We're an ISO27001:2013 Certified Supplier

blog-post-featured-image

The management and monitoring tools we use require network access between your servers and ours. This page details the access that is required.

Both the server names and the IP addresses for our servers have been provided in the following tables. If a you manage a firewall in your network, it would be preferable to use the server names in the firewall rules (if possible) so that we can migrate services from one IP address to another without requiring any changes to your firewall.

Connectivity Options

Ideally, we would have direct connectivity between your servers and ours as detailed below. However, we recognise that this may not always be possible; for example, you may have multiple servers behind one public IP address, making it difficult for us to directly connect to each of your servers.

Under those circumstances, we require:

  • direct ssh access as detailed below to one of your servers (the “gateway server”), and
  • ssh access from the gateway server to your remaining servers, and
  • outbound connections from each of your servers to ours as detailed below (“Outbound connections to our servers”), including OpenVPN access

Inbound Connections To Your Server

We need access to the following ports:

  • ICMP
  • TCP port 22 (SSH remote management)
  • TCP port 5665 and 5666 (remote monitoring)

We can connect to your server over either IPv4 or IPv6 (only one is required, but we recommend both). For IPv6, we need access to the above ports from:

  • 2001:678:32c:57a0::/60
  • 2001:8b0:fbb2:2590::/60
  • 2a03:ee40:0:266::/64
  • 2a05:d01c:23c:e00::/56

For IPv4, we need access to the above ports from:

  • 3.9.136.217/32 (icinga1.aws.tiger-computing.co.uk)
  • 3.9.137.146/32 (icinga2.aws.tiger-computing.co.uk)
  • 18.130.212.133/32 (gw2.aws.tiger-computing.co.uk)
  • 31.210.128.190/32 (sea.tiger-computing.co.uk)
  • 31.210.130.202/32 (lugg.tiger-computing.co.uk)
  • 35.177.226.77/32 (gw1.aws.tiger-computing.co.uk)
  • 35.178.18.237/32 (gw3.aws.tiger-computing.co.uk)
  • 81.187.162.2/32 (monmouth.tiger-computing.co.uk)
  • 193.35.57.58/32 (thames.tiger-computing.co.uk)

Outbound Connections To Our Servers

OpenVPN Access

ProtocolDestination PortDestinationIPv4 AddressIPv6 Address
UDP1195thames.tiger-computing.co.uk193.35.57.582a03:ee40:0:266::2
UDP1194sea.tiger-computing.co.uk31.210.128.1902a01:500:1:2::4
UDP1194gw1.aws.tiger-computing.co.uk35.177.226.772a05:d01c:23c:e00::/56
UDP1194gw2.aws.tiger-computing.co.uk18.130.212.1332a05:d01c:23c:e00::/56
UDP1194gw3.aws.tiger-computing.co.uk35.178.18.2372a05:d01c:23c:e00::/56

This is only required if direct inbound access is not possible. An IPsec tunnel may be configured instead, if needed.

 

Monitoring Servers

ProtocolDestination PortDestinationIPv4 AddressIPv6 Address
TCP5665icinga1.aws.tiger-computing.co.uk3.9.136.2172a05:d01c:23c:e00::/56
TCP5665icinga2.aws.tiger-computing.co.uk3.9.137.1462a05:d01c:23c:e00::/56

 

Configuration Management Server

ProtocolDestination PortDestinationIP Address
TCP8140tamar.tiger-computing.co.uk31.210.130.200
TCP443tamar-alt.tiger-computing.co.uk31.210.130.203

Note: tamar-alt on TCP/443 is an alternative option to tamar on TCP/8140; only one or the other is required. Access via HTTP proxy is possible if required.

 

Software Distribution Servers

ProtocolDestination PortDestinationIP Address
TCP80Any0.0.0.0
TCP443Any0.0.0.0

Access via HTTP proxy is possible.

 

Network Time Servers

ProtocolDestination PortDestinationIP Address
UDP123Any0.0.0.0

Internal NTP servers provided by your organisation may be used instead.

 

Outbound Email Access

At a minimum, your servers need to be able to send email  to the following two addresses:

  • logcheck@tiger-computing.co.uk
  • security@tiger-computing.co.uk

Usually, the servers will send their own email directly, but it is possible to use any specified SMTP relay, or dedicated aliases that relay to those two addresses if that is preferred.

Get free Linux business strategies

Fill in this form and we'll send you updated Linux business strategies and ideas each week
  • This field is for validation purposes and should be left unchanged.