AWS Configuration Requirements for the Migration of VIP Services Platform to Amazon Web Services
INFO4913
Last Updated April 09, 2019
Symantec VIP services are hosted in multiple Amazon availability zones in the AWS Oregon [us-west-2] and Virginia [us-east-1] regions. To ensure uninterrupted connectivity from your VIP Enterprise Gateways and hosted custom applications to the Symantec VIP AWS-hosted cloud platform, review and update your configurations.
Important: Organizations actively using VIP Enterprise Gateway or VIP Web Services WSDLs prior to version 9.3 should upgrade immediately. Symantec VIP has terminated use of *.verisign.com URLs on August 9, 2018.
FIREWALL CONFIGURATION SETTINGS
-
Use VIP Service domain name whitelisting. This is preferable to using IP netblocks.
- Configure hostnames to recognize any sub-domain of *.vip.symantec.com. If you are unable to whitelist *.vip.symantec.com sub-domains, whitelist these specific hostnames:
- services-auth.vip.symantec.com (port 443)
- services.vip.symantec.com (port 443)
- userservices-auth.vip.symantec.com (port 443)
- goidservices-auth.vip.symantec.com (port 443)
- liveupdate.symantecliveupdate.com (port 80)
- liveupdate.symantec.com (port 80)
- If you are unable to whitelist hostnames, update your firewall configuration to allow all outbound connectivity to the following IP netblocks.
Symantec VIP high-availability data centers are located in multiple regions. DNS resolves traffic to the active location using the URLs listed below. IP address pinning puts your organization at risk of service disruption during a VIP datacenter\DNS switch.
| Globally Load Balanced URLs |
|
|
| services-auth.vip.symantec.com |
|
|
VIP ENTERPRISE GATEWAY, CUSTOM APPLICATIONS, AND ENTERPRISE INTEGRATION CONFIGURATION SETTINGS
The VIP Enterprise Gateway(s) and Web Services WSDL files are configured to use the following globally load-balanced URLs issued by Symantec VIP. Custom applications should point to these same relevant URLs.
- services-auth.vip.symantec.com
- services.vip.symantec.com
- userservices-auth.vip.symantec.com
- goidservices-auth.vip.symantec.com
- liveupdate.symantecliveupdate.com
- liveupdate.symantec.com
TEST YOUR CONFIGURATION
Testing to determine if your VIP Enterprise Gateway, custom server applications, and any other components involved can communicate with the VIP Service can be performed from the application server host and VIP Enterprise Gateway hosts within your production environment. See Testing your VIP environment for the Migration of VIP Services Platform to Amazon Web Services for testing procedures.
ADDITIONAL RESOURCES
VIP Web Services best practice for high-availability and optimal performance
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)