Network Requirements

To prepare your network for running CloudEndure's solutions, you need to set the following connectivity settings:

Communication over TCP Port 443

Add the following IP addresses and URLs to your firewall:

Required for all customers

CloudEndure Service ManagerThe CloudEndure server. IP Address (requires for utilizing CloudEndure software)

Amazon S3 service URLs (required for downloading CloudEndure software)

AWS specific (required for customers using AWS)

The Replication ServerThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location. requires outbound access to the EC2 endpoint of its AWS region.

TCP port 443 is used for two communication routes:

Communication Between the Source Machines and the CloudEndure Service Manager over TCP Port 443

Each Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. that is a part of your CloudEndure Disaster RecoveryThe CloudEndure solution that enables the recovery or continuation of vital technology infrastructure and systems in case of a crippling event. or MigrationThe CloudEndure solution that allows you to move data, applications, and other business elements from an onsite network or a cloud environment to another physical location or cloud environment. solution must continuously communicate with the CloudEndure Service ManagerThe CloudEndure server. and CloudEndure Console (console.cloudendure.com) over TCP port 443.

The following are the main operations performed through TCP port 443:

Configuring Communication over TCP Port 443 between the Source Machines and the CloudEndure Service Manager

Important: Make sure that your corporate firewall allows connections over TCP Port 443.

You can establish communication between the SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. machines and the CloudEndure Service ManagerThe CloudEndure server. over TCP Port 443 in two ways:

  1. Direct communication between the SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. machines and the Service Manager,
  2. Indirect communication by using a proxy.
  • Verifying Communication over TCP Port 443 between the Source Machines and the CloudEndure Service Manager

    If there is a connection problem from the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. to the CloudEndure Service ManagerThe CloudEndure server., use the following methods to check the connection.

    Note: If the connection experiences lag without additional explanation (Has Lag or Lag exceeds maximum threshold messages appear next to Lag in the CloudEndure Console), it could be an indication of a communication problem over TCP Port 443.
      |

    To verify the connection from a Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. to the Service Manager over port 443:

    Linux

    On the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine., enter the following command:

    wget https://console.cloudendure.com/

    If the command fails, then that there is a connectivity problem.

    Windows

    On the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine., open a browser and navigate to the CloudEndure User ConsoleCloudEndure SaaS User Interface. A web-based UI for setting up, managing, and monitoring the Migration and Disaster Recovery solutions. URL: https://console.cloudendure.com/

    If the Sign In page of the User ConsoleCloudEndure SaaS User Interface. A web-based UI for setting up, managing, and monitoring the Migration and Disaster Recovery solutions. does not appear, then there is a connectivity problem.

    Solving Communication Problems over TCP Port 443 between the Source Machines and the CloudEndure Service Manager

    If there is no connection between your SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. machines and the CloudEndure Service ManagerThe CloudEndure server., make sure that your corporate firewall enables connectivity from the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. to the Service Manager over TCP Port 443. If the connectivity is blocked, enable it.

    Enabling Windows Firewall for TCP Port 443 Connectivity

    Important! The information provided in this section is for general security and firewall guidance only. The information is provided on "AS IS" basis, with no guarantee of completeness, accuracy or timeliness, and without warranty or representations of any kind, expressed or implied. In no event will CloudEndure and/or its subsidiaries and/or their employees or service providers be liable to you or anyone else for any decision made or action taken in reliance on the information provided above or for any direct, indirect, consequential, special or similar damages (including any kind of loss), even if advised of the possibility of such damages. CloudEndure is not responsible for the update, validation or support of security and firewall information.

    Note: Enabling Windows Firewall for TCP Port 443 connectivity will allow your machines to achieve outbound connectivity. You may still need to adjust other external components, such as firewall blocking or incorrect routes, in order to achieve full connectivity.

    Note: These instructions are intended for the default OS firewall. You will need to consult the documentation of any third-party local firewall you use to learn how to enable TCP Port 443 connectivity.

    1. On the Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine., open the Windows Firewall console.
    2. On the console, select the Outbound Rules option from the tree.
    3. On the Outbound Rules table, select the rule that relates to the connectivity to Remote Port - 443. Check if the Enabled status is Yes.
    4. If the Enabled status of the rule is No, right-click it, and select Enable Rule from the pop-up menu.
    Enabling Linux Firewall for TCP Port 443 Connectivity
    1. Enter the following command to add the required Firewall rule:

      sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
    2. To verify the creation of the Firewall rule, enter the following commands:

      sudo iptables -L
      Chain INPUT (policy ACCEPT)
      target     prot opt source               destination

      Chain FORWARD (policy ACCEPT)
      target     prot opt source               destination  

      Chain OUTPUT (policy ACCEPT)
      target     prot opt source               destination
      ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:443

    Communication Between the Staging Area and CloudEndure Service Manager over TCP Port 443

    The Replication ServersThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location. on the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. must continuously communicate with the CloudEndure Service ManagerThe CloudEndure server. over TCP Port 443. The main operations that are performed through this route are:

    Downloading the Replication SoftwareThe software that is downloaded from the Console by the Replication Servers. It runs on the Replication Servers and it is responsible for writing the replicated data to the Staging area disks. by the Replication ServersThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location..

    Configuring Communication over TCP Port 443 between the Staging Area and the CloudEndure Service Manager

    You can establish communication between the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. and the CloudEndure Service ManagerThe CloudEndure server. over TCP Port 443 in two ways: direct or indirect communication.

    1. Direct communication between the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. and the Service Manager:
    2. Indirect communication through the use of a proxy.

      To use a proxy:

      Open the CloudEndure User ConsoleCloudEndure SaaS User Interface. A web-based UI for setting up, managing, and monitoring the Migration and Disaster Recovery solutions., and navigate to Setup & Info > Replication Settings.

      On the Define whether to route communication from the Replica Server via a proxy field, enter the details of the proxy after the https://


      Note: If your proxy uses a non-standard port, then the firewall of the Replication Servers may need to be modified to allow outbound traffic to that specific port. You can modify outbound traffic in the following ways:

    Verifying the Communication over TCP Port 443 between the Staging Network and the CloudEndure Service Manager

    You can learn how to verify the communication over TCP Port 443 between the StagingA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. Network and the CloudEndure Service ManagerThe CloudEndure server. in this troubleshooting article.

    Communication Between the Source Machines and the Staging Area over TCP Port 1500

    Each Source machineThe computer, physical or virtual machine that needs to be protected by replication (Disaster Recovery) or migrated (Migration) The CloudEndure Agent is installed on the Source machine. with an installed AgentThe Agent is a software program that is installed on machines in the Source location that need to be migrated or replicated to the Target location. continuously communicates with CloudEndure Replication ServersThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location. in the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. over TCP Port 1500. TCP Port 1500 is needed for the transfer of replicated data from the SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. machines to the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks..

    The replicated data is encrypted and compressed when transferred over TCP Port 1500. Prior being moved into the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks., the data is encrypted on the SourceThe location of the Source machine; Currently either a specific Region or Other Infrastructure. infrastructure. The data is decrypted once it arrives at the Staging AreaA part of the Target location; includes the Replication Servers’ subnet, IPs, and the Replication Servers and their disks. and before it is written to the disks.

    Note: If you are using the AWS cloud as your Target infrastructure, you can also encrypt the replicated data on the disks of the Staging Area after the in-transit encryption is decrypted.

    TCP Port 1500 is primarily used for the Replication ServerThe CloudEndure Machine to which Staging Disks are attached and to which data is replicated; launched on the Target location. Data ReplicationThe process of copying all data blocks from selected disks on a Source Machine to Staging Disks. stream.

    Establishing Communication over TCP Port 1500

    Important: To allow traffic over TCP Port 1500, make sure that your corporate firewall enables this connectivity.

    Note: Communication can be established over a public or a private connection, depending on what was selected on the Replication Settings screen within the CloudEndure User Console.

    Verifying the Communication over TCP Port 1500

    You can learn how to verify communication over TCP Port 1500 in this troubleshooting article.

    Calculating the Required Bandwidth for TCP Port 1500

    You can learn how to calculate the required bandwidth for TCP Port 1500 in this troubleshooting article.

    Solving Communication Problems over TCP Port 1500

    You can learn how to solve common communication problems in this troubleshooting article.


    ©2020 COPYRIGHT CloudEndure - Terms of Service - Privacy Policy - AWS Vulnerability Reporting Guidelines - Report a Security Issue