Avalara CloudConnect

CloudConnect Setup Guide

Installation Recommendations

  1. The preferred implementation is at least two (2) CloudConnect systems for redundancy. Each unit should require only 1U of rack space. Each unit requires two (2) power outlets, each in separate PDU’s, and one (1) Ethernet port. Either Ethernet port may be used. The fifth port is for IPMI.
  2. If you need it to configure a VLAN the MAC address sticker is in the back on the underside of the Avalara CloudConnect appliance. It is also located on the shipping box.
  3. The preferred implementation is to place all CloudConnect systems in a Private DMZ. This DZ should allow inbound only from the customer’s network and outbound to the Internet. The systems are fully firewalled and only expose the AvaTax API and only communicate out to Avalara to get content, customer data and security updates. Avalara’s preference is that the system be on a private IP address.

Initial Setup

Once powered on, the LCD will display a booting message and then begin scrolling after approximately one minute. At this point the system is ready to be configured. The system defaults to DHCP. The address it acquires will be displayed on the LCD. To change to static IP address:

  1. Use the LCD up/down buttons to select “CHANGE IP” and confirm the selection by using the green checkmark button.
  2. The following information needs to be confirmed in order: STATIC/DHCP, IP ADDRESS, SUBNET, GATEWAY, DNS 1, DNS 2. Use the up/down buttons to change values and the left/right buttons to change the position. Use the green checkmark button to confirm selections and the red X button to cancel tasks.
  3. The system will set the IP address and should be available after a minute.
  4. Confirm the setup by pinging the system.
  5. If the system does not respond as expected, please select “RESET FIREWALL” on the LCD.

Note that each system will automatically have a unique DNS name in the form of CustomerNameUnitNumber.cloudconnect.avalara.net. This DNS entry is dynamic and updates any time the system IP changes. The unique name of your system can be found on the documentation included with the system.

Firewall Configuration

After confirming that all of the systems are online, please configure your firewall to allow the following communication with the system. This information is current as of 12/27/2016, and is subject to change.

Direction Port (Protocol) Source Destination Host/IP Purpose
Inbound 8080 (HTTP) Any System IP AvaTax API
Inbound 8084, 443 (HTTPS) Any System IP AvaTax API
Outbound 7(ICMP) System IP Ping
Outbound 53 (DNS) System IP, DNS lookup
Outbound 123 (NTP) System IP ntp.ubuntu.com Network time protocol
Inbound 30001 (SSH) Any System IP Customer SSH access
Inbound 30009 (HTTP) Any System IP AvaTax engine health
Outbound 443 (HTTPS) System IP avatax.avalara.net Synchronization of content and customer data
Outbound 443 (HTTPS) System IP api.logentries.com data.logentries.com Metrics collection
Outbound 443 (HTTPS) System IP center.cloudconnect.avalara.net System health reporting
Outbound 5671 (HTTPS) System IP c4.cloudconnect.avalara.net Messaging service bus
Outbound 443 (HTTPS) System IP package.cloudconnect.avalara.net Linux package updates
Outbound 443 (HTTPS) System IP s3-us-west-2.amazonaws.com s3.amazonaws.com avalara-cc-packages.s3-us-west-2.amazonaws.com avalara-cc-packages.s3.amazonaws.com Amazon S3
Outbound 80 (HTTP), 443 (HTTPS) System IP *.download.windowsupdate.com *.update.microsoft.com *.windowsupdate.com *.windowsupdate.microsoft.com download.microsoft.com ntservicepack.microsoft.com stats.microsoft.com windowsupdate.microsoft.com wustat.windows.com Windows Update service
Outbound 443 (HTTPS) System IP edelivery.oracle.com download.oracle.com JRE Updates
Outbound 30001 (SSH) System IP ccarchive.avalara.net Virtual machine (VM) updates

Load Balance Configuration

The recommended implementation is to setup a VIP with a load balancer in a round robin configuration and use the following health checks to verify availability of each unit on port 8084. Moreover, avatax.avalara.net should be configured as a lower priority endpoint such that traffic only fails over to the Avalara cloud if all CloudConnect systems are unavailable.

Service URL Type Return
AvaTax engine health http://SystemUrl:30009/calc GET { "Status": "OK" }

System Monitoring

Useful system information can be obtained through the health service API.

Service URL Type Return (Example Values)
Version information http://SystemUrl:30009/version GET { "CalcVersion": "","LinuxVersion": "3.19.0-80- generic", "HostVersion": "6.10.6198.18605", "VMVersions": "OS: 6.3.9600; VM: CalcVM- 17.2.3; AvaTax:; PL: 2016-12-06 09:27:08Z; MD:; MP: 1.2; GM: 1.10", "HardwareSerial": "12345" }
System analytics http://SystemUrl:30009/system GET { "CPULoad": "0.15", "IOLoad": "{Writes=3000,ServiceTime=0.54, ReadBytes=5000, WriteBytes=2000, Queue=0.06, Reads=1000}", "Swap": "0.0" }

Synchronization Window Configuration

By default, accounts are synchronized with the production AvaTax cloud every hour. This can be configured by issuing a POST to the /syncWindow endpoint with the window (in milliseconds). Similarly, the sync window can be retrieved by issuing a GET to the /syncWindow endpoint.

Service URL Type Data Response
Sync Window Setting http://SystemUrl:30009/syncWindow POST 3600000 3600000
Sync Window Retrieval http://SystemUrl:30009/syncWindow GET 3600000