Edgenuity Media Appliance - SSL Configuration Edgenuity Media

Edgenuity Media Appliance - SSL Configuration
Edgenuity Media Appliances now support Secure Sockets Layer (SSL) encryption to protect the media
content displayed in the Edgenuity application. In order to successfully set up this feature, you’ll need to
follow the steps below.
Before you start, please ensure that the following network and routing rules are in place on your network:
A) Your Media Appliance must be able to talk directly to mdm.edgenuity.com on TCP ports 80 and
443. Please do not place a web proxy or content filter in the route between your appliance and this
server (even one with all rules set to “allow”), as this will interfere with Appliance Monitoring, which is
an absolute requirement for SSL. Standard firewalls will not cause any problems.
B) Your Media Appliance must be able to establish SSH connections on port 22 to
mds.edgenuity.com and mdc.edgenuity.com.
C) Optionally, allow incoming SSH connections to your Media Appliance by forwarding TCP port 22
from an external IP address to your appliance. This is recommended, but there is no absolute
requirement to expose any services on your Appliance to the Internet. If you are not comfortable with
allowing this access now or at any point in the future, you can refuse.
Once you have verified the above configuration, continue with the SSL deployment steps:
1. Contact your Field Engineer to deploy the SSL update to your media appliance. Your Field
Engineer’s contact information can be found by visiting http://ipaddress where ipaddress is the IP
address of your existing Edgenuity media appliance. Scroll down the page until you find the Field
Engineering Map, which displays the U.S. broken down by region. Each region corresponds to a Field
Engineer in the key below the map. Depending on your network configuration, your Field Engineer
may ask you to make some modifications to your setup to allow SSL to function correctly.
2. Once step 1 is completed, your appliance will be ready to serve media content protected by SSL.
The next thing you’ll need to do is create a DNS entry for your media appliance on your local network.
To do this, open the tool you use to manage your internal DNS and add a new Forward Lookup Zone
named “appliance.edgenuity.com”.
IMPORTANT! DO NOT create a zone called “edgenuity.com” and then add a Host (A) record named
“appliance”. Doing this will break access to Edgenuity from your site. The DNS zone must be named
“appliance.edgenuity.com”.
After you’ve created the Forward Lookup Zone, create a Host (A) record in the zone named simply
“@” and configure the record to point to the IP address of your Media Appliance. If you have multiple
DNS servers, make sure the same record exists on all of them which answer DNS queries for users
who need to access Edgenuity. This will happen automatically in a Microsoft Active Directory
network as long as you configure the Zone to reside in AD and replicate to other servers in the forest
or the domain.
3. Coordinate step #2 with your Field Engineer so they can be available in case you need assistance.
As soon as Step #2 is complete, the Field Engineer will change the settings for your school on the
Edgenuity system so that users will be directed to your media appliance using the SSL protocol.

Download Report