-service-URLs-for-Wasabi-s-different-regions-


For share link:

https://mc-dlink-production.s3.wasabisys.com


Morro Cloud Services

Morro uses the following destinations for outbound connections:


discovery.morrodata.com (device discovery)
smcd.morrodata.com (cloud server)
yoursubdomain.morrodata.com (MCM)
sqs.us-west-2.amazonaws.com (communication server)
mlock.morrodata.com   (RTC US West)
mlock-va.morrodata.com (RTC US East)
mlock-jp.morrodata.com (RTC Japan)
52.8.71.105 (remote support)

duujyvyqgknm1.cloudfront.net (firmware download)


Other Services

If you want to use additional services below host is required to be white-listed.

mc-dlink-production.s3.amazonaws.com  (for creating share link)


Note

In order to enhance Morro Services, we may use other endpoints in the future. Currently we mainly use Amazon AWS service as our platform, however we may use other cloud service in the future. We recommend to allow access to whole cloud if possible. Currently we recommend at least following endpoint to be white listed, "*.morrodata.com",  "*.amazonaws.com", "*.cloudfront.net". Also "52.8.71.105" is needed when you request remote support.