# Network Considerations

Easy2Patch integrates with Microsoft SCCM and Intune to deliver third-party software updates. For proper operation, specific network endpoints and firewall rules must be allowed. This document outlines the necessary access in compliance with the architecture diagram.

### Internet Access Requirements

#### Required Domains:

| Purpose            | URL                                                                                     | Notes                                                                                             |
| ------------------ | --------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- |
| Licensing          | `https://license.arksoft.com.tr`                                                        | Used for license validation and activation.                                                       |
| Catalog access     | `https://*.easy2patch.com`                                                              | Access to update metadata, console communication.                                                 |
| Update source URLs | <https://blog.easy2patch.com/domain-list>                                               | Contains the list of vendor domains that Easy2Patch uses to fetch binaries (e.g., Adobe, Google). |
| Microsoft Intune   | <https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/intune-endpoints> | Contains the list of URLs for Intune connection                                                   |

#### Ports:

* **TCP 443 (HTTPS)**
* **TCP 80 (HTTP)** – used by some vendor websites (not preferred)

**Note:** Although HTTPS is default, some vendors may only serve their binaries over HTTP (e.g., older web servers). Therefore, both ports must be allowed.

***

### 🖥️ SCCM Server Role Requirements

Easy2Patch must be installed on the SCCM server that hosts:

* **WSUS** (Windows Server Update Services)
* **SUP** (Software Update Point) role

#### Required Internal Communication:

| Source                             | Destination          | Protocol/Port       | Description                                              |
| ---------------------------------- | -------------------- | ------------------- | -------------------------------------------------------- |
| SCCM Site Server and SUP Role      | Internet             | TCP 80/443          | Downloads updates from vendors                           |
| Easy2Patch (WSUS/SUP)              | AD Domain Controller | TCP 389, TCP/UDP 88 | LDAP & Kerberos (for AD login/authentication)            |
| Clients (Only Management Clientsd) | SCCM Server          | TCP 443 (default)   | Management clients communicate with SUP/WSUS for updates |

> 📌 **Note:** The port used by client → SCCM SUP is configurable via IIS. Ensure the selected port for Easy2Patch (default 443) is allowed.

### 🔐 Licensing & Expiry

* Easy2Patch contacts `license.arksoft.com.tr` to assign a license.
* If the license server is unreachable:
  * The license remains active for **48 hours**.
  * After that, the license is **freed and unassigned**.
* Once the license is reacquired, it is **automatically re-assigned**.

> ✅ No manual re-activation is required after recovery.

### 📦 Intune Integration (Optional)

If you plan to use Easy2Patch with Microsoft Intune:

* Ensure outbound access to **all URLs and IP ranges listed by Microsoft**:
  * Refer to: Intune Endpoints
* These are required for:
  * App creation
  * Deployment through Microsoft Graph API
  * Tenant validation

### 🧱 Firewall Configuration Summary

| From                  | To                     | Protocol | Port    | Purpose                                    |
| --------------------- | ---------------------- | -------- | ------- | ------------------------------------------ |
| SCCM Site Server      | Internet               | TCP      | 443, 80 | Download update binaries from vendor sites |
| Easy2Patch (WSUS/SUP) | license.arksoft.com.tr | TCP      | 443     | License assignment                         |
| Easy2Patch (WSUS/SUP) | \*.easy2patch.com      | TCP      | 443     | Catalog, metadata, UI API                  |
| Easy2Patch            | AD Domain Controller   | TCP/UDP  | 389, 88 | LDAP/Kerberos Authentication               |
| Easy2Patch (WSUS/SUP) | Intune endpoints       | TCP      | 443     | App deployment via Microsoft Graph         |

### Reference Architecture

As visualized in the network diagram, Easy2Patch functions as a bridge between your SCCM/Intune infrastructure and the vendor update sources over the internet. All communication flows through secure, authenticated channels with fallback mechanisms to preserve license state for up to 48 hours.

<figure><img src="/files/DrRYKMxcLymboHITVDHY" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.easy2patch.com/planning/network-considerations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.