Smart biometric clock (T2) network requirements
Summary
The Smart biometric clock (T2) clocking terminal is part of the Advanced Device and Access Manager product, which is a Software as a Service (SaaS) solution hosted on cloud infrastructure. Therefore, the Smart biometric clock (T2) must be able to connect to the cloud infrastructure to operate properly.
While the Smart biometric clock (T2) will continue to work while offline, a connection is required to pick up employee or configuration updates, and to send out clocking or enrolment data. Clocking data will not be received by the Time and Attendance application until the cloud connection is restored.
Network connection
The Smart biometric clock (T2) can be configured to use a standard Ethernet connection or a Wi-Fi connection (2.4GHz and/or 5GHz*). Whichever is chosen, the Smart biometric clock (T2) can be configured to use either a static IP address or pick up an IP address using DHCP.
If a MAC address is required to allow the device onto the local network, it can be displayed on-screen once the Smart biometric clock (T2) is installed by navigating to the network settings screens.
Optionally, a cellular router can be purchased to provide a network connection to the Smart biometric clock (T2), either over Ethernet or Wi-Fi.
*5GHz available on Smart biometric clock (T2) Version 2s only (those shipped in 2024 or later)
Firewall rules
If the Smart biometric clock (T2) can be granted outbound access to port 443 (HTTPS) then it will be able to communicate with the cloud services and operate. Outbound port 80 is also used for diagnostic logging (to Microsoft Application Insights) and connection testing, so opening it will help Advanced support connection issues.
If finer control is required, the URLs the device needs access to are listed below. Access should be granted to the wildcard addresses shown – the specific URLs are given as examples of current values, but are subject to change.
- *.mitrefinch.co.uk (AD&AM cloud services)
- account.mitrefinch.co.uk (identity provider)
- hardware.mitrefinch.co.uk (Access control hardware API)
- secure.mitrefinch.co.uk (Access control portal)
- secure-hardware-transactions.mitrefinch.co.uk (Access control transactions from terminal to portal)
- *.service.signalr.net (AD&AM push messaging)
- mitrefinch-terminal-prod-eu-1-terminal-hardware-signalr.service.signalr.net
- *.vo.msecnd.net (Application Insights logging)
- az416426.vo.msecnd.net
- *.blob.core.windows.net (Firmware upgrade file download)
- mfterminalprodeu1stor.blob.core.windows.net
NTP
If a Smart biometric clock (T2) terminal is running a firmware version lower than version 2.0.0, it will also require access to port 123 (NTP) and the following URLs:
- *.pool.ntp.org (NTP time servers)
- 0.pool.ntp.org
- 1.pool.ntp.org
- 2.pool.ntp.org
- 3.pool.ntp.org
All terminals shipped in 2024 will be on version 2.0.0 or later.
