Allowing your devices to talk to Apple – part 2

Like many schools we’ve installed Apple TVs into our classrooms. Like many schools we also have restrictions in place as to what types of traffic can reach the internet.

Setting the Date and Time

When we first started up our Apple TVs, they all hung at the first screen “Settting Date and Time”.

When an Apple TV first boots up, it looks for an NTP server to set its date and time. Rather than use a local NTP server if one is published, Apple TV tries to connect to time.apple.com.

time.apple.com resolves to an IP address in Apple’s 17.0.0.0/8 range so if access to this range is allowed, you shoud be fine. If not, check the ports which are allowed to access this range. On Apple’s support page at http://support.apple.com/kb/HT2463 they give the ports used by Apple TV;

  • TCP port 123 is used to communicate with a network time server.
  • TCP port 3689 is used to communicate with iTunes while using the iTunes Library Sharing feature.
  • UDP port 5353 is used by Apple TV for automatically finding computers with iTunes on your network using Bonjour.
  • TCP port 80 is used for communicating with podcast servers.
  • TCP port 80 and 443 are used for basic and secure communications with the iTunes Store via the Internet.
  • TCP port 53 is used for regular DNS.

Port 123 is the important port for the date and time setting to work.

An alternative way to solve this problem is to use an internal DNS server which the Apple TVs use, and on this DNS server setup a record for time.apple.com to resolve to your internal network time server. We setup this internal DNS server to be used only by Apple TVs, so the rest of our gear can still contact Apple.

Avoiding the Updates

From time to time Apple release software updates, but they tend to do this without warning. With the release of iOS7 we expect to see updates to Apple TV’s version of iOS as well. We’re a couple of weeks away from holidays, so we would prefer to apply these updates then, having tested on one unit first.

Our solution to be able to schedule these updates is similar to one of the solutions for setting the date and time. On an internal DNS server we added an A record for applednld.apple.com and gave it the IP address of 1.1.1.1. Now our Apple TVs can’t communicate with Apple’s update servers they won’t prompt users to install any updates. When we’re happy to apply the updates, we’ll update the internet DNS records to point to one of the real IP addresses used for the update.

Getting rid of the tiles

We only want our Apple TVs used as Airplay devices, they won’t be used for any of the native functions or channels on the device. A nice side effect we found of using an internal DNS server was that the only tiles which show are the Settings and Computer tiles. Much more elegant and less distracting for students and staff.

Advertisements

One thought on “Allowing your devices to talk to Apple – part 2

  1. Thank you, this post comes in very handy. We are using iPads behind a firewall with no outside access. We found out that when the iPad mini is not synced with the Apple time server, the clock tends to go faster. After a few months of no time sync, the time is off by 5 minutes. Hopefully, we can ask to have an exception put in the firewall for port 123 to time.apple.com

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s