# Network Considerations Easy2Patch integrates with Microsoft SCCM and Intune to deliver third-party software updates. For proper operation, specific network endpoints and firewall rules must be allowed. This document outlines the necessary access in compliance with the architecture diagram. ### Internet Access Requirements #### Required Domains: | Purpose | URL | Notes | | ------------------ | --------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | | Licensing | `https://license.arksoft.com.tr` | Used for license validation and activation. | | Catalog access | `https://*.easy2patch.com` | Access to update metadata, console communication. | | Update source URLs | | Contains the list of vendor domains that Easy2Patch uses to fetch binaries (e.g., Adobe, Google). | | Microsoft Intune | | Contains the list of URLs for Intune connection | #### Ports: * **TCP 443 (HTTPS)** * **TCP 80 (HTTP)** – used by some vendor websites (not preferred) **Note:** Although HTTPS is default, some vendors may only serve their binaries over HTTP (e.g., older web servers). Therefore, both ports must be allowed. *** ### 🖥️ SCCM Server Role Requirements Easy2Patch must be installed on the SCCM server that hosts: * **WSUS** (Windows Server Update Services) * **SUP** (Software Update Point) role #### Required Internal Communication: | Source | Destination | Protocol/Port | Description | | ---------------------------------- | -------------------- | ------------------- | -------------------------------------------------------- | | SCCM Site Server and SUP Role | Internet | TCP 80/443 | Downloads updates from vendors | | Easy2Patch (WSUS/SUP) | AD Domain Controller | TCP 389, TCP/UDP 88 | LDAP & Kerberos (for AD login/authentication) | | Clients (Only Management Clientsd) | SCCM Server | TCP 443 (default) | Management clients communicate with SUP/WSUS for updates | > 📌 **Note:** The port used by client → SCCM SUP is configurable via IIS. Ensure the selected port for Easy2Patch (default 443) is allowed. ### 🔐 Licensing & Expiry * Easy2Patch contacts `license.arksoft.com.tr` to assign a license. * If the license server is unreachable: * The license remains active for **48 hours**. * After that, the license is **freed and unassigned**. * Once the license is reacquired, it is **automatically re-assigned**. > ✅ No manual re-activation is required after recovery. ### 📦 Intune Integration (Optional) If you plan to use Easy2Patch with Microsoft Intune: * Ensure outbound access to **all URLs and IP ranges listed by Microsoft**: * Refer to: Intune Endpoints * These are required for: * App creation * Deployment through Microsoft Graph API * Tenant validation ### 🧱 Firewall Configuration Summary | From | To | Protocol | Port | Purpose | | --------------------- | ---------------------- | -------- | ------- | ------------------------------------------ | | SCCM Site Server | Internet | TCP | 443, 80 | Download update binaries from vendor sites | | Easy2Patch (WSUS/SUP) | license.arksoft.com.tr | TCP | 443 | License assignment | | Easy2Patch (WSUS/SUP) | \*.easy2patch.com | TCP | 443 | Catalog, metadata, UI API | | Easy2Patch | AD Domain Controller | TCP/UDP | 389, 88 | LDAP/Kerberos Authentication | | Easy2Patch (WSUS/SUP) | Intune endpoints | TCP | 443 | App deployment via Microsoft Graph | ### Reference Architecture As visualized in the network diagram, Easy2Patch functions as a bridge between your SCCM/Intune infrastructure and the vendor update sources over the internet. All communication flows through secure, authenticated channels with fallback mechanisms to preserve license state for up to 48 hours.