Skip to main content

1E 23.11 (SaaS)

Network requirements

The correct choice of name for your SaaS instance is perhaps the most fundamental decision you will make.


Due to restrictions in Azure the name for your new instance cannot start with a number. The actual pattern definition used for names is:


You must ensure the firewalls on your client, servers, and network are configured correctly, and your Internet connections are whitelisted.

Firewall Ports

In addition to but not included are various ports used to communicate with Microsoft services, including Certificate Services and Identity Provider (IdP).

If Content Distribution module is being used by 1E Client on Windows computers, it has additional port requirements of its own.

Additional outgoing ports may need to be opened on clients if instructions need to connect to non-platform content sources.

Whitelisting connections to 1E Cloud

The simplest method is to whitelist *

The following sections briefly describe 1E features which connect to the 1E Cloud.

For guidance on whitelisting and configuring Internet Explorer proxy settings, please refer to Preparation.

1E Analytics URL

Ensure the following URL are whitelisted for clients:





Or simply * or *

Downloading client content and Content Distribution integration

1E Client downloads content from the 1E Background Channel. Content is mainly scripts and other files required by instructions. It also includes client resources such as extensible modules, providers, and other dependencies to maintain the 1E Client. In most cases, client resources are version controlled to prevent repeated downloads. 1E instructions always request a download even if they have run an instruction before, unless the content for that instruction has been cached in memory.

You may need to consider the impact on the network if there is a large amount of content included in an instruction. This is more of an operational consideration instead of a design consideration.

Content Distribution is an optionally licensed component of the 1E Client. It makes software deployment, patching and downloading content more efficient and reduces the impact on the network. It removes the need for remote Distribution Point servers in Microsoft System Center Configuration Manager systems. When Content Distribution is installed on computers, it automatically elects a peer to download content from a server over the WAN and then peer-shares the content with other PCs at the same location. The downloaded content is cached locally on each PC in case it is needed again.

1E can optionally use Content Distribution to download content from servers irrespective of whether Content Distribution is integrated with Configuration Manager or not, and also uses advanced Content Distribution features.

1E client integration with Content Distribution disabled

If Content Distribution integration is not used, the following apply:

  • 1E platform client waits a randomized stagger period defined by its DefaultStaggerRangeSeconds setting, and then downloads content from the specified Background Channel.1E client settings

  • 1E platform client retains modules and extensibles that it has downloaded, but does not retain instruction scripts after they have been run. Any instruction that requires a script or other file will download the latest version each time the instruction is run.

1E Client integration with Content Distributionenabled

Content Distribution integration is available on Windows PC devices and is enabled by default, but can be disabled during installation of the 1E Client.

With the Content Distribution integration feature enabled, 1E Client will detect if a supported version of Content Distribution is running on the device.

  • 1E Client immediately requests Content Distribution to download content from the specified HTTP source, such as the Background Channel. Content Distribution behaves in the same way as it does with Configuration Manager by ensuring the latest version of content is obtained and electing a master to perform the actual download.

  • Content Distribution maintains its own cache of downloaded content which avoids the need for repeat downloads over the WAN, and provides content to peers that require the same resources which avoids peer devices having to download over the WAN.

  • If the Content Distribution integration feature is enabled, and requested content is not provided within the timeout period, the 1E Client will fall back to downloading directly from the HTTP source. The most likely reason for a timeout is if Content Distribution is busy downloading other content.

To use Content Distribution, there is no special configuration of 1E Servers unless you want to use server-based features provided by the Content Distribution and Content Distribution, which requires the reverse proxy feature to be configured on Background Channels.

The Background Channel is a web application on the 1E Server which uses HTTPS and default port is 443. The URL for the Background Channel is defined in the 1E Client configuration file and is specified during installation of the 1E Client if 1E features are enabled. The 1E Client passes this URL to Content Distribution when it requests content to be downloaded. Instructions can also specify other HTTP sources.

Content Distribution does not need to be configured to use certificates in order to communicate with the Background Channel (the Content Distribution CertIssuer and CertSubject settings are used only with Configuration Manager Distribution Points that are configured to validate device certificates).

The Nomad Single-Site Download (SSD) feature, which uses Content Distribution, further reduces the impact of downloading content over the WAN.