To prepare your network for running CloudEndure's solutions, you need to set the following connectivity settings:
Add the following IP addresses and URLs to your firewall:
Required for all customers
CloudEndure Service ManagerThe CloudEndure server. IP Address (requires for utilizing CloudEndure software)
Amazon S3 service URLs (required for downloading CloudEndure software)
AWS specific (required for customers using AWS)
The Replication ServerThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location. requires outbound access to the EC2 endpoint of its AWS region.
TCP port 443 is used for two communication routes:
Each Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. that is a part of your CloudEndure Disaster RecoveryThe CloudEndure solution that enables the recovery or continuation of vital technology infrastructure and systems in case of a crippling event. or MigrationThe CloudEndure solution that allows you to move data, applications, and other business elements from an onsite network or a cloud environment to another physical location or cloud environment. solution must continuously communicate with the CloudEndure Service ManagerThe CloudEndure server. and CloudEndure Console (console.cloudendure.com) over TCP port 443.
The following are the main operations performed through TCP port 443:
Important: Make sure that your corporate firewall allows connections over TCP Port 443.
You can establish communication between the SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. machines and the CloudEndure Service ManagerThe CloudEndure server. over TCP Port 443 in two ways:
https_proxy
– use - https://server-ip:port/
Note: The value must end with '/'.
https_proxy
environmental variable to set your proxy server. Learn more about Environmental Variables.On the System Variables section of the Environment Variables pane, click New to add the https_proxy
environment variable or Edit if the variable already exists.
Note: User Variables should not be modified.
Enter https://PROXY_ADDR:PROXY_PORT/
in the Variable value field. Click OK.
Note: Proxy authentication is not supported with environmental variables.
Note: If the Environment Variable was created after the CloudEndure Agent has been already installed, then the Agent needs to be restarted. To restart the Agent:
Windows: Restart the service called CloudEndureService
.
Linux: Run the following commands:/var/lib/cloudendure/runAgent.sh
Note: You can also add the variable through CMD by using SETX as follows:
1. Open CMD as administrator
2. Run: setx https_proxy https://<proxy ip>:<proxy port>/ /m
If there is a connection problem from the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. to the CloudEndure Service ManagerThe CloudEndure server., use the following methods to check the connection.
Note: If the connection experiences lag without additional explanation (Has Lag or Lag exceeds maximum threshold messages appear next to Lag in the CloudEndure Console), it could be an indication of a communication problem over TCP Port 443.
|
To verify the connection from a Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. to the Service Manager over port 443:
On the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine., enter the following command:wget https://console.cloudendure.com/
If the command fails, then that there is a connectivity problem.
On the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine., open a browser and navigate to the CloudEndure User ConsoleCloudEndure SaaS User Interface. A web-based UI for setting up, managing, and monitoring the Migration and Disaster Recovery solutions. URL: https://console.cloudendure.com/
If the Sign In page of the User ConsoleCloudEndure SaaS User Interface. A web-based UI for setting up, managing, and monitoring the Migration and Disaster Recovery solutions. does not appear, then there is a connectivity problem.
If there is no connection between your SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. machines and the CloudEndure Service ManagerThe CloudEndure server., make sure that your corporate firewall enables connectivity from the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. to the Service Manager over TCP Port 443. If the connectivity is blocked, enable it.
Important! The information provided in this section is for general security and firewall guidance only. The information is provided on "AS IS" basis, with no guarantee of completeness, accuracy or timeliness, and without warranty or representations of any kind, expressed or implied. In no event will CloudEndure and/or its subsidiaries and/or their employees or service providers be liable to you or anyone else for any decision made or action taken in reliance on the information provided above or for any direct, indirect, consequential, special or similar damages (including any kind of loss), even if advised of the possibility of such damages. CloudEndure is not responsible for the update, validation or support of security and firewall information.
Note: Enabling Windows Firewall for TCP Port 443 connectivity will allow your machines to achieve outbound connectivity. You may still need to adjust other external components, such as firewall blocking or incorrect routes, in order to achieve full connectivity.
Note: These instructions are intended for the default OS firewall. You will need to consult the documentation of any third-party local firewall you use to learn how to enable TCP Port 443 connectivity.
sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:443
The Replication ServersThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location. on the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. must continuously communicate with the CloudEndure Service ManagerThe CloudEndure server. over TCP Port 443. The main operations that are performed through this route are:
Downloading the Replication SoftwareThe software that is downloaded from the Console by the Replication Servers. It runs on the Replication Servers and it is responsible for writing the replicated data to the Staging area disks. by the Replication ServersThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location..
You can establish communication between the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. and the CloudEndure Service ManagerThe CloudEndure server. over TCP Port 443 in two ways: direct or indirect communication.
https://
Note: If your proxy uses a non-standard port, then the firewall of the Replication Servers may need to be modified to allow outbound traffic to that specific port. You can modify outbound traffic in the following ways:
You can learn how to verify the communication over TCP Port 443 between the StagingA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. Network and the CloudEndure Service ManagerThe CloudEndure server. in this troubleshooting article.
Each Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. with an installed AgentThe Agent is a software program that is installed on machines in the Source location that need to be migrated or replicated to the Target location. continuously communicates with CloudEndure Replication ServersThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location. in the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. over TCP Port 1500. TCP Port 1500 is needed for the transfer of replicated data from the SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. machines to the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks..
The replicated data is encrypted and compressed when transferred over TCP Port 1500. Prior being moved into the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks., the data is encrypted on the SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. infrastructure. The data is decrypted once it arrives at the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. and before it is written to the disks.
Note: If you are using the AWS cloud as your Target infrastructure, you can also encrypt the replicated data on the disks of the Staging Area after the in-transit encryption is decrypted.
TCP Port 1500 is primarily used for the Replication ServerThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location. Data ReplicationThe process of copying all data blocks from selected disks on a Source Machine to Staging Disks. stream.
Important: To allow traffic over TCP Port 1500, make sure that your corporate firewall enables this connectivity.
Note: Communication can be established over a public or a private connection, depending on what was selected on the Replication Settings screen within the CloudEndure User Console.
You can learn how to verify communication over TCP Port 1500 in this troubleshooting article.
You can learn how to calculate the required bandwidth for TCP Port 1500 in this troubleshooting article.
You can learn how to solve common communication problems in this troubleshooting article.
©2020 COPYRIGHT CloudEndure - Terms of Service - Privacy Policy - AWS Vulnerability Reporting Guidelines - Report a Security Issue