Which Adobe Creative Cloud services and endpoints are contacted when updating via RUM?

Question

Hi there, I've had a frustrating amount of back and forth with Adobe support on the question of which specific endpoints need to be allowlisted for Remote Update Manager.

I was told that I needed to allowlist everything on the minimum allow list here: Network endpoints for Adobe apps & services. This is simply far too broad for my network and security teams to approve. I found lower on the page the downloadable endpoints matrix. This is much more reasonable, however I'm unclear which groups of the listed Adobe services rely on this.

The Updater service list seems too narrow. My assumption was that possibly some CDN network traffic was blocked on my end. I see some Cloudfront addresses under Adobe Creative Cloud services, but this list appears a bit broad.

It is unreasonable for Adobe to expect large/enterprise customers with security and regulatory obligations to whitelist such an exhaustive list without better specificity. Can we get some clarity on which specific endpoints from this list are used in the transport of Adobe Creative Cloud suite product updates when initiated via Remote Update Manager?

SuJoshi · Answer

Hi @ChimiChangaAlabama

I would recommend starting with the "The minimal allowlist" and "Deployment and fulfillment services" under the Identity and Sign-in Service section.
If the issue persists, you can use any networking tool like Wireshark or Charles proxy to identify if any more endpoints are getting blocked in your network.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded