Morro global file system is built on top of the public cloud infrastructure, such as AWS, Azure, Wasabi, etc. For the cloud-based file system to function, CacheDrive needs to access the cloud, needing to use only HTTPS (port 443) to communicate with cloud resources, so you must enable all HTTPS (port 443) outbound traffic.


Please also reference below for the requirements for open ports:

https://support.morrodata.com/a/solutions/articles/14000060512?lang=en


Traditionally, administrators can help secure their network by restricting outbound connections to known trusted IP addresses, also known as whitelisting.  This was meant to prevent devices from accessing unauthorized sites. However, cloud services can be dynamic and scalable and are not necessarily at fixed IP addresses. It may grow address ranges as the service grows. 


For Morro CacheDrive and Morro Edge devices, we strongly recommend against whitelisting outbound destinations by IP address.  While a given list of IP addresses may work today, there is no guarantee that they will continue to work tomorrow as Morro's cloud services and cloud storage providers continue to grow.  If the IP addresses for cloud storage or services change to the outside of the whitelisted range, access issues may arise.  


Instead of whitelisting IP addresses, we recommend using URLs instead. Please see the following lists of URLs used for the Morro Data Global File Services. As our service grows, the lists may be updated as needed. We reserve the right to update these lists without prior notice.


Amazon S3

To find the URL for your S3-based cloud storage, see the following article:


https://docs.aws.amazon.com/general/latest/gr/rande.html

https://aws.amazon.com/premiumsupport/knowledge-center/s3-find-ip-address-ranges/


For example, if your cloud storage uses S3 region us-west-1, the URL would be:


https://s3.us-west-1.amazonaws.com

https://*.s3.amazonaws.com (https://mc-dlink-production.s3.amazonaws.com for share link)

https://*.s3.us-west-1.amazonaws.com



Wasabi

To find the URL for your Wasabi-based cloud storage, see the following article:


https://wasabi-support.zendesk.com/hc/en-us/articles/360015106031-What-are-the-service-URLs-for-Wasabi-s-different-regions-


For share link:

https://mc-dlink-production.s3.wasabisys.com


Morro Cloud Services

Morro uses the following destinations for outbound connections. Actual IP address may change as our service grow.


End PointPurposeRequired Port, Notes
discovery.morrodata.com Device Discovery, etc.443
smcd.morrodata.comCloud Sync443
yoursubdomain.morrodata.comMCM443
sqs.us-west-2.amazonaws.comPush notification for Sync443
mlock.morrodata.com  RTC Service (US West)443
mlock-va.morrodata.comRTC Service (US East)443
mlock-jp.morrodata.comRTC Service (Japan)443
52.8.71.105Remote Support 22. (Outbound connection only)
duujyvyqgknm1.cloudfront.netFirmware download443


Other Services

If you want to use the additional services below host is required to be white-listed.

mc-dlink-production.s3.amazonaws.com  (for creating share link)


Standard Internet Services

We use following standard internet services. Outbound connection should be allowed if need to use cloud based service.

Service NamePortPurposeNote
NTPUDP/123Time SynchronizationYou can configure NTP server address via DHCP. If not set by DHCP, we use default servers. (time.google.com, etc.)
Time must be synchronized, otherwise authentication will be failed.
DNSUDP+TCP/53Name resolutionYou can configure DNS server address via DHCP. If not set by DHCP, we use fallback server 8.8.8.8, 8.8.4.4, etc.


Notes

In order to enhance Morro Services, we may use other endpoints in the future. Currently, we mainly use Amazon AWS service as the server platform, however, we may use other cloud services in the future. We recommend allowing access to the whole cloud if possible. Currently, we recommend at least the following endpoints to be white-listed, "*.morrodata.com",  "*.amazonaws.com", "*.cloudfront.net". Also "52.8.71.105" is needed when you request remote support.


Cisco Umbrella Users

Cisco Umbrella may act as a proxy for some of the domains used by your Morro storage system.  This can cause SSL certificate issues that prevent access to Morro's cloud services or to cloud storage backends.  To avoid these issues, make sure that Cisco Umbrella is configured to allow direct access to the domains in the outbound connections list.


Please also reference below for the requirements for open ports:

https://support.morrodata.com/a/solutions/articles/14000060512?lang=en