Network Considerations

Scope: Easy2Patch (All Versions)

Easy2Patch integrates with Microsoft SCCM and Intune to deliver third-party software updates. For proper operation, specific network endpoints and firewall rules must be allowed. This document outlines the necessary access in compliance with the architecture diagram.

Internet Access Requirements

Required Domains:

Purpose
URL
Notes

Licensing

https://license.arksoft.com.tr

Used for license validation and activation.

Catalog access

https://*.easy2patch.com

Access to update metadata, console communication.

Update source URLs

https://blog.easy2patch.com/domain-list

Contains the list of vendor domains that Easy2Patch uses to fetch binaries (e.g., Adobe, Google).

Microsoft Intune

https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/intune-endpoints

Contains the list of URLs for Intune connection

Ports:

  • TCP 443 (HTTPS)

  • TCP 80 (HTTP) – used by some vendor websites (not preferred)

Note: Although HTTPS is default, some vendors may only serve their binaries over HTTP (e.g., older web servers). Therefore, both ports must be allowed.


🖥️ SCCM Server Role Requirements

Easy2Patch must be installed on the SCCM server that hosts:

  • WSUS (Windows Server Update Services)

  • SUP (Software Update Point) role

Required Internal Communication:

Source
Destination
Protocol/Port
Description

SCCM Site Server and SUP Role

Internet

TCP 80/443

Downloads updates from vendors

Easy2Patch (WSUS/SUP)

AD Domain Controller

TCP 389, TCP/UDP 88

LDAP & Kerberos (for AD login/authentication)

Clients (Only Management Clientsd)

SCCM Server

TCP 443 (default)

Management clients communicate with SUP/WSUS for updates

📌 Note: The port used by client → SCCM SUP is configurable via IIS. Ensure the selected port for Easy2Patch (default 443) is allowed.

🔐 Licensing & Expiry

  • Easy2Patch contacts license.arksoft.com.tr to assign a license.

  • If the license server is unreachable:

    • The license remains active for 48 hours.

    • After that, the license is freed and unassigned.

  • Once the license is reacquired, it is automatically re-assigned.

✅ No manual re-activation is required after recovery.

📦 Intune Integration (Optional)

If you plan to use Easy2Patch with Microsoft Intune:

  • Ensure outbound access to all URLs and IP ranges listed by Microsoft:

    • Refer to: Intune Endpoints

  • These are required for:

    • App creation

    • Deployment through Microsoft Graph API

    • Tenant validation

🧱 Firewall Configuration Summary

From
To
Protocol
Port
Purpose

SCCM Site Server

Internet

TCP

443, 80

Download update binaries from vendor sites

Easy2Patch (WSUS/SUP)

license.arksoft.com.tr

TCP

443

License assignment

Easy2Patch (WSUS/SUP)

*.easy2patch.com

TCP

443

Catalog, metadata, UI API

Easy2Patch

AD Domain Controller

TCP/UDP

389, 88

LDAP/Kerberos Authentication

Easy2Patch (WSUS/SUP)

Intune endpoints

TCP

443

App deployment via Microsoft Graph

Reference Architecture

As visualized in the network diagram, Easy2Patch functions as a bridge between your SCCM/Intune infrastructure and the vendor update sources over the internet. All communication flows through secure, authenticated channels with fallback mechanisms to preserve license state for up to 48 hours.

Last updated