Avalara CloudConnect
CloudConnect Setup Guide
Installation Recommendations
1.The preferred implementation is at least two (2) CloudConnect systems for redundancy. Each unit should require only 1U of rack space. Each unit requires two (2) power outlets, each in separate PDU’s, and one (1) Ethernet port. The four (4) Ethernet ports are bonded by default and either may be used. The fifth port is for IPMI.
- The preferred implementation is to place all CloudConnect systems in a Private DMZ. This DMZ should allow inbound only from the customer’s network and outbound to the Internet. The systems are fully firewalled and only expose the AvaTax API and only communicates out to Avalara to get content, customer data and security updates. Avalara’s preference is that the system uses a private IP address.
Initial Setup
Once powered on, the LCD will display a booting message and then begin scrolling after approximately one minute. At this point the system is ready to be configured.
The system defaults to DHCP. The address it acquires will be displayed on the LCD. To change to static IP address:
1. Use the LCD up/down buttons to select “CHANGE IP” and confirm the selection by using the green checkmark button.
2. Choose the adapter “bond0” by using the up/down buttons and confirm the selection by using the green checkmark button.
3. The following information needs to be confirmed in order: STATIC/DHCP, IP ADDRESS, SUBNET, GATEWAY, DNS 1, DNS 2. Use the up/down buttons to change values and the left/right buttons to change the position. Use the green checkmark button to confirm selections and the red X button to cancel tasks.
4. The system will set the IP address and should be available after a minute.
Firewall Configuration
After confirming that all of the systems are online, please configure your firewall to allow the following communication with the system. This information is current as of 04//09/2019 and is subject to change.| Direction | Port (Protocol) | Source | Destination Host/IP | Purpose |
|---|---|---|---|---|
| Inbound | 8080 (HTTP) | Any | System IP | AvaTax API |
| Inbound | 8084, 443 (HTTPS) | Any | System IP | AvaTax API |
| Outbound | 7(ICMP) | System IP | 8.8.8.8 | Ping |
| Outbound | 53 (DNS) | System IP | 8.8.8.8, 8.8.4.4 | DNS lookup |
| Outbound | 123 (NTP) | System IP | ntp.ubuntu.com | Network time protocol |
| Inbound | 30001 (SSH) | Any | System IP | Customer SSH access |
| Outbound | 30001 (SSH) | Any | tunnel.cloudconnect.avalara.net | Remote Administration |
| Inbound | 30009 (HTTP) | Any | System IP | AvaTax engine health |
| Outbound | 443 (HTTPS) | System IP | avatax.avalara.net | Synchronization of content and customer data |
| Outbound | 8084 (HTTPS) | System IP | avatax.cloudconnect.avalara.net | Synchronization of content and customer data |
| Outbound | 443 (HTTPS) | System IP | ingest.signalfx.com, hooks.slack.com, slack.com, api.opsgenie.com, collectors.sumologic.com, collectors.us2.sumologic.com, endpoint1.collection.us2.sumologic.com, endpoint2.collection.us2.sumologic.com, endpoint3.collection.us2.sumologic.com | Metrics collection |
| Outbound | 5671 (HTTPS) | System IP | c4.cloudconnect.avalara.net | Messaging service bus |
| Outbound | 443 (HTTPS) | System IP | package.cloudconnect.avalara.net | Linux package updates |
| Outbound | 443 (HTTPS) | System IP | avalara-cc-databaserecordupload.s3.amazonaws.com, avalara-cc-databaserecordupload.s3-us-west-2.amazonaws.com, avalara-cc-databaserecordupload.s3.us-west-2.amazonaws.com, avalara-cc-packages.s3.amazonaws.com, avalara-cc-packages.s3-us-west-2.amazonaws.com, avalara-cc-packages.s3.us-west-2.amazonaws.com, avalara-cc-vms.s3.amazonaws.com, avalara-cc-vms.s3-us-west-2.amazonaws.com, avalara-cc-vms.s3.us-west-2.amazonaws.com, s3-us-west-2-r-w.amazonaws.com | Amazon S3 |
| Outbound | 443 (HTTPS) | System IP | edelivery.oracle.com download.oracle.com | JRE Updates |
| Outbound | 30001 (SSH) | System IP | ccarchive.avalara.net | Virtual machine (VM) updates |
| Outbound | 30001 (SSH), 443 (HTTPS) | System IP | images.cloudconnect.avalara.net | Code and content updates |
Load Balance Configuration
The recommended implementation is to setup a VIP with a load balancer in a least-connected configuration and use the following health checks to verify availability. It is important to add the endpoint https://avatax.cloudconnect.avalara.net:8084 with a lower weight such that traffic will be directed to the Avalara Cloud API if all CloudConnect systems are unavailable. For the CloudConnect health check below, use either option #1 or #2.| Service | URL | Type | Return |
|---|---|---|---|
| CloudConnect health #1 | http://SystemUrl:30009/calc | GET | { "Status": "OK" } |
| CloudConnect health #2 | http://SystemUrl:30009/orangez/health.aspx | GET | { "Status": "OK" } |
| Cloud API health | https://avatax.cloudconnect.avalara.net:8084/orangez/health.aspx | GET | { "Status": "OK" } |
System Statistics
System information can be obtained through a system statistics API.| URL | Type | Return (Example Values) |
|---|---|---|
| http://SystemUrl:30009/system | GET | { "CPULoad" : "0.22474747474747475", "IOLoad" : "{Writes=5870410, ServiceTime=2.1537940727624463, ReadBytes=224253660160, WriteBytes=264978800640, Queue=0.30939469012845217, Reads=1892633}", "Swap" : "0.0051986077", "ConcurrentRequests" : "", SystemIsAvailable:"true", RedirectToCloud:"false" } |
AvaTax Metrics
| URL | Method | Authorization | Query String |
|---|---|---|---|
| http://SystemUrl:30009/metrics | GET | Basic Authorization | seconds (range from 1 to 86400). If missing, default is 60. |
CURL example: curl http://10.20.30.40:30009/metrics?seconds=60 -H "Authorization: Basic MTIzNDU2Nzg5OkdvUmVkU294Cg=="
See https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side for basic authorization.