Avalara CloudConnect
CloudConnect Setup Guide
Installation Recommendations
- The preferred implementation is at least two (2) CloudConnect systems for redundancy. Each unit should require only 1U of rack space. Each unit requires two (2) power outlets, each in separate PDU’s, and one (1) Ethernet port. Either Ethernet port may be used. The fifth port is for IPMI.
- If you need it to configure a VLAN the MAC address sticker is in the back on the underside of the Avalara CloudConnect appliance. It is also located on the shipping box.
- The preferred implementation is to place all CloudConnect systems in a Private DMZ. This DZ should allow inbound only from the customer’s network and outbound to the Internet. The systems are fully firewalled and only expose the AvaTax API and only communicate out to Avalara to get content, customer data and security updates. Avalara’s preference is that the system be on a private IP address.
Initial Setup
Once powered on, the LCD will display a booting message and then begin scrolling after approximately one minute. At this point the system is ready to be configured. The system defaults to DHCP. The address it acquires will be displayed on the LCD. To change to static IP address:
- Use the LCD up/down buttons to select “CHANGE IP” and confirm the selection by using the green checkmark button.
- The following information needs to be confirmed in order: STATIC/DHCP, IP ADDRESS, SUBNET, GATEWAY, DNS 1, DNS 2. Use the up/down buttons to change values and the left/right buttons to change the position. Use the green checkmark button to confirm selections and the red X button to cancel tasks.
- The system will set the IP address and should be available after a minute.
- Confirm the setup by pinging the system.
- If the system does not respond as expected, please select “RESET FIREWALL” on the LCD.
Note that each system will automatically have a unique DNS name in the form of CustomerNameUnitNumber.cloudconnect.avalara.net. This DNS entry is dynamic and updates any time the system IP changes. The unique name of your system can be found on the documentation included with the system.
Firewall Configuration
After confirming that all of the systems are online, please configure your firewall to allow the following communication with the system. This information is current as of 12/27/2016, and is subject to change.
| Direction | Port (Protocol) | Source | Destination Host/IP | Purpose |
|---|---|---|---|---|
| Inbound | 8080 (HTTP) | Any | System IP | AvaTax API |
| Inbound | 8084, 443 (HTTPS) | Any | System IP | AvaTax API |
| Outbound | 7(ICMP) | System IP | 8.8.8.8 | Ping |
| Outbound | 53 (DNS) | System IP | 8.8.8.8, 8.8.4.4 | DNS lookup |
| Outbound | 123 (NTP) | System IP | ntp.ubuntu.com | Network time protocol |
| Inbound | 30001 (SSH) | Any | System IP | Customer SSH access |
| Inbound | 30009 (HTTP) | Any | System IP | AvaTax engine health |
| Outbound | 443 (HTTPS) | System IP | avatax.avalara.net | Synchronization of content and customer data |
| Outbound | 443 (HTTPS) | System IP | api.logentries.com data.logentries.com | Metrics collection |
| Outbound | 443 (HTTPS) | System IP | center.cloudconnect.avalara.net | System health reporting |
| Outbound | 5671 (HTTPS) | System IP | c4.cloudconnect.avalara.net | Messaging service bus |
| Outbound | 443 (HTTPS) | System IP | package.cloudconnect.avalara.net | Linux package updates |
| Outbound | 443 (HTTPS) | System IP | s3-us-west-2.amazonaws.com s3.amazonaws.com avalara-cc-packages.s3-us-west-2.amazonaws.com avalara-cc-packages.s3.amazonaws.com | Amazon S3 |
| Outbound | 80 (HTTP), 443 (HTTPS) | System IP | *.download.windowsupdate.com *.update.microsoft.com *.windowsupdate.com *.windowsupdate.microsoft.com download.microsoft.com ntservicepack.microsoft.com stats.microsoft.com windowsupdate.microsoft.com wustat.windows.com | Windows Update service |
| Outbound | 443 (HTTPS) | System IP | edelivery.oracle.com download.oracle.com | JRE Updates |
| Outbound | 30001 (SSH) | System IP | ccarchive.avalara.net | Virtual machine (VM) updates |
Load Balance Configuration
The recommended implementation is to setup a VIP with a load balancer in a round robin configuration and use the following health checks to verify availability of each unit on port 8084. Moreover, avatax.avalara.net should be configured as a lower priority endpoint such that traffic only fails over to the Avalara cloud if all CloudConnect systems are unavailable.
| Service | URL | Type | Return |
|---|---|---|---|
| AvaTax engine health | http://SystemUrl:30009/calc | GET | { "Status": "OK" } |
System Monitoring
Useful system information can be obtained through the health service API.
| Service | URL | Type | Return (Example Values) |
|---|---|---|---|
| Version information | http://SystemUrl:30009/version | GET | { "CalcVersion": "16.12.0.10","LinuxVersion": "3.19.0-80- generic", "HostVersion": "6.10.6198.18605", "VMVersions": "OS: 6.3.9600; VM: CalcVM- 17.2.3; AvaTax: 16.12.0.10; PL: 2016-12-06 09:27:08Z; MD: 4.0.1.2777; MP: 1.2; GM: 1.10", "HardwareSerial": "12345" } |
| System analytics | http://SystemUrl:30009/system | GET | { "CPULoad": "0.15", "IOLoad": "{Writes=3000,ServiceTime=0.54, ReadBytes=5000, WriteBytes=2000, Queue=0.06, Reads=1000}", "Swap": "0.0" } |
Synchronization Window Configuration
By default, accounts are synchronized with the production AvaTax cloud every hour. This can be configured by issuing a POST to the /syncWindow endpoint with the window (in milliseconds). Similarly, the sync window can be retrieved by issuing a GET to the /syncWindow endpoint.
| Service | URL | Type | Data | Response |
|---|---|---|---|---|
| Sync Window Setting | http://SystemUrl:30009/syncWindow | POST | 3600000 | 3600000 |
| Sync Window Retrieval | http://SystemUrl:30009/syncWindow | GET | 3600000 |