Xyte Proxy Architecture

Overview

The Xyte’s security architecture is built around requiring the least possible network actors and open port requirements.

All communication is always initiated by devices within organizations and no incoming connections are ever required to be allowed.

Device to cloud communication is supported in two methods: “Standard” and “Proxy” as described below.

The Xyte’s servers are hosted on AWS and uses Google’s APIs for Maps, location resolution, fonts and other similar services.

Xyte is fully SOC2 compliant and continuously undergoes security checks, both in the code and operational environment.

Standard device to cloud communication

Devices initiate periodic connections to the Xyte hub servers to send status updates and receive back notifications on pending commands, licenses, configuration changes, etc.

The communication is always from the in-network devices out to Xyte servers only. This method of communication requires the organization to allow devices to be able to access Xyte's servers over standard HTTPS or MQTT ports.

Standard Proxy

Devices communicate with Xyte via an on-premise Proxy service.

All communication within the network is routed through the Proxy service the Xyte Servers on the internet.

This method requires:

1. Devices that support standard Proxy services.

2. A proxy service that is configured to reach Xyte's servers.

3. Configuring the devices with the proxy's settings.

Architecture - Device & Proxy Topology

Required outgoing connections

Device (or Proxy) to Cloud

Allow devices to register and send telemetries

Desktop to Cloud

Access to Xyte monitoring platform