SVLive Firewall and Proxy Change Management
Connections are only ever initiated from within your client network, outbound to the Serraview endpoints. We do not initiate inbound connections. For the full list of Network Access and Ports, refer to SVLive2 Network Access and Ports and Data Collected by SVLive2.
Change Management - FQDN of the Endpoints to be Whitelisted at the Firewall
SVLive requires the Fully Qualified Domain Name (FQDN) of the endpoints to be whitelisted at the firewall. SVLive Cloud endpoints are hosted in scalable cloud infrastructure. We do not support Static IP whitelisting. Also, we cannot assign a fixed IP directly. We cannot support a proxy/NAT server in front of our API gateway, as that negates the benefits of a scalable endpoint.
See this advice from a StackOverflow article:
It is not possible to attach a static IP to API Gateway. However, AWS Publishes the IP ranges used by CloudFront which can be used to whitelist the firewall egress settings. Since these IP ranges also can change, it is recommended to automate the checking for changes using this URL and update the rules accordingly.
Change Management - Changes to Client's Proxy or Firewall Systems
It is possible that your IT team may introduce changes to the Web Proxy or Firewall, which may impact the ability of either the SVLive Presence Service or Switch Scanner to establish a connection with our SVLive endpoints.
Risk Mitigation
We encourage your IT team to add Automated Tests for Connectivity of SVLive Presence Service and Switch Scanner to SVLive Cloud Endpoints, as part of their Change Release process.
Impact on Service
SVLive applications require an active internet connection to operate.
If this connection is interrupted or blocked, data will stop flowing to the Cloud, and utilization data may be lost.