Avalara CloudConnect

CloudConnect Setup Guide

Installation Recommendations

1.The preferred implementation is at least two (2) CloudConnect systems for redundancy. Each unit should require only 1U of rack space. Each unit requires two (2) power outlets, each in separate PDU’s, and one (1) Ethernet port. The four (4) Ethernet ports are bonded by default and either may be used. The fifth port is for IPMI.

  1. The preferred implementation is to place all CloudConnect systems in a Private DMZ. This DMZ should allow inbound only from the customer’s network and outbound to the Internet. The systems are fully firewalled and only expose the AvaTax API and only communicates out to Avalara to get content, customer data and security updates. Avalara’s preference is that the system uses a private IP address.

Initial Setup

Once powered on, the LCD will display a booting message and then begin scrolling after approximately one minute. At this point the system is ready to be configured. The system defaults to DHCP. The address it acquires will be displayed on the LCD. To change to static IP address:
1. Use the LCD up/down buttons to select “CHANGE IP” and confirm the selection by using the green checkmark button.
2. Choose the adapter “bond0” by using the up/down buttons and confirm the selection by using the green checkmark button.
3. The following information needs to be confirmed in order: STATIC/DHCP, IP ADDRESS, SUBNET, GATEWAY, DNS 1, DNS 2. Use the up/down buttons to change values and the left/right buttons to change the position. Use the green checkmark button to confirm selections and the red X button to cancel tasks.
4. The system will set the IP address and should be available after a minute.

5. Confirm the setup by pinging the system.

Firewall Configuration

After confirming that all of the systems are online, please configure your firewall to allow the following communication with the system. This information is current as of 04//09/2019 and is subject to change.
Direction Port (Protocol) Source Destination Host/IP Purpose
Inbound 8080 (HTTP) Any System IP AvaTax API
Inbound 8084, 443 (HTTPS) Any System IP AvaTax API
Outbound 7(ICMP) System IP Ping
Outbound 53 (DNS) System IP, DNS lookup
Outbound 123 (NTP) System IP ntp.ubuntu.com Network time protocol
Inbound 30001 (SSH) Any System IP Customer SSH access
Outbound 30001 (SSH) Any tunnel.cloudconnect.avalara.net Remote Administration
Inbound 30009 (HTTP) Any System IP AvaTax engine health
Outbound 443 (HTTPS) System IP avatax.avalara.net Synchronization of content and customer data
Outbound 8084 (HTTPS) System IP avatax.cloudconnect.avalara.net Synchronization of content and customer data
Outbound 443 (HTTPS) System IP ingest.signalfx.com, hooks.slack.com, slack.com, api.opsgenie.com, collectors.sumologic.com, collectors.us2.sumologic.com, endpoint1.collection.us2.sumologic.com, endpoint2.collection.us2.sumologic.com, endpoint3.collection.us2.sumologic.com Metrics collection
Outbound 5671 (HTTPS) System IP c4.cloudconnect.avalara.net Messaging service bus
Outbound 443 (HTTPS) System IP package.cloudconnect.avalara.net Linux package updates
Outbound 443 (HTTPS) System IP avalara-cc-databaserecordupload.s3.amazonaws.com, avalara-cc-databaserecordupload.s3-us-west-2.amazonaws.com, avalara-cc-databaserecordupload.s3.us-west-2.amazonaws.com, avalara-cc-packages.s3.amazonaws.com, avalara-cc-packages.s3-us-west-2.amazonaws.com, avalara-cc-packages.s3.us-west-2.amazonaws.com, avalara-cc-vms.s3.amazonaws.com, avalara-cc-vms.s3-us-west-2.amazonaws.com, avalara-cc-vms.s3.us-west-2.amazonaws.com, s3-us-west-2-r-w.amazonaws.com Amazon S3
Outbound 443 (HTTPS) System IP edelivery.oracle.com download.oracle.com JRE Updates
Outbound 30001 (SSH) System IP ccarchive.avalara.net Virtual machine (VM) updates
Outbound 30001 (SSH), 443 (HTTPS) System IP images.cloudconnect.avalara.net Code and content updates

Load Balance Configuration

The recommended implementation is to setup a VIP with a load balancer in a least-connected configuration and use the following health checks to verify availability. It is important to add the endpoint https://avatax.cloudconnect.avalara.net:8084 with a lower weight such that traffic will be directed to the Avalara Cloud API if all CloudConnect systems are unavailable. For the CloudConnect health check below, use either option #1 or #2.
Service URL Type Return
CloudConnect health #1 http://SystemUrl:30009/calc GET { "Status": "OK" }
CloudConnect health #2 http://SystemUrl:30009/orangez/health.aspx GET { "Status": "OK" }
Cloud API health https://avatax.cloudconnect.avalara.net:8084/orangez/health.aspx GET { "Status": "OK" }

System Statistics

System information can be obtained through a system statistics API.
URL Type Return (Example Values)
http://SystemUrl:30009/system GET { "CPULoad" : "0.22474747474747475", "IOLoad" : "{Writes=5870410, ServiceTime=2.1537940727624463, ReadBytes=224253660160, WriteBytes=264978800640, Queue=0.30939469012845217, Reads=1892633}", "Swap" : "0.0051986077", "ConcurrentRequests" : "", SystemIsAvailable:"true", RedirectToCloud:"false" }

AvaTax Metrics

URL Method Authorization Query String
http://SystemUrl:30009/metrics GET Basic Authorization seconds (range from 1 to 86400). If missing, default is 60.
CURL example: curl -H "Authorization: Basic MTIzNDU2Nzg5OkdvUmVkU294Cg=="

See https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side for basic authorization.