Koji network constraints

Owned by Danil Chernovalov (Unlicensed)
Last updated: Aug 22, 2022
2 min read

A few things to know about the connection between the Koji app, Data Center, and Koji server.

 

Internet connection

Koji app can be installed in a Data Center instances. The app is not a stand-alone solution, it acts as a mediator between Data Center and a Koji server. Koji connects to the Koji server and sends all the requests to it. Thus, the processing takes place on the host. Depending on the host, there can be 2 scenarios where Koji needs or does not need the Internet connection for work.

Using Konverso SaaS Koji host

The main host for Koji-related requests is http://kjira.konverso.ai. By default the Koji app uses this host, so it is essential that the network where your Data Center is deployed has Internet access.

If the connection is lost, the requests to http://kjira.konverso.ai are not sent, which means that the virtual assistant's system cannot work.

Using your own Koji host on prem

If you are using your own Koji server instead of the http://kjira.konverso.ai host, and your Data Center are in the same subnetwork, they do not need Internet for connection.

Please, contact us to learn more about the on-premise installation.

To learn more about dedicated Koji instance, see this documentation.

Below is the diagram representing the network flows for an on premi Koji, and the associated firewall rules to be configured:

Deployments matrix

The following table summarizes available options and associated networking requirements depending on the setup of your Atlassian Data Center and selected Koji deployment model.

DataCenter

Koji standard

Koji dedicated

on Cloud

Koji dedicated

on Prem

DataCenter

Koji standard

Koji dedicated

on Cloud

Koji dedicated

on Prem

DataCenter on prem

On company network:

  • Requires Firewall inbound port open to DataCenter

  • Requires Outbound port open to Koji

Nothing required if both hosts are on the same subnet

DataCenter on Cloud

(Azure, AWS, etc.)

Requires Firewall inbound port open to DataCenter

Required inbound and outbout Firewall rules defined in company network

Content Security Policy

Content Security Policy is a set of rules that define what your browser can and cannot load for a given web page. These rules help to avoid fraudulent scripts and improve security in general. As the Koji administrator view is displayed inside the administrator view of Data Center, and the widget is displayed on a portal, it is required to update your Content Security Policy.

If you have Content Security Policy defined for your Data Center, add the Koji host name in script-src CSP directive:

script-src kjira.konverso.ai

HTTPS

Using HTTPS for your Data Center is optional. Basically, it depends on the security policies of your organization. Konverso is using HTTPS for Koji to protect customer data. Thus, after installing Koji, you need to enable only the 443 HTTPS port, as we make only REST requests to the datacenter.