# Agent-Based On-Premises Deployment

##

## On-Premises-Based Deployment Network Permissions

<table><thead><tr><th>From</th><th width="297.07989501953125">To</th><th>Port</th><th>Purpose</th></tr></thead><tbody><tr><td>Portal Server</td><td><p>https://gitlab.com/jwt/auth</p><p>https://registry.gitlab.com
<br>registry.npmjs.org
<br>*.cloudcyte.com</p><p>https://download.cloudcyte.com</p><p>https://clapi.cloudcyte.com</p><p>https://registry.cloudcyte.com
</p><p>*.docker.com</p><p>https://www.docker.com
<br>*.docker.io</p><p>https://docker.io
<br>*.rancher.io</p><p>https://rancher.io
<br>*.rancher.com</p><p>https://www.rancher.com</p><p>*.k3s.io</p><p>*.rke2.io</p><p>https://get.rke2.io
<br>timestamp.sectigo.com
<br>http://archive.ubuntu.com/ubuntu/
<br>http://security.ubuntu.com/ubuntu/
<br>https://cdn.registry.gitlab-static.net<br>https://repo.cloudcyte.com/</p></td><td>TCP 443</td><td>Installation, Configuration and Management</td></tr><tr><td>Portal Server</td><td><p>*.sendgrid.com</p><p>https://sendgrid.com</p><p>*.twilio.com<br>https://www.twilio.com</p></td><td>TCP 443</td><td>MFA, Notifications and Reporting</td></tr><tr><td>Portal Server</td><td>*.virustotal.com<br>https://www.virustotal.com</td><td>TCP 443</td><td>Threat Intelligence</td></tr><tr><td>Portal Server</td><td><p>login.microsoftonline.com</p><p>vault.azure.net</p></td><td>TCP 443</td><td>Digital Signing</td></tr><tr><td>Portal Server</td><td>Broker Server</td><td>TCP 9200,5601,5432,8443,443 ICMP</td><td>Data Ingestion and analysis.</td></tr><tr><td>Broker Server</td><td>Portal Server</td><td>TCP 443 ICMP</td><td>Broker to server communication.</td></tr><tr><td>Client &#x26; Server Devices</td><td>Portal Server</td><td>TCP 443</td><td>The Agent should communicate Portal server directly if Agent installed on User devices</td></tr><tr><td>Client &#x26; Server Devices</td><td><p>https://api.ipify.org https://*.cloudcyte.com<br>https://download.cloudcyte.com</p><p>https://clapi.cloudcyte.com</p><p>https://registry.cloudcyte.com</p></td><td>TCP 443</td><td>To get Public IP of Agent installed machine and update the agent automatically.</td></tr><tr><td>Management Machine (The machine for accessing the portal erver)</td><td>Portal &#x26; Broker Server &#x26; Database Server</td><td>TCP 443, 8443, 9200, 5601, 32001, 8344, 5432, 9090, 5432 ICMP</td><td>For access and troubleshooting when needed.</td></tr><tr><td>Portal Server</td><td>Database Server</td><td>TCP 5432, 9090</td><td>For access to database server from portal server.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/pre-requirements-and-initialization-of-the-platform/access-and-exlusion-requirements/agent-based-on-premises-deployment.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.