Salesforce, Python, SQL, & other ways to put your data where you need it

Need event music? 🎸

Live and recorded jazz, pop, and meditative music for your virtual conference / Zoom wedding / yoga class / private party with quality sound and a smooth technical experience

IP addresses and vendors

12 Oct 2022 🔖 integration tips
💬 EN

Table of Contents

Inbound network traffic

Periodically, the support team of a 3rd-party vendor may email power users or IT technicians within your company to announce that they plan to make changes to the IP addresses of the servers from which they connect to your company’s servers for the purposes of data integration.

When such an email arrives, open a support ticket with the part of your IT department that manages firewalls and attach a copy of the email.

Note, however, that some applications hosted on public clouds have multiple levels of firewall-like technology.

If you work with a large enough IT department, it’s possible that the team who manages your primary firewall may not manage all firewall-like technologies that guard your company’s servers from the public internet.

In AWS alone, there may also be:

  1. Configuration of networking boundaries called virtual private clouds (VPCs) that is only editable through AWS’s Control Tower tooling. This may or may not be configured by the same team of experts who maintain your primary firewall configuration.
  2. Additional “web application firewalls.” These may or may not be configured by the same team of experts who maintain your primary firewall configuration.
  3. Technology that acts more or less like “baby per-server firewalls” called Security Groups. This may or may not be configured by the same team of experts who maintain your primary firewall configuration.

The good news is that truly external 3rd-party vendors are allowed into your servers at the outermost “primary firewall” level of the onion of protection surrounding your servers.

(To get super-technical, any server that is allowing inbound traffic from the outside world is likely to be behind a “load balancer” server, and in that case, your actual servers wouldn’t ever even get to see the vendor’s IP address – just the load balancer’s IP address.)

When a 3rd-party vendor changes the IP addresses on the servers it uses for communicating to your company’s servers…

…Opening a support ticket with the part of your IT department that manages firewalls is almost certainly all the support you will need.

However, if integrations suddenly stop working on the date that the vendor announced they would be changing their IP addresses, and your firewall support team says they brought the primary firewall’s configuration up-to-date, try asking the firewall support team to ask around colleagues such as “cloud architects” and “system administrators” to determine whether traffic may be blocked at a deeper layer of firewall-like behavior.

Outbound network traffic

Vendors might also want to restrict the rights of UST’s servers in the Banner ERP ecosystem to initiate network traffic into their 3rd-party servers. For example, TouchNet follows this practice. If IP addresses for the servers in the Banner ERP ecosystem ever change, we need to proactively open tickets with vendors’ support desks to let them know, and we need to partner with power users throughout UST to validate that things still work as expected after a change.

--- ---