Integration and connection of TELSCOPE to Ships IT-Infrastructure shall be done in cooperation with and be approved by the ship owners IT-department securing that the Installation complies to IT and Cyber Rules and recommendations.
TELSCOPE can work as a "Single Setup" with one TELSCOPE server or "Dual Setup" with two TELSCOPE servers for certain specific requirements and solutions with connections to shore.
TELSCOPE communicates with a cloud based shore system through an encrypted VPN connection. It exchanges data and receives TELSCOPE and operating system updates.
The relevant IP addresses of the shore system are mentioned below.
The ship's network administrator must be aware of the installation and will usually have to add some firewall rules to allow TELSCOPE to connect to shore and make it available on the ship's network.
Accessing TELSCOPE onboard
TELSCOPE is a web application and needs to be accessible for the users onboard.
TELSCOPE is available through a URL on the form https://[IMO number].telscope.online. For smaller ships without IMO number, the URL will be on the form https://[call sign].telscope.online.
Telko automatically deploys HTTPS certificates in order to encrypt the communication between the servers and the clients.
Telko will add DNS records for this domain pointing to the local IP addresses of TELSCOPE's server. The DNS service on board needs to resolve this domain correctly. If public DNS is not available on the ship's network or DNS names resolving to private IP address are blocked, it's the ship's network administrators responsibility to add the DNS name to a local DNS server. In that case, the domain should point to the IP of the server that was registered with the ship's IMO number first during installation on board (server's on-screen setup wizard). We refer to this server as the primary server and it's indicated on the overview page
Outbound firewall requirements
In case where there is any restrictions on outbound network traffic, TELSCOPE
requires outbound access to the following IPs:
We do not recommend restricting traffic to these IPs by port or protocol as
these are subject to change (with due notice) and there should not be any real
security benefit to further restriction.
In the case where it is strictly required to further limit outbound access, the
port range currently in use by TELSCOPE is TCP and UDP port 820-830. In
addition, we recommend allowing ICMP traffic as it's helpful in diagnosing any