AWS Configuration Requirements for the Migration of VIP Services Platform to Amazon Web Services

INFO4913
Last Updated April 09, 2019
Copy Article Title/URL
Feedback
Subscribe

Symantec VIP services are hosted in multiple Amazon availability zones in the AWS Oregon [us-west-2] and Virginia [us-east-1] regions. To ensure uninterrupted connectivity from your VIP Enterprise Gateways and hosted custom applications to the Symantec VIP AWS-hosted cloud platform, review and update your configurations. 

Important: Organizations actively using VIP Enterprise Gateway or VIP Web Services WSDLs prior to version 9.3 should upgrade immediately. Symantec VIP has terminated use of *.verisign.com URLs on August 9, 2018

FIREWALL CONFIGURATION SETTINGS

  1. Use VIP Service domain name whitelisting. This is preferable to using IP netblocks. 

  2. Configure hostnames to recognize any sub-domain of *.vip.symantec.com. If you are unable to whitelist *.vip.symantec.com sub-domains, whitelist these specific hostnames:
    • services-auth.vip.symantec.com (port 443)
    • services.vip.symantec.com (port 443)
    • userservices-auth.vip.symantec.com (port 443)
    • goidservices-auth.vip.symantec.com (port 443)
    • liveupdate.symantecliveupdate.com (port 80)
    • liveupdate.symantec.com (port 80)
       
  3. If you are unable to whitelist hostnames, update your firewall configuration to allow all outbound connectivity to the following IP netblocks.  

 Symantec VIP high-availability data centers are located in multiple regions. DNS resolves traffic to the active location using the URLs listed below. IP address pinning puts your organization at risk of service disruption during a VIP datacenter\DNS switch.

Globally Load Balanced URLs
AWS Oregon (west) Region Netblocks
AWS Virginia (east) Region  Netblocks

 services-auth.vip.symantec.com
 services.vip.symantec.com
 userservices-auth.vip.symantec.com
 userservices.vip.symantec.com

18.236.61.144/28

18.208.22.32/28

VIP ENTERPRISE GATEWAY, CUSTOM APPLICATIONS, AND ENTERPRISE INTEGRATION CONFIGURATION SETTINGS

The VIP Enterprise Gateway(s) and Web Services WSDL files are configured to use the following globally load-balanced URLs issued by Symantec VIP. Custom applications should point to these same relevant URLs. 

  • services-auth.vip.symantec.com
  • services.vip.symantec.com
  • userservices-auth.vip.symantec.com
  • goidservices-auth.vip.symantec.com
  • liveupdate.symantecliveupdate.com
  • liveupdate.symantec.com

TEST YOUR CONFIGURATION

Testing to determine if your VIP Enterprise Gateway, custom server applications, and any other components involved can communicate with the VIP Service can be performed from the application server host and VIP Enterprise Gateway hosts within your production environment. See Testing your VIP environment for the Migration of VIP Services Platform to Amazon Web Services for testing procedures.

ADDITIONAL RESOURCES

VIP Web Services best practice for high-availability and optimal performance

Description:

INFO4912
Migration details of VIP Services Platform migration to Amazon Web Services (AWS) – FAQ
Last Updated October 30, 2018

INFO4914
Testing your VIP environment for the Migration of VIP Services Platform to Amazon Web Services
Last Updated April 26, 2019

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.