ISM/IAM Cloud Initiative 2021 FAQ Guide for Frankfurt Customers - Ivanti

Page created by Lewis Lane

Travel

English

Like
Share
Embed
Fullscreen
Slides
Download HTML
Download PDF
Abuse

←

→

Page content transcription

If your browser does not render page correctly, please read the page content below

ISM/IAM Cloud Initiative 2021
FAQ Guide for Frankfurt Customers

                                    FAQ Guide

1 Contents

2 Introduction 4

2.1 About this document 4

2.2 Audience 4

3 Impact Details 5

3.1 What is happening and why? 5

3.2 Which locations are in scope? 5

3.3 What is the Change Schedule and what is required from the Customer? 5

4 Technical FAQ 7

4.1 Will the Discovery Agents/Gateways be affected? 7

4.2 What if we use Web Service integrations? 7

4.3 What if we use Ivanti SFTP based data import connections? 7

4.4 Will the Ivanti Service Manager/Asset Manager Survey module be affected? 8

4.5 What if we use the Ivanti BI Reporting Service? 8

4.6 What if we use LDAP integration for authentication? 9

4.7 What if we have configuration/enhancements of ISM that are in process at the
time of our scheduled maintenance? 9

4.8 Will the Ivanti SSRS reporting module be affected? 10

4.9 Will the ISM and Ivanti Neurons Integration be affected? 10

4.10 What if we use VPN Integration to the Hosted SaaS environment? 10

4.11 Will Ivanti Voice be affected? 11

4.12 What is the Maintenance Schedule for these changes? 12

4.13 What are the new public IP addresses for each Datacenter? 12

4.14 Will the Tenant URL change? 12

4.15 How will this impact Certifications (SOC2, etc.)? 12

4.16 Who do I contact if I have questions or issues making these changes? 13

ISM/IAM Cloud Initiative 2021 FAQ Guide | 2

This document is provided strictly as a guide. No guarantees can be provided or expected. This document contains the confidential information
and/or proprietary property of Ivanti, Inc. and its affiliates (referred to collectively as “Ivanti”) and may not be disclosed or copied without
prior written consent of Ivanti.

Ivanti retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. Ivanti
makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document, nor does it
make a commitment to update the information contained herein. For the most current product information, please visit www.ivanti.com.

Copyright © 2021, Ivanti. All rights reserved.

                                                                                                                                   FAQ Guide

2 Introduction

2.1   About this document

This document communicates the high-level customer success message and addresses frequently asked
questions regarding changes to customer tenants and associated Ivanti-managed services like BIDS
Reporting, Survey, VPN etc. For customer-specific implementations (especially using web service-based
integrations or custom integrations) please refer to your internal design or contact Technical Support for any
questions.

2.2   Audience

The intended audience of this document is if you are currently running IT Service Manager and/or Asset
Manager Cloud hosted in the Frankfurt Datacenter (FFT).

                                                                          ISM/IAM Cloud Initiative 2021 FAQ Guide | 4

3 Impact Details

3.1     What is happening and why?

      Ivanti’s SaaS offerings are growing rapidly on a global scale, as our acquisitions of Pulse, MobileIron
      and Cherwell allow us to offer even more complete solutions for our customers. In order to plan for
      the future, we are standardizing our hosting environments to provide the level of flexibility and
      scalability that our customers expect. Over the next few months, we will be moving all ISM Cloud
      tenants to Azure hosted data centers. We will be working to schedule these changes during our
      normal maintenance windows to limit any disruption in service.

3.2       Which locations are in scope?

      Ivanti shall be changing the IaaS provider for Ivanti Service Manager from AWS to Azure. The
      datacenter will be in the same region as your tenant is currently hosted and there will be no change
      in the Data Sovereignty. The change of the IaaS provider is only pertaining to Commercial ISM
      Customers and there will be no change to FedRAMP customers at this time.

      The Azure datacenter locations and their abbreviated names are as follows:
          -   Americas
                  o East (North Virginia - NVZ)
                  o West (Washington - WAZ)
          -   APAC
                  o Australia East (New South Wales - NSZ)
          -   Canada
                  o Ontario (TTZ)
          -   Europe
                  o East (Germany - FFZ)
                  o West (Ireland - IRZ)
          -   United Kingdom
                  o London (LDZ)

3.3       What is the Change Schedule and what is required from you?

          The scheduled date for your tenant will be communicated via email and published on the Ivanti
          Status Page. Please subscribe to the Status Page for updates and reminders, if you have not
          already. The schedule is based on the data center that your tenant is currently hosted and the
          VPN configuration of your environment.

                                                                             ISM/IAM Cloud Initiative 2021 FAQ Guide | 5

For more details on how to identify the datacenter your tenant is hosted on, please check this
guide.

This guide is specific to customers with Ivanti Service Manager/Ivanti Asset Manager tenants
hosted in the Frankfurt (FFT) Datacenter. If you have incorrectly received this guide and your
tenant is not hosted in our Frankfurt datacenter, please notify us via email to
SaasFFT@ivanti.com.

Please see the Technical FAQ’s below for details on changes that need to be made for
customers hosted on the FFT environment and based on the ISM Cloud modules in use.

                                                                  ISM/IAM Cloud Initiative 2021 FAQ Guide | 6

4 Technical FAQ
4.1 Will the Discovery Agents/Gateways be affected?

Yes, customers using the Ivanti HEAT Discovery product will need to make the following changes
based on your environment.

- If you are using agents, you will need to download the agent from the ISM tenant and re-
install it on all endpoints. Information on agents can be found here.

- If you are using gateways, you will need to change the configuration to point to the new IM
URL. The new URL’s are provided below and can also be found here.

Please speak to your internal network engineer or IT contact to help you with these changes.

Production Staging
IM im-prd-ffz.ivanticloud.com im-stg-ffz.ivanticloud.com

The DR for FFZ datacenter will be hosted in Ireland (IRZ) and the IM URL for the DR is im-dr-
irz.ivanticloud.com.

Note: These actions need to be performed as part of the maintenance to ensure there is no
disruption to the inventory data sync with the tenant.

4.2 What if we use Web Service integrations?

The Web Service integration URL will change and all references to the old Integration URL will need
to be updated.

The integration URL are specified below and can also be found here. Please ensure the URL is
updated and the integration is validated prior to the maintenance window.

Please speak to your internal network engineer or IT contact to help you with these changes.

Production Staging
Integration integration-prd-ffz.ivanticloud.com integration-stg-ffz.ivanticloud.com

The DR for your datacenter will be hosted in Ireland (IRZ) and the Web Service Integration URL for
the DR is integration-dr-irz.ivanticloud.com.

4.3 What if we use Ivanti SFTP based data import connections?

ISM/IAM Cloud Initiative 2021 FAQ Guide | 7

Ivanti hosted SFTP connection will change and will need to be updated in the existing data import
      connections.

      The SFTP host connection details for your tenant are defined below and can also be found here.
      Please validate the updated settings once provided prior to the maintenance window.

      Please speak to your internal network engineer or IT contact to help you with these changes.

                     Production                              Staging
       SFTP          ftp-prd-ffz.ivanticloud.com             ftp-stg-ffz.ivanticloud.com

      The DR for your datacenter will be hosted in Ireland (IRZ) and the SFTP URL for the DR is ftp-dr-
      irz.ivanticloud.com.

      Note: If the SFTP host connection is not updated, the Data Import connections will fail after the
      maintenance window as the SFTP host will not be valid for the tenant.

4.4     Will the Ivanti Service Manager/Asset Manager Survey module be affected?

      The Survey module will automatically be updated to use the new Survey URL. However, any
      existing/incomplete surveys will not work after the maintenance window.

                     Production                              Staging
       Survey        survey-prd-ffz.ivanticloud.com          survey-stg-ffz.ivanticloud.com

4.5     What if we use the Ivanti BI Reporting Service?

                                                                            ISM/IAM Cloud Initiative 2021 FAQ Guide | 8

The BI service will need to be reconfigured to point to the new DNS. The port numbers remain
unchanged.

Ivanti is introducing IP whitelisting to secure connectivity to the BI Service. To configure whitelisting,
please provide your external IP addresses to Ivanti. The certificate for ensuring encrypted
connectivity can be downloaded from here.

Production Staging
BI bis-prd-ffz.ivanticloud.com bis-stg-ffz.ivanticloud.com

The DR for your datacenter will be hosted in Ireland (IRZ) and the BI DNS for the DR is bis-dr-
irz.ivanticloud.com.

Note: If the BI DNS is not updated, any existing reporting services using the BI Service will fail after
the maintenance window.

4.6 What if we use LDAP integration for authentication?

Customers that have network inbound restrictions will need to make necessary changes to allow
Ivanti’s new NAT IP addresses on their internal network. You can find the updated IP addresses
below and also for your reference also included here.

Production 20.79.74.243
Staging 20.79.75.139
DR (IRZ) 20.67.193.245

4.7 What if we have configuration/enhancements of ISM that are in process at the time of our
scheduled maintenance?

Your STG and UAT tenants will be migrated during the same weekend after your PRD tenant is
migrated. The migration window for the STG/UAT tenants will be published on the Status Page and
this will be a downtime maintenance. During this period, your STG/UAT tenants will not be
accessible until they are migrated. Typical downtime window is between 4 and 6 hours.

The same changes as specified above for PRD will need to be done for STG/UAT to ensure the
services are not interrupted.

If you have any concerns or questions, please contact us at the email specified below.
SaaSFFT@ivanti.com

ISM/IAM Cloud Initiative 2021 FAQ Guide | 9

4.8     Will the Ivanti SSRS reporting module be affected?

      The Ivanti Service Management reports will not be impacted as a result of the migration. However,
      any scheduled reports will need to be re-configured.

      If you need help in configuring report schedules, please refer to the Scheduling Reports section of the
      Ivanti Service Manager User Help.

4.9     Will the ISM and Ivanti Neurons Integration be affected?

      No. The integration between Ivanti Service Manager/Asset Manager and Ivanti Neurons will
      continue to work seamlessly and no change is required.

4.10 What if we use VPN Integration to the Hosted SaaS environment?

                                                                            ISM/IAM Cloud Initiative 2021 FAQ Guide | 10

Customers using the VPN Integration are advised to read through this section:

1. Can we use the same configuration we have currently within the new datacenter?

To ensure connectivity testing is performed prior to moving to the new data center, Ivanti
will change how we appear to our customers. For example, if Ivanti currently appears to
you as “172.20.15.0 255.255.255.0”, the new VPN will be configured with “172.20.16.0
255.255.255.0”. The remote IP addresses / subnets we have configured will not change to
avoid changes being required in the ISM tool set.

It is also recommended that customers take this opportunity to review current security
standards and upgrade to IKEV2 if desired.

2. Does the new datacenter support IKEV2?

Yes. IKEV1 and IKEV2 are supported.

3. In the current datacenter, we have SHA1. Can we upgrade to SHA256?

Yes. The following standards are supported:
o IKEV1 SHA1
o IKEV1 SHA256
o IKEV1 SHA384
o IKEV2 SHA512

4. In the current datacenter we have DH Group 2 or 5. Can we upgrade to later key exchange
encryption?

Yes. The new datacenter will support up to DH Group 24

5. Ivanti Subnet Ranges

Customers will retain their existing local groups, remote groups will be changed to enable
side by side VPN tunnels before the move to the new datacenter.

Once you have made the necessary VPN changes, please confirm back to us at VPNFFT@ivanti.com
so our networking experts can test and confirm all connections with you before the migration.

4.11 Will Ivanti Voice be affected?

ISM/IAM Cloud Initiative 2021 FAQ Guide | 11

This section is relevant to customers using Ivanti Voice.

Customers integrating Ivanti Voice to Ivanti Service Manager Cloud using the Tenant URL will not be
impacted. Customers integrating to Ivanti Service Manager through VPN will need to review the
settings and ensure the voice connection is established after the VPN tunnel is configured.

If the Ivanti Voice Server previously whitelisted the datacenter IP addresses, these will need be
updated to reflect the new datacenter IP addresses (defined in section 4.6 of this document).

4.12 What is the Maintenance Schedule for these changes?

The maintenance window schedule will be updated to the Cloud Change Calendar and Status Page.
This will be a DOWNTIME maintenance.

Customers will be migrated in three phases – April 30th, May 14th, and May 28th. The maintenance
window for the FFT datacenter is Friday 9 PM UTC to Saturday 1 AM UTC.

You will be notified via email the date your tenant is scheduled to be migrated.

4.13 What are the new public IP addresses for each Datacenter?

The IP addresses for each data center can be found here. And for your reference is also defined
below:

Production 20.79.74.243
Staging 20.79.75.139
DR (IRZ) 20.67.193.245

4.14 Will the Tenant URL change?

No, the Tenant URL will not change. Any configuration based on the Tenant URL will continue to
work as-is and will not require any update (except for IP whitelisting/VPN etc., as discussed above).

4.15 How will this impact Certifications (SOC2, etc.)?

ISM/IAM Cloud Initiative 2021 FAQ Guide | 12

Ivanti Service Manager/Asset Manager is certified for SOC2 Type2 and ISO27001-2013. Both
    certifications remain current, and we will continue to run separate reports annually.

    We will continue to run pen test reports for each application, and letters of attestation will be
    available on request.

4.16 Who do I contact if I have questions or issues making these changes?

    If you have questions related to the move, please reach out to us at SaaSFFT@ivanti.com.

    If you run into technical issues while making the necessary changes or after the migration, please
    follow the technical support process and open a support case.

  Contact Us

        saasFFT@ivanti.com
  VPN customers: VPNFFT@ivanti.com

                                                                          ISM/IAM Cloud Initiative 2021 FAQ Guide | 13

You can also read