Before you begin:
CU*Answers requires any CBX environment to be in an isolated sole-purposed DMZ to protect you from our network and to protect us from your network.
Any distributed environment requires a load balancer with sticky sessions to function properly. CU*Answers only supports F5 load balancers.
Our current recommended server sizing for self processors (not partners) is 4 cores, 16GB RAM, but may need to be adjusted based on actual usage patterns.
Windows Server 2019 and associated licensing is required. At this time, no other OS is supported.
The self-processor network requirements for CBX are the following:
- NOTE: This knowledgebase item will be adjusted as more is learned about CBX.
- This DOES NOT supersede the existing network components, but compliments them (at this time). Network Services will eventually consolidate these directions, but for now, they are separate. See related links below for more details.
- There are separate requirements for non-Self Processing credit unions. See knowledgebase item below.
Details:
CBX network requirements:
Ports are TCP unless noted.
Self Processors/Site 4:
The current MX hub IP is: 10.149.96.231, this should be routed to the CUA router or Firewall with VPN tunnel to CUA
The current Graylog IP is: 10.149.7.247, this should be routed to the CUA router or Firewall with VPN tunnel to CUA
Web server IPs designated by end client config
iSeries access for sessions
Source:
CBX web server
Destination: iSeries
Ports: ICMP, 21, 397 (TCP and UDP), 449, 515, 992, 6600-6671, 6800-6810, 8000-8020, 8470-8479, 9470-9476
NOTE: SSLDPI may break config. Recommended to exclude known source/destination pairs from SSLDPI.
Rationale: Hub access for licensing and queries
Source:
CBX Web Server
Destination:
CBX Hub
Ports: 443, 1291-1299, 1433, 5432, 8080
NOTE: SSLDPI may break config. Recommended to exclude known source/destination pairs from SSLDPI.
Rationale: Graylog access for extended agregated logging and tracking
Source:
CBX Web Server
Destination:
CUA Graylog
Ports: 443, 9000
NOTE: SSLDPI may break config. Recommended to exclude known source/destination pairs from SSLDPI.
Rationale: Hub inbound MGMT
Source:
CBX Hub
Destination:
CBX Web Server
Ports: 443, 1291-1299, 5432, 8080
NOTE: SSLDPI may break config. Recommended to exclude known source/destination pairs from SSLDPI.
Rationale: Updates, RMM, DNS
Source:
CBX Web Server, Backups
Destination:
Internet (route over the internet, not to CUA)
Ports (BOTH TCP and UDP): 53, 80, 443, 5721
NOTE: SSLDPI may break updates. Recommended to exclude windows updates, trend updates, cloudconnect.cuanswers.com and rmm.cuanswers.com from SSLDPI. 5721 can be locked down to destination of rmm.cuanswers.com and 6180 can be locked down to cloudconnect.cuanswers.com.
Rationale: Access to CBX
Source:
Client machines (gold workstations)
Destination:
CBX Web Server
Ports: 443
NOTE: SSLDPI may break config. Recommended to not SSLDPI incoming traffic unless sufficient testing has been completed to verify no affected functions.
Use Alerts to be notified when new information is added or changed in an individual answer or topic of information you care about. All Alert notifications sent in a single email once each day.
or you can subscribe to our RSS feed for this topic by clicking the link below
Subscribe
https://kb.cuanswers.com/cuanswers/ext/kbdetail.aspx?kbid=5462
Please enter your email address.
Please enter a valid email address.
Password not entered
Please choose a password composed of 6 to 20 varied letters, numbers and special characters, without whitespace characters or any of the following special characters: ' " / \ < >
The retype password must be the same as new password to confirm your password change. Please re-enter the retype password.
Creating a profile allows you to ask a question in a secure way and view a history of your past questions. If you have asked questions before, your profile was automatically created using the email address you provided.
Your inquiry is being encrypted to protect your privacy.
|