Smart biometric clock (T2) network requirements

Louise Whalley Updated by Louise Whalley

Summary 

The Smart biometric clock (T2) clocking terminal is part of the Advanced Device and Access Manager product, which is a Software as a Service (SaaS) solution hosted on cloud infrastructure. Therefore, the Smart biometric clock (T2) must be able to connect to the cloud infrastructure to operate properly.  

While the Smart biometric clock (T2) will continue to work while offline, a connection is required to pick up employee or configuration updates, and to send out clocking or enrolment data. Clocking data will not be received by the Time and Attendance application until the cloud connection is restored. 

Network connection 

The Smart biometric clock (T2) can be configured to use a standard Ethernet connection or a Wi-Fi connection (2.4GHz and/or 5GHz*). Whichever is chosen, the Smart biometric clock (T2) can be configured to use either a static IP address or pick up an IP address using DHCP. 

If a MAC address is required to allow the device onto the local network, it can be displayed on-screen once the Smart biometric clock (T2) is installed by navigating to the network settings screens. 

Optionally, a cellular router can be purchased to provide a network connection to the Smart biometric clock (T2), either over Ethernet or Wi-Fi. 

*5GHz available on Smart biometric clock (T2) Version 2s only (those shipped in 2024 or later)

Firewall rules 

If the Smart biometric clock (T2) can be granted outbound access to port 443 (HTTPS) then it will be able to communicate with the cloud services and operate. Outbound port 80 is also used for diagnostic logging (to Microsoft Application Insights) and connection testing, so opening it will help Advanced support connection issues. 

If finer control is required, the URLs the device needs access to are listed below. Access should be granted to the wildcard addresses shown – the specific URLs are given as examples of current values, but are subject to change. 

  • *.mitrefinch.co.uk (AD&AM cloud services) 
    • account.mitrefinch.co.uk (identity provider) 
    • hardware.mitrefinch.co.uk (Access control hardware API) 
    • secure.mitrefinch.co.uk (Access control portal) 
    • secure-hardware-transactions.mitrefinch.co.uk (Access control transactions from terminal to portal) 
  • *.service.signalr.net (AD&AM push messaging) 
    • mitrefinch-terminal-prod-eu-1-terminal-hardware-signalr.service.signalr.net 
  • *.vo.msecnd.net (Application Insights logging) 
    • az416426.vo.msecnd.net 
  • *.blob.core.windows.net (Firmware upgrade file download) 
    • mfterminalprodeu1stor.blob.core.windows.net

NTP

If a Smart biometric clock (T2) terminal is running a firmware version lower than version 2.0.0, it will also require access to port 123 (NTP) and the following URLs:

  • *.pool.ntp.org (NTP time servers) 
    • 0.pool.ntp.org 
    • 1.pool.ntp.org 
    • 2.pool.ntp.org 
    • 3.pool.ntp.org 

All terminals shipped in 2024 will be on version 2.0.0 or later.

Power Options

Choose one option:

Network settings and hardware registration

The network will failover to the next live available network transport in the event of a failure. If you have Ethernet and Wi-Fi and the ethernet fails, the unit will automatically switch over to Wi-Fi.

Once booted the Smart Biometric Clock will ask you to select your preferred network connection and configure DHCP or a static IP address.

Adding a Smart Biometric Clock to your network

  1. The Smart Biometric Clock uses standard TCP/IP networking.
  2. Upon acquiring a static or DHCP IP address it will attempt to connect to the portal to identify itself. During normal operations it will make regular outbound connections to the Smart Biometric Clock management portal to check for updates and deliver operational status, clockings and alerts.
  3. Check for updates and deliver operational status, clockings and alerts. internet access and the following outbound ports are freely available.
  4. Ports required: 80, 443, 123
If your security policy mandates the use of third party client software, specialised certifications, domain login or any other type of enhanced security service, then device specific provision will need to be made, or the Smart Biometric Clock placed into a discrete VLAN or DMZ with access.
If your network security requires the hardware MAC address this can be found within the Settings page on the Smart Biometric Clock.

Smart Biometric Clock install pre-requisites Network connection

The Smart Biometric Clock must be provided with either a wired Ethernet connection, or a Wi-Fi connection, to a network that can provide it with access to the internet. Login details for the Wi-Fi will be required when connecting wirelessly

People Connect requirements

Minimum Microsoft SQL version

Database minimum requirement is SQL 2016 or above.

Open ports required

  • 443 (http requests)
  • 5671 (service bus requests)

Website access

Access to the following websites is required:

Time and Attendance version

The Time and Attendance version needs to be at least 8.36.4 to support people connect. This also requires .net 4.8 installed , one complete will need a server restart.

If needing user groups then version 8.38.2 is required.

Account Maintenance

Configuration maintained via the following website - https://account-maintenance.mitrefinch.co.uk/

Was this article useful?

Smart biometric clock (T2) Factsheet

Third-party proximity readers

Contact