Network Requirements

RetailNext operates two separate services: a global service based in the United States (denoted as Global Cloud Service) and a separate service operated entirely within China (denoted as China Cloud Service). This page details the comprehensive network requirements for these services.

For a quick reference guide to the Basic Network Requirements, click here.

Store Network		RetailNext Cloud Service

Store Network

RetailNext Cloud Service

Admin Access

Initial setup (HTTP): TCP 80 →

Discovery (mDNS): UDP 5353 →

Discovery (UPnP): TCP 1900 →

IP Cameras

Video (RTP/RTSP): TCP 554 ←, UDP →

Video (HTTP): TCP 80 ←

In-store Video Playback

Video (WebRTC) UDP 8443 →

Store Appliance

Cloud Service

Management: TCP 8278 →

Required Hosts (Global):

104.154.145.235

China: Static IP addresses are not used. Connections will be made to hosts with the retailnextchina.net domain.

Note: all devices require access to public DNS (TCP/UDP 53 →)

Admin Access

Initial setup (HTTP): TCP 80 →

Discovery (mDNS): UDP 5353 →

Discovery (UPnP): TCP 1900 →

Power

IEEE 802.3af PoE at 15.4W

Aurora

Cloud Service

Management: TCP 8278 →

Required Hosts (Global):

104.154.145.235

China: Static IP addresses are not used. Connections will be made to hosts with the retailnextchina.net domain.

Note: all devices require access to public DNS (TCP/UDP 53 →)

Admin Access

Initial setup (HTTP): TCP 80/443 →

Stereo Sensors

Cloud Service

Data delivery (HTTPS): TCP 443 →

Required Hosts (Global):

35.244.170.41 (*.camera.ops.retailnext.net)

NTP: UDP 123 →
Xovis mgmt.: TCP 80/443 → 34.102.240.84
Brickstream mgmt.: TCP 2375 → 35.239.184.87
Brickstream 3D Gen2 audit video (HTTPS): TCP 443 → *.brk-audit.ops.retailnext.net
Brickstream old models audit video (HTTPS) TCP 443 → *.legacy-brk-audit.ops.retailnext.net

China: these devices are not used

Note: all devices require access to public DNS (TCP/UDP 53 →)

Admin Access

Initial setup (HTTP): TCP 80/443 →

Open-Mesh Switches

Cloud Service

Management: TCP 80/443 →

Required Hosts (Global):

cloud-switch.cloudtrax.com
connkeeper.cloudtrax.com
files.cloudtrax.com
dev.cloudtrax.com
54.245.115.10
35.163.125.115
If allowed, wildcard *.cloudtrax.com is preferred

China: these devices are not used

Note: all devices require access to public DNS (TCP/UDP 53 →)

Admin Access

Initial setup (HTTP):

TCP 80/443 → https://portal.arubainstanton.com

Aruba Instant On Switches

Cloud Service

Onboarding URL used by non-configured Instant On device to reach the cloud: https://onboarding.portal.arubainstanton.com

Cloud Connect URL used by configured Instant On devices to send data to the cloud: https://iot.portal.arubainstanton.com

Software Upgrade URL is used by Instant On devices to get their firmware: https://downloads.portal.arubainstanton.com

Admin Access

Initial setup (HTTP):

TCP 80/443 → retailnext.unmsapp.com

Ubiquiti UniFi and UISP switches

Cloud Service

UISP devices: TCP 80/443 →

retailnext.unmsapp.com

UniFi devices: TCP 8883/8080/443 →

*.ui.com

China: these devices are not used

Note: all devices require access to public DNS (TCP/UDP 53 →) and NTP (TCP/UDP 123)

Aurora & Store Appliances

Outbound Access

During normal operation, Aurora sensors and RetailNext Store Appliances only require outbound network access from the store network to the cloud service on TCP port 8278. This connection can go through a NAT gateway. Access to public DNS is also required.

Refer to the diagram above for a list of IP addresses required by different in-store devices. Ensure that firewall rules based on source addresses apply to the entire DHCP scope.

On the store network, RetailNext Store Appliances also need to communicate with IP video cameras and encoders. Those devices are normally on the same IP network as the server, and the protocol required to retrieve video and other information varies from one device to another. RetailNext generally requires access from the Store Appliance to those devices using RTSP on TCP port 554 or HTTP on port 80. Older video devices may require the store appliance to accept RTP/UDP data on any port.

In the future, RetailNext may use other protocols to try to discover IP cameras.

Bandwidth Requirements

Aurora or a store appliance processing a single monocular video stream generates approximately this amount of average network activity to deliver track data to the cloud service:

Transmit: 15 kbit/s
Receive: 2 kbit/s

Inbound Access

During typical operation, no inbound network access is required to Aurora or Store Appliances.

However, both products offer an administrative web user interface that can be used for initial setup or to diagnose connectivity problems. Refer to the diagram above for the ports required to access this interface. RetailNext also offers autodiscovery capabilities using mDNS and UPnP.

RetailNext also offers the capability of streaming recorded video directly from the store appliance, which is implemented with WebRTC data channels. This allows users in the store to play back videos over the local network instead of the WAN connection.

As mentioned above, some older IP video devices may also require the store appliance to accept RTP/UDP data on any port.

Aurora & Store Appliance Network Summary

Service	Protocol	Port	Direction	Destination	Notes

Service	Protocol	Port	Direction	Destination	Notes
Sensor control and data delivery	Proprietary	TCP 8278	Outbound	RetailNext cloud service	Requires public DNS
Administrative interface	HTTP/HTTPS	TCP 80/443	Inbound	-
Video retrieval over RTSP	RTSP	TCP 554	Outbound	IP video cameras/encoders	Ports may vary by product
Video retrieval over HTTP	HTTP	TCP 80	Outbound	IP video cameras/encoders	Ports may vary by product
In-store video playback	WS over WebRTC	UDP 8443	Inbound	-
Legacy video retrieval	RTP	UDP high ports	Inbound	-
Discovery	UPnP	UDP 1900	Inbound	-
Discovery	mDNS	UDP 5353	Inbound	-

User Access & Data Integration

All connections for the China Cloud Service will be made to hosts with the retailnextchina.net domain.

End User Access	Protocol	Port	Direction	Destination (Global)	Notes

End User Access	Protocol	Port	Direction	Destination (Global)	Notes
Browser-based UI	HTTPS	TCP 443	👤 → ☁	*.cloud.retailnext.net	For load balancing, capacity expansion, and high availability, we do not have a static list of the IP addresses for these services. Customers will need to allow Internet access on 443.
Video playback	WS	TCP 443	👤 → ☁	*.cloud.retailnext.net
In-store video playback	WS over WebRTC Data Channel	UDP 8443	👤 → Store network	Store Appliance	Store appliance must have Internet access to communicate with the cloud to check user permissions, etc.
Email	Email	-	☁ → 👤	-	Reports, notifications, and user account management Customers will need to allow mail from `retailnext.net` delivered via `mg.retailnext.net`.
Mobile Application Push Notifications		TCP 443 or 5223	👤 → ☁	-
Data Integration	Protocol	Port	Direction	Destination	Notes
Query API	HTTPS	TCP 443	→ ☁	*.api.retailnext.net	For load balancing, capacity expansion, and high availability, we do not have a static list of the IP addresses for this service.
POS, staffing, store hours, and other file uploads	HTTPS SFTP	TCP 443 TCP 2022	→ ☁	*.upload.ops.retailnext.net sftp.ops.retailnext.net	HTTPS uploads are preferred over SFTP HTTPS: 35.244.192.136, 35.244.228.205 SFTP: 34.68.22.227, 35.244.228.100
Custom exports	HTTPS SFTP	TCP 443 TCP 2022	☁ → 👤	*.api.retailnext.net sftp.ops.retailnext.net	API (HTTPS) downloads are preferred over SFTP SFTP: 34.68.22.227, 35.244.228.100 See Custom Exports for more information.
Security events		TCP 443	→ ☁	*.security-events.ops.retailnext.net	35.244.170.41
Health monitoring alerts	Email	-	☁ →	-	Customers will need to allow mail from `retailnext.net` delivered via `mg.retailnext.net`.
POS Integration	Protocol	Port	Direction	Destination	Notes
Lightspeed, Vend, Shopify, Square	API	-	☁ → ☁	-	Requires OAuth setup