Networking, DNS & SSL

Estimated reading: 2 minutes

This section outlines the networking, DNS, and SSL/TLS requirements necessary for secure communication between Robility Flow components, external integrations, end users, and supporting infrastructure. Proper network configuration is essential to ensure secure access, reliable connectivity, and compliance with enterprise security standards.

DNS & TLS Configuration

1. FQDN: Register a fully qualified domain name for the platform, e.g. robilityflow.companyname.com, pointing to the Kubernetes Ingress controller or VM public IP.
2. TLS Certificate: A CA-issued wildcard or SAN certificate must be bound to the Ingress (Kubernetes) or NGINX (VM). Alternatively, configure Cert-Manager or Certbot with an ACME issuer.
3. TLS Version: TLS 1.2 minimum; TLS 1.3 recommended. Disable TLS 1.0 and 1.1.

Network Traffic Matrix (Kubernetes)

Configure cluster network policies and external firewall rules to permit the following traffic

Source	Destination	Port	Purpose
End-User Browsers	Ingress Controller	443 (HTTPS)	Secure access to the RobilityFlow Designer user interface and Runtime REST APIs.
Ingress Controller	Designer Pod	3000 (HTTP)	Internal Kubernetes cluster traffic between the ingress layer and the Designer service.
Ingress Controller	Runtime Pod	7860 (HTTP)	Internal Kubernetes cluster traffic between the ingress layer and the Runtime service.
Runtime Pod	PostgreSQL	5432	Database connectivity for workflow metadata, execution data, configuration, and audit records.
Runtime Pod	Redis	6379	Cache storage, session management, and publish/subscribe messaging.
Runtime Pod	Object Storage	443	Stores and retrieves workflow files, exports, documents, and execution artifacts.
Runtime Pod	License Server	443 (HTTPS)	Outbound connectivity for license validation, entitlement verification, and subscription checks. Refer to Section 8.
Runtime Pod	CDN / Registry	443 (HTTPS)	Retrieves container images, feature packages, updates, and platform dependencies.
Runtime Pod	External AI Providers	443 (HTTPS)	Optional outbound connectivity for Large Language Models (LLMs), AI inference APIs, and other AI-powered services.

Note

For VM deployments, refer to Section 3A.6 for the equivalent traffic matrix. The port assignments are identical; only the routing mechanism differs (Docker network vs Kubernetes NetworkPolicy).

Licensing

1. License activation is managed by Robility Manager.
2. License Scope: Licenses are scoped to the number of concurrent flow executions and connected user seats. Contact Sutherland Sales for capacity planning.

End-User Browser Requirements

The RobilityFlow Designer is a web application. Users require only a supported browser — no client software installation is needed.

1. Google Chrome – latest stable release
2. Microsoft Edge – latest stable release (Chromium-based)
3. Mozilla Firefox – latest stable release
4. Safari 16+ (macOS / iPadOS) – supported for read/monitor use cases

Internet Explorer is not supported. The Designer canvas requires WebSocket support and ES2020+ JavaScript features available in all modern evergreen browsers.

Networking, DNS & SSL

DNS & TLS Configuration

Network Traffic Matrix (Kubernetes)

Note

Licensing

End-User Browser Requirements

Networking, DNS & SSL

CONTENTS