Some of the technical content on this site is only available in English.

System requirements

Server configuration

ItemRequirement
Cameras per server150
(to provide a response time of 2 seconds or less for every user when access requests are made simultaneously by all Orion Devices. In this context "simultaneously" means within a 10 second window)
Network interfacesThere must be only a single network interface beginning with "en".
This is the default on our required OS below.
This must also be a wired connection.
CPUsMin. 3.6 GHz 16vCPU
(provides a response time of 2 seconds or less for each access request)
Memory32 GB
StorageMirrored SSD - 480 GB
We strongly recommend that physical storage is encrypted.
ArchitectureIntel/AMD x64
Operating systemUbuntu Server 24.04 LTS. This must be the minimized install option.
The install process hardens the server, installing and configuring a firewall and OS updates.
FirewallThe Orion Server requires the following inbound traffic to be allowed from the UCMe CU devices on the following ports:
UDP/123 - NTP
TCP/443 - HTTPS.

Network configuration

An Access Control Virtual LAN should be created to separate the Orion Devices from corporate and guest networks. This can be the same network used by other Salto network devices. The network subnet size is dictated by the number of Orion Devices on the network.

The network should be configured for no inbound or outbound traffic with the single exception of the Orion Server. The Orion server requires outbound traffic on the following ports:

  • 123 - to allow the Orion Server to synchronize time.
  • 443 - to enable access to Orion Enrolment Service, download software updates for the server and Orion Devices from Orion Connect and provide diagnostic and performance information.
  • 8883 - to enable MQTT connectivity with Orion Connect for system commissioning, monitoring and updates.

A DHCP server is required to allocate IP addresses to the Orion Devices, with a reserved IP address allocated to the Orion Server.

The Orion Server requires a DNS server. The Orion Devices, however, do not use DNS. Instead, they are provided with the IP address of the Orion Server during the commissioning phase. For this reason, the Orion Server IP must not change.

The Orion Server requires an NTP server to maintain its system clock.

ItemRequirement
VLANAn isolated (V)LAN is required for all cameras and locks.
Physical characteristicsCat 5e or Cat 6 network with Gigabit switches.
IP subnetMust be large enough to allocate addresses to all locks, camera units and servers/controllers
Must not be in the range:
172.31.255.0/24.
Outbound portsRestrict to:
123 - NTP
443 - HTTPS/TLS
8883 - MQTT/mTLS
Should also only permit Orion Servers to access outbound ports.
Orion Devices do not require access outside of the VLAN.
DHCPDHCP is required to provide IP addresses to UCMe devices.
The Orion Server must have a reserved IP address that can not change once UCMe devices have been commissioned.
DNSThe Orion Server requires access to DNS.

Salto Systems, S. L. uses third-party data storage and retrieval devices in order to allow secure browsing and gain a better understanding of how users interact with the website in order to improve our services. You can accept all cookies by clicking the "Accept cookies" button or reject their use by clicking the "Reject cookies" button. For more information, visit our Cookies Policy