We're an ISO27001:2013 Certified Supplier

blog-post-featured-image

The management and monitoring tools we use require network access between your servers and ours. This page details the network access requirements.

Both the server names and the IP addresses for our servers have been provided in the following tables. If a you manage a firewall in your network, it would be preferable to use the server names in the firewall rules (if possible) so that we can migrate services from one IP address to another without requiring any changes to your firewall.

Connectivity Options

Ideally, we would have direct connectivity between your servers and ours as detailed below. However, we recognise that this may not always be possible; for example, you may have multiple servers behind one public IP address, making it difficult for us to directly connect to each of your servers.

Under those circumstances, we require:

  • direct ssh access as detailed below to one of your servers (the “gateway server”), and
  • ssh access from the gateway server to your remaining servers, and
  • outbound connections from each of your servers to ours as detailed below (“Outbound connections to our servers”), including OpenVPN access

Inbound Connections To Your Server

We need access to the following ports:

  • ICMP
  • TCP port 22 (SSH remote management)
  • TCP port 5665 and 5666 (remote monitoring)

We can connect to your server over either IPv4 or IPv6 (only one is required, but we recommend both). For IPv6, we need access to the above ports from:

  • 2001:678:32c:57a0::/60
  • 2a00:1098:86:93::1/128
  • 2a03:ee40:718::/64
  • 2a05:d01c:23c:e00::/56

For IPv4, we need access to the above ports from:

  • 3.9.136.217/32 (icinga1.aws.tiger-computing.co.uk)
  • 3.9.137.146/32 (icinga2.aws.tiger-computing.co.uk)
  • 18.130.212.133/32 (gw2.aws.tiger-computing.co.uk)
  • 35.177.226.77/32 (gw1.aws.tiger-computing.co.uk)
  • 35.178.18.237/32 (gw3.aws.tiger-computing.co.uk)
  • 83.97.16.80/29 (Primary privileged range)
  • 93.93.131.119 (thames.tiger-computing.co.uk)

Outbound Connections To Our Servers

OpenVPN Access

ProtocolDestination PortDestinationIPv4 AddressIPv6 Address
UDP1194tame.tiger-computing.co.uk83.97.16.822a03:ee40:718::1
UDP1194thames.tiger-computing.co.uk93.93.131.1192a00:1098:86:93::1

This is only required if direct inbound access is not possible. An IPsec tunnel may be configured instead, if needed.

Monitoring Servers

ProtocolDestination PortDestinationIPv4 AddressIPv6 Address
TCP5665icinga1.aws.tiger-computing.co.uk3.9.136.2172a05:d01c:23c:e00::/56
TCP5665icinga2.aws.tiger-computing.co.uk3.9.137.1462a05:d01c:23c:e00::/56

 

Configuration Management Server

ProtocolDestination PortDestinationIPv4 AddressIPv6 Address
TCP443puppet.tiger-computing.co.uk18.133.61.1192a05:d01c:23c:e00::/56
TCP443puppet.tiger-computing.co.uk18.133.150.1292a05:d01c:23c:e00::/56
TCP443puppet.tiger-computing.co.uk35.176.60.1852a05:d01c:23c:e00::/56

Access via HTTP proxy is possible if required.

 

Software Distribution Servers

ProtocolDestination PortDestinationIPv4 AddressIPv6 Address
TCP80Any0.0.0.0/0::/0
TCP443Any0.0.0.0/0::/0

Access via HTTP proxy is possible.

 

Network Time Servers

ProtocolDestination PortDestinationIPv4 AddressIPv6 Address
UDP123Any0.0.0.0/0::/0

Internal NTP servers provided by your organisation may be used instead.

 

Outbound Email Access

At a minimum, your servers need to be able to send email  to the following addresses:

  • security@tiger-computing.co.uk

Usually, the servers will send their own email directly, but it is possible to use any specified SMTP relay, or dedicated aliases that relay to those two addresses if that is preferred.

Secure. Reliable. Scalable.

If that doesn't describe your current Linux systems, check out our FREE Linux Survival Guide to help you get your systems up to scratch today!
  • This field is for validation purposes and should be left unchanged.