Kisi system architecture
Kisi is hosted on the Google Cloud Platform, has regional failovers in place, hot standby databases with high availability setups, and web firewalls to ensure security for our customers and users. Detailed architecture diagrams can be shared with customers under NDA upon approval by our compliance team.
Please let your account manager know or contact Kisi Support.
1. IoT Cloud (local & cloud)
2. DNS resolution paths
3. Client apps → API & third‑party clouds
4. Physical credentials → IoT edge
5. Checklist
Hardware connectivity overview
| Device | Wired uplink | Wireless uplink | Speed | Notes |
|---|---|---|---|---|
| Kisi Reader Pro 1, 2 | PoE (10/100 Mbps) | Wifi 2.4 GHz / 5 GHz on older revisions only | 10 / 100 Mbps | Makes outbound‑only connections to cloud |
| Kisi Controller Pro 1, 2 | Ethernet (10/100 Mbps) | Wifi 2.4 GHz / 5 GHz on older revisions only | 10 / 100 Mbps | Makes outbound‑only connections to cloud |
Firewall & port requirements
info
Kisi controllers/readers present self‑signed, firmware‑pinned certificates.
Kisi hardware initiates every session; inbound pin‑holes are not required.
Allow outbound traffic for:
| Protocol | Port | Purpose |
|---|---|---|
| TCP | 31314 | Initial device ↔ server connection |
| TCP | 993 | Fallback device ↔ server connection |
| TCP | 443 | Fetch device firmware & API traffic |
| TCP | 80 | Fallback firmware fetch |
| UDP | 53 | DNS look‑ups |
| UDP (local) | 62435 | Reader ↔ Controller sync (AES‑encrypted) |
Wifi & authentication considerations
- Enterprise Wi‑Fi (802.1X): Kisi Hardware does not support EAP/PEAP/802.1X. Provide a WPA2/WPA3‑PSK SSID (e.g., dedicated IoT SSID).
- Captive portals: Not supported (Kisi Hardware cannot present a login splash‑page).
- Protocols: Compatible with 802.11 a/b/g/n (2.4 & 5 GHz).
IP & addressing
- Devices default to DHCP.
- Use DHCP reservations for fixed IPs (MAC ⇢ IP) if needed.
- Record MAC addresses for asset management and switch‑port tracing.
Quick‑reference port table
| Port | TCP | UDP | Usage |
|---|---|---|---|
| 31314 | ✅ | Initial device‑server connection | |
| 993 | ✅ | Fallback device‑server connection | |
| 443 | ✅ | Firmware / API traffic | |
| 80 | ✅ | Fallback firmware fetch | |
| 53 | ✅ | ✅ | DNS look‑ups |
| 62435 | ✅ | Reader ↔ Controller (local) |
Power backup
- Power tip: Place routers, PoE switches, door strikes and controllers on a UPS sized for your emergency‑egress requirement (e.g., a few days).