Configuration Requirements for the Migration of VIP Services Platform to Google Cloud Platform (GCP)

book

Article ID: 192676

calendar_today

Updated On:

Products

VIP Service

Issue/Introduction

←Previous: main page

CONFIGURATION REQUIREMENTS

Next: Testing

 

Symantec VIP services will be hosted in multiple GCP availability zones. To ensure uninterrupted connectivity from your VIP Enterprise Gateways and hosted applications to the Symantec VIP GCP-hosted cloud platform, review and update your configurations. 

Resolution

FIREWALL CONFIGURATION SETTINGS

  1. Use VIP Service domain name whitelisting. This is preferable to using IP netblocks. 
  2. Configure hostnames to recognize sub-domains of vip.symantec.com (e.g., *.vip.symantec.com). If you are unable to whitelist *.vip.symantec.com sub-domains, whitelist these specific hostnames:

    • services-auth.vip.symantec.com (port 443)
    • services.vip.symantec.com (port 443)
    • userservices-auth.vip.symantec.com (port 443)
    • userservices.vip.symantec.com (port 443)
    • goidservices-auth.vip.symantec.com (port 443)
    • liveupdate.symantecliveupdate.com (port 80)
    • liveupdate.symantec.com (port 80)
    • api-auth.vip.symantec.com (port 443)
       
  3. If you are unable to whitelist hostnames, update your firewall configuration to allow all outbound connectivity to the following Google Cloud IP netblocks in addition to the current AWS IP address netblocks. AWS netblocks can be removed after the migration is complete.  

IP address pinning of VIP URLs could result in VIP Service disruption. Public DNS resolves traffic to the active VIP IP addresses through the domain in the URLs listed below. 


Globally Load Balanced URLs


GCP West Region Netblocks


GCP East Region Netblocks


AWS West Region Netblocks

AWS East Region Netblocks

services-auth.vip.symantec.com

services.vip.symantec.com

userservices-auth.vip.symantec.com

userservices.vip.symantec.com

144.49.0.0/16

18.236.61.144/28

18.208.22.32/28

 

VIP ENTERPRISE GATEWAY, CUSTOM APPLICATIONS, AND ENTERPRISE INTEGRATION CONFIGURATION SETTINGS

No VIP software updates are necessary. The VIP Enterprise Gateway(s) and Web Services WSDL files are configured to use the following globally load-balanced URLs issued by Symantec VIP. Custom applications should point to these same relevant URLs. 

    • services-auth.vip.symantec.com
    • services.vip.symantec.com
    • userservices-auth.vip.symantec.com
    • goidservices-auth.vip.symantec.com
    • liveupdate.symantecliveupdate.com
    • liveupdate.symantec.com

TESTING YOUR CONFIGURATION

Testing to determine if your VIP Enterprise Gateway, custom server applications, and any other components involved can communicate with the VIP Service can be performed from the application server host and VIP Enterprise Gateway hosts within your production environment. See Testing your VIP environment for the Migration of VIP Services Platform to Google Cloud Services for testing procedures.

ADDITIONAL RESOURCES

VIP Web Services best practice for high-availability and optimal performance

VIP Enterprise Gateway 9.9 FAQ and end-of-support announcement of 9.7 and older


Attachments