Ecosystem
Contents
- FQDNs
- Restricting network access
- Restricting access to a Flow Production Tracking site
- IP Addresses for Webhooks
Flow Production Tracking is a cloud platform composed of many services. All of these services need to be accessible to users for Flow Production Tracking to be fully functional.
FQDNs
Here is an overview of the different fully qualified domain names (FQDN) that are part of the Flow Production Tracking cloud platform.
Flow Production Tracking. The Flow Production Tracking service itself.
AWS S3. All your media and attachments are stored on Amazon Simple Storage Service (AWS S3). To read more about where your media is saved, please see Selecting a storage location for uploaded files overview.
AWS S3 Accelerated. High-end accelerated endpoints for S3. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations.
Toolkit App Store. You must have access to the Toolkit App Store for users to be able to update Desktop and Toolkit.
Autodesk Identity. The service used to authenticate users with Flow Production Tracking web services and desktop software.
Autodesk Subscription Licensing. The service used for Flow Production Tracking licensing.
Analytics. Amplitude and Dynatrace are instrumentation tools and provides anonymous analytics.
| Service | FQDN |
|---|---|
| Flow Production Tracking | <mysite>.shotgrid.autodesk.com <mysite>.shotgunstudio.com launchdarkly.shotgrid.autodesk.com |
| Flow Production Tracking Create | sg-software.ems.autodesk.com sg-sec.s3-accelerate.amazonaws.com |
| Flow Production Tracking RV | sg-software.ems.autodesk.com |
| AWS S3 | sg-media-usor-01.s3.amazonaws.com sg-media-tokyo.s3.amazonaws.com sg-media-ireland.s3.amazonaws.com sg-media-saopaulo.s3.amazonaws.com sg-media-mumbai.s3.amazonaws.com sg-media-sydney.s3.amazonaws.com |
| AWS S3 accelerated | sg-media-usor-01.s3-accelerate.amazonaws.com sg-media-tokyo.s3-accelerate.amazonaws.com sg-media-ireland.s3-accelerate.amazonaws.com sg-media-saopaulo.s3-accelerate.amazonaws.com sg-media-mumbai.s3-accelerate.amazonaws.com sg-media-sydney.s3-accelerate.amazonaws.com |
| Toolkit App Store | tank.shotgunstudio.com s3-proxy.shotgrid.autodesk.com s3-proxy.shotgunstudio.com |
| Analytics | api.amplitude.com *.dynatrace.com |
| Autodesk Identity | Please refer to this article for the list of required FQDNs |
| Autodesk Subscription Licensing | Please refer to this article for the list of required FQDNs |
All services communicate on port tcp/443 (HTTPS)
Restricting network access
Many studios restrict their users network access. Because Flow Production Tracking is a service composed of multiple endpoints, restricting network access while allowing Flow Production Tracking to be functional can be a challenge. Different approaches can be used, each with their pros and cons.
Firewall. Your studio may already use a network appliance capable restricting network access. For Flow Production Tracking to work, the FQDNs will have to be granted access by your studio's network administrators. The table above will help them put the required exceptions in place.
Proxy. See Setting up a proxy server for Flow Production Tracking for more details. This may be a good option if your firewall is not capable of performing the necessary Layer 7 filtering.
Restricting access to a Flow Production Tracking site
Another way to increase the security around your Flow Production Tracking site is to allow only IPs from your studio to connect to your Flow Production Tracking site. See IP allowed listings for more details on this technique.
IP Addresses for Webhooks
For Webhooks, Flow Production Tracking sends HTTPS requests to an external server owned and managed by clients. When setting up your network to allow IPs—often configured and maintained by your IT team—you may want to restrict which IP addresses it will accept requests from (e.g. limit to requests coming from Flow Production Tracking). Learn more about IP Addresses for Webhooks here.