AWS Migration and the Need for Whitelisting the New StayNTouch IP Addresses

Modified on: Thu, 18 Apr, 2019 at 10:16 AM

This article will show you how communication between the SNT server and your local servers has changed post migration to AWS.


WHY DO WE NEED TO WHITELIST THESE NEW IPs?


In order to increase the robustness and stability of your systems, we have enabled multiple availability zones (AZ) to support high redundancy within our AWS infrastructure. This means that if any single AZ encounters issues, the system will switch to the next AZ in the configuration. 


We have currently provisioned 6 AZs in our infrastructure, but we will only use 2 AZs at any one time. The diagram below explains these changes as well as the network topology for the new AWS infrastructure.



Each AZ interacts with the outside Internet through its own NAT gateway—the IP addresses that need to be whitelisted are the IPs of each these gateways. Essentially, each of the 6 AZs have 6 NAT gateways, and thus 6 IPs that need to be whitelisted. 


The new IP addresses are:


  • 107.20.88.165

  • 18.204.122.217

  • 18.235.212.108

  • 35.175.41.146

  • 52.0.227.64

  • 54.144.36.255

  • 146.20.40.30 (Current Rackspace IP) 


All sites that allow connecting to OWS servers, key servers, interface servers, and EMV terminals must allow these new IPs to be whitelisted onto the ports currently in use today.

CUT-OFF TIME FOR WHITELISTED IPs


Within our previous hosted cloud database on Rackspace, all outbound requests were routed through the NAT gates of a single IP address (e.g., 146.20.40.30) and thus required only one IP address to be whitelisted. But with the new AWS setup, they require all 6 IPs to be whitelisted. 


StayNTouch has now switched over all its traffic to these new IP addresses. If you have not whitelisted the above IP addresses already, you will lose connectivity to all of our systems.  


You will need to contact your IT team or network provider if you have not whitelisted the IP addresses for each of the AZs and to verify and test all of your URLs and TCP connections. This is to ensure continued connectivity with our systems now that the AWS migration is complete.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.