VMware Harbor Decommission
search cancel

VMware Harbor Decommission

book

Article ID: 371587

calendar_today

Updated On:

Products

VMware vDefend Firewall with Advanced Threat Prevention VMware vDefend Firewall

Issue/Introduction

VMware Harbor Decommission

Environment

This KB applies to customers using Harbor instances (Distributed Harbor: projects.registry.vmware.com and the VMware Docker Registry, which is a centralized repository of software packages and artifacts.

Resolution

As of June 27 , 2024  BOTH Harbor instances have been decommissioned, and Distributed Harbor's DNS has been redirected to projects.packages.broadcom.com

 

(1) Add the following URL to the allow list in the firewall :

projects.packages.broadcom.com

jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com

(2) Configure your firewall to allow URL filtering and IP-based rules for the VMware Docker Registry.

(3) Verify that the firewall is not blocking return traffic from the VMware Docker Registry. Check for any old URLs pointing to vmware.com and update them accordingly.

Customers can whitelist the FQDNs (Fully Qualified Domain Names) instead of IP addresses. This approach is recommended as IP addresses can change, and FQDNs provide a more stable and reliable way to access the registry. 

 

Customers can whitelist the following FQDNs:

projects.packages.broadcom.com

jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com


Note that the Docker Registry path must have the "projects.registry.vmware.com/ nsx_application_platform/clustering" value.

Additional Information

JFrog Cloud comes with Direct Cloud Storage Downloads enabled for platforms in AWS & GCP cloud providers.

If you are limiting outgoing traffic from your clients, make sure to extend the list of allowed-list IPs and hosts to include the relevant IP ranges and URLs.  

 

Region                                                  URL


Asia Pacific (Mumbai)             jfrog-prod-aps1-shared-mumbai-main.s3.amazonaws.com
Asia Pacific (Osaka)               jfrog-prod-apne3-shared-osaka-main.s3.amazonaws.com
 
Asia Pacific (Singapore)         jfrog-prod-apse1-shared-singapore-main.s3.amazonaws.com
 
Asia Pacific (Sydney)             jfrog-prod-apse2-shared-sydney-main.s3.amazonaws.com
 
Asia Pacific (Tokyo)               jfrog-prod-apne1-shared-tokyo-main.s3.amazonaws.com
 
Canada (Central)                   jfrog-prod-cac1-shared-canada-main.s3.amazonaws.com
 
Europe (Frankfurt)                 jfrog-prod-euc1-shared-frankfurt-main.s3.amazonaws.com
 
Europe West1 (Ireland)         jfrog-prod-euw1-shared-ireland-main.s3.amazonaws.com
 
Europe West2 (London)        jfrog-prod-euw2-shared-london-main.s3.amazonaws.com
 
Israel (Tel Aviv)                      jfrog-prod-ilc1-shared-tlv-main.s3.amazonaws.com
US East1 (Virginia)               jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com
 
US West1 (N. California)      jfrog-prod-usw1-shared-california-main.s3.amazonaws.com
 
US West2 (Oregon)             jfrog-prod-usw2-shared-oregon-main.s3.amazonaws.com

 

 

You can get more info on AWS S3 IP ranges from Amazon’s official documentation

https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html
 
 

Powered by Wolken Software