Allowing your devices to talk to Apple – part 2

Like many schools we’ve installed Apple TVs into our classrooms. Like many schools we also have restrictions in place as to what types of traffic can reach the internet.

Setting the Date and Time

When we first started up our Apple TVs, they all hung at the first screen “Settting Date and Time”.

When an Apple TV first boots up, it looks for an NTP server to set its date and time. Rather than use a local NTP server if one is published, Apple TV tries to connect to time.apple.com.

time.apple.com resolves to an IP address in Apple’s 17.0.0.0/8 range so if access to this range is allowed, you shoud be fine. If not, check the ports which are allowed to access this range. On Apple’s support page at http://support.apple.com/kb/HT2463 they give the ports used by Apple TV;

  • TCP port 123 is used to communicate with a network time server.
  • TCP port 3689 is used to communicate with iTunes while using the iTunes Library Sharing feature.
  • UDP port 5353 is used by Apple TV for automatically finding computers with iTunes on your network using Bonjour.
  • TCP port 80 is used for communicating with podcast servers.
  • TCP port 80 and 443 are used for basic and secure communications with the iTunes Store via the Internet.
  • TCP port 53 is used for regular DNS.

Port 123 is the important port for the date and time setting to work.

An alternative way to solve this problem is to use an internal DNS server which the Apple TVs use, and on this DNS server setup a record for time.apple.com to resolve to your internal network time server. We setup this internal DNS server to be used only by Apple TVs, so the rest of our gear can still contact Apple.

Avoiding the Updates

From time to time Apple release software updates, but they tend to do this without warning. With the release of iOS7 we expect to see updates to Apple TV’s version of iOS as well. We’re a couple of weeks away from holidays, so we would prefer to apply these updates then, having tested on one unit first.

Our solution to be able to schedule these updates is similar to one of the solutions for setting the date and time. On an internal DNS server we added an A record for applednld.apple.com and gave it the IP address of 1.1.1.1. Now our Apple TVs can’t communicate with Apple’s update servers they won’t prompt users to install any updates. When we’re happy to apply the updates, we’ll update the internet DNS records to point to one of the real IP addresses used for the update.

Getting rid of the tiles

We only want our Apple TVs used as Airplay devices, they won’t be used for any of the native functions or channels on the device. A nice side effect we found of using an internal DNS server was that the only tiles which show are the Settings and Computer tiles. Much more elegant and less distracting for students and staff.

Advertisements