What Services are Open on the LightRules Appliance?
There are two Network Interface Cards (NICs) configured on the LRA. One NIC is configured to work with the lighting network, and the other is configured to connect to the enterprise network. The Dynamic Host Configuration Protocol (DHCP) is only configured on the NIC connecting to the lighting network. It is used to assign IP addresses to the gateways, and LightRules utilizes this addressing scheme to disseminate control signals throughout the lighting network. Always, a standard lighting network installation will be a separate subnet from the enterprise network to prevent any possibility that the gateways and switches are reachable via the enterprise network.
The other NIC is connected to your enterprise network and has secure shell (SSH) and HTTP open. Secure Shell is used for remote administration, and HTTP (inbound traffic only) is left open to allow people to use the LightRules web application from other points on the enterprise network—it allows you to take the power of LightRules beyond the telecommunications closet. Optionally, HTTPS (Port 443) can be enabled and HTTP (Port 80) disabled for secure access on the enterprise network.
The LRA comes labeled to show which NIC connects to the lighting network, and which one connects to the enterprise network.
