[FRS-425] FusionReactor On-Premise Firewall DNS and Static IP address rules

Introduction

This article applies to FusionReactor On-Premise customers only. These customers are identified by their license keys which do not begin with CLOUD-. Some users run FusionReactor behind restricted firewalls which do not allow all outbound connections. In this case, these users may need to add specific firewall rules to allow FusionReactor to communicate with our licensing infrastructure.

Proxying FusionReactor

If you have a web proxy available, this is the preferred method of allowing FusionReactor to communicate with licensing. Please see FRS-384 Proxying FusionReactor

Using DNS Firewall Rules

FusionReactor licensed with on-premise (non-Cloud) licenses requires access to the following DNS address in order to communicate with our licensing service

  • data.intergraldata.com – port tcp/80 and port tcp/443

This address resolves to one or more IP addresses which are attached to a load-balanced cluster. These IP addresses are dynamic and can change without warning.

Using Static Addresses

If you are unable or unwilling to use the dynamic DNS rules above, we have provided a static IP address which can be used for this service.

  • 52.214.198.96 – port tcp/80 and port tcp/443

N.b. this is not the address of our dynamic licensing service (see above) but for the static endpoint at api-intergraldata-static.fusionreactor.io.

After enabling this firewall rule, the following -D option needs to applied to your JVM environment, to instruct FusionReactor use this address for licensing:

-Dfrlicenseservice.protocol=https
-Dfrlicenseservice=api-intergraldata-static.fusionreactor.io

Locked-Down Environments

If you are using a non-standard Java security policy, you may have to add rules to it to allow FusionReactor to connect to these services. The form of these rules is:

permission java.net.SocketPermission “api-intergraldata-static.fusionreactor.io:443”, "connect, accept, resolve”;
permission java.net.SocketPermission “api-intergraldata-static.fusionreactor.io:80”, "connect, accept, resolve”;
permission java.net.SocketPermission “52.214.198.96:443”, "connect, accept, resolve”;
permission java.net.SocketPermission “52.214.198.96:80”, "connect, accept, resolve”;

Manual Licensing

Should FusionReactor be completely unable to communicate with our licensing service, you should note the following:

  • FusionReactor will require to be activated by hand using an activation code provided by the software. This must be done from a computer which does have internet access using the FusionReactor Portal. The resulting activation key must be entered back into FusionReactor.
  • The activation key generated is valid for 10 minutes, after this point FusionReactor will reject the key.
  • Your manual activation will be valid until the expiry date of the license in the case of subscription license and forever in the case of a maintenance license.

Upgrading to FusionReactor Cloud

Customers upgrading from FusionReactor On-Premise to FusionReactor Cloud should also read technote FRS-418, which is linked below in the Related Issues section. This has further information for required firewall transits.

Issue Details

Type: Technote
Issue Number: FRS-425
Components: License + Activation
Environment:
Resolution: Fixed
Last Updated: Today 3:59 PM
Affects Version:
Fixed Version: 7.0.0
Server:
Platform:
Related Issues:

FRS-384: Proxying FusionReactor

FRS-418: FusionReactor Cloud Firewall DNS and Static IP address rules

Comments are closed.