Establishing an LE-LEM Connection from Litmus Edge

a litmus edge (le) litmus edge manager (lem) connection is a persistent, secure channel between litmus edge and litmus edge manager it enables centralized remote management of the gateway, including activation, credential provisioning, and forwarding of metrics and events to litmus edge manager the connection uses two ports for establishment port 443/tcp for the initial activation handshake and port 51820/udp for the permanent bi directional remote access tunnel an optional third port (8883/tcp) supports ongoing mqtt data transmission after the connection is in place note for details on the litmus edge manager port customization for this connection, see establishing a litmus edge litmus edge manager connection from the litmus edge manager side docid 07fcvam4nft3dw1 5lwjf core components component role litmus edge the edge gateway initiates all connections outbound to litmus edge manager litmus edge manager the centralized management platform receives and approves connections port 443/tcp (https) initial activation channel port 51820/udp (remote access) permanent bidirectional management tunnel port 8883/tcp (mqtt ssl) ongoing metrics and event data transmission (optional) connection sequence the following steps describe how litmus edge initiates and establishes its connection with litmus edge manager from the litmus edge side, the key actions are entering the activation url and code (step 1) and confirming the permanent connection once it is established (step 7) litmus edge user enters activation url and activation code see step 2 create an activation request in litmus edge section of activate an edge device docid\ tdj648wjgatvqzyx79uwb for details litmus edge attempts to establish an initial connection with inbound port 443/tcp (https) of litmus edge manager litmus edge manager receives the connection at its inbound port 443/tcp (https) litmus edge sends an activation request that is received and approved by litmus edge manager see step 3 approve the activation request in litmus edge manager section of activate an edge device docid\ tdj648wjgatvqzyx79uwb for details litmus edge sends activation requests on port 443/tcp of litmus edge manager litmus edge manager user accepts the activation request in ui litmus edge manager responds to the activation request with litmus remote credentials litmus edge attempts to establish a permanent connection with inbound port 51820/udp (remote access) of litmus edge manager litmus edge manager receives the connection at inbound port 51820/udp (remote access) litmus edge confirms the permanent connection with litmus edge manager the permanent connection becomes a secure two way (bi directional) connection both litmus edge and litmus edge manager use litmus edge manager's inbound port 51820/udp (remote access) to communicate with each other port requirements litmus edge configure the following outbound ports on litmus edge open outbound port 443/tcp to reach litmus edge manager (activation) open outbound port 51820/udp to reach litmus edge manager (permanent connection) open outbound port 8883/tcp to reach litmus edge manager (mqtt data, if enabled) data transmission default mqtt ssl connector after a litmus edge litmus edge manager connection has been established, litmus edge manager can receive metrics docid\ xz4okukesfg7rdekrlhpu data or events docid\ qh9pncut g1k lz9p4 m3 data (enabling event forwarding is needed) from a litmus edge instance for litmus edge manager to receive the data, the litmus edge instance must enable its default generic mqtt ssl connector ( integration docid\ smmzyvhcv ehvv8rguyb7 ) once the connector is enabled, the litmus edge instance attempts to reach a connection at litmus edge manager's inbound port 8883/tcp note ports 443 and 51820 are required for establishing the initial connection port 8883 is used for ongoing data transmission once the connection is in place for additional details about each port, see firewall port configuration requirements docid\ njmokngqrerxh iznrngj limitations and considerations ports 443 and 51820 must be reachable outbound before activation can begin the connection cannot be established if either port is blocked the mqtt data channel (port 8883) is independent from the management connection and must be explicitly enabled via the default generic mqtt ssl connector litmus edge does not require any inbound ports for its management connection with litmus edge manager related topics activate an edge device docid\ tdj648wjgatvqzyx79uwb firewall port configuration requirements docid\ njmokngqrerxh iznrngj integration docid\ smmzyvhcv ehvv8rguyb7