PLT Connectivity

PLTs rely on secured connectivity with the PLTcloud cloud backend, used for:

  • Receiving firmware, test plans from PLTcloud

  • Executing webhooks during tests execution

  • Sending test reports to PLTcloud

All communication between the PLT and AWS endpoints is encrypted with TLS, with authentication based on a private key securely managed by a hardware-based cryptographic element that prevents key extraction.

References

Network Requirements

The Ethernet port of the PLT should be connected to a network with (outbound) Internet access.

Firewall Settings

TCP (outbound) and UDP traffic should be allowed to these AWS API endpoints:

Service

Endpoint

Ports

PLTcloud

*.pltcloud.com

443

AWS IoT

a347l7e88enrtv-ats.iot.us-west-2.amazonaws.com

80, 443, 8883

AWS S3

s3.us-west-2.amazonaws.com

80, 443

AWS S3

plt-asset-production.s3.us-west-2.amazonaws.com

80, 443

Note

Ports 80 and 8883 are not actively used, but may be accessed in error handling of failed AWS IoT or S3 interactions.

NTP

UDP NTP traffic (port 123) should be allowed for these NTP Time servers:

Service

Protocol

NTP Time server

Port

NTP

UDP

0.pool.ntp.org

123

NTP

UDP

1.pool.ntp.org

123

NTP

UDP

2.pool.ntp.org

123

NTP

UDP

3.pool.ntp.org

123

NTP

UDP

0.cn.pool.ntp.org

123

NTP

UDP

1.cn.pool.ntp.org

123

NTP

UDP

2.cn.pool.ntp.org

123

NTP

UDP

3.cn.pool.ntp.org

123

DHCP NTP Config

In enterprise environments with restricted outbound access, access to the default NTP servers may be blocked by perimeter firewalls or proxies.

Use DHCP option 42 to deliver internal NTP server IPs to PLT devices. This is supported by all major DHCP servers (Cisco IOS DHCP, Windows Server, ISC DHCP, dnsmasq, etc.).

References

Cisco IOS DHCP Server

For Cisco routers or switches acting as DHCP servers:

ip dhcp pool PLT-NETWORK
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 192.168.100.53
netbios-name-server 192.168.100.54
option 42 ip 192.168.100.10 192.168.100.11

Replace 192.168.100.10 and 192.168.100.11 with your approved internal NTP server IPs.

Windows Server DHCP
  1. Open DHCP Manager.

  2. Navigate to your scope > Scope Options.

  3. Click Action > Configure Options.

  4. Enable Option 004 Time Server.

  5. Enter the IP addresses of your corporate NTP servers (comma-separated).

ISC DHCP (Linux)

Edit /etc/dhcp/dhcpd.conf:

subnet 192.168.100.0 netmask 255.255.255.0 {
  option routers 192.168.100.1;
  option domain-name-servers 192.168.100.53;
  option ntp-servers 192.168.100.10, 192.168.100.11;
}
dnsmasq

Edit /etc/dnsmasq.conf:

dhcp-option=42,192.168.100.10

Optional: Deploy a Local NTP Relay

If a dedicated NTP server is not available, consider deploying one internally (e.g., chronyd or ntpd on Linux) and sync it to a trusted corporate time source or GPS device.

DNS

The DNS server specified by the DHCP server should be able to resolve:

  • *.pltcloud.com

  • *.amazonaws.com

  • *.ntp.org

Service

Protocol

Ports

DNS

UDP, TCP (used for larger responses)

53