How To Prepare For The Second Data Center On Payware Connect For A Second Time



Similar documents
RBackup Server Installation and Setup Instructions and Worksheet. Read and comply with Installation Prerequisites (In this document)

RSA SecurID Ready Implementation Guide

Configuration Information

Network Configuration Settings

Zscaler Internet Security Frequently Asked Questions

How to Configure Web Authentication on a ProCurve Switch

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Configuration Guide. BES12 Cloud

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1

Swedbank Payment Portal Implementation Overview

WhatsUp Gold v16.3 Installation and Configuration Guide

Configuration Guide BES12. Version 12.2

Classroom Management network FAQ and troubleshooting

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

Microsoft Office Communications Server 2007 R2

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Chapter 15: Advanced Networks

Plesk 11 Manual. Fasthosts Customer Support

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

F-SECURE MESSAGING SECURITY GATEWAY

NEFSIS DEDICATED SERVER

How to connect your new virtual machine to the Internet

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Disaster Recovery White Paper

Configuration Guide BES12. Version 12.1

Setup Guide Access Manager Appliance 3.2 SP3

Appendix D: Configuring Firewalls and Network Address Translation

Lab - Observing DNS Resolution

WHITE PAPER Citrix Secure Gateway Startup Guide

SonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide

How To Configure SSL VPN in Cyberoam

Portal Administration. Administrator Guide

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Citrix Access on SonicWALL SSL VPN

Configuration Guide BES12. Version 12.3

GlobalSCAPE DMZ Gateway, v1. User Guide

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

In this section you will find information on the following services:

VMware Identity Manager Connector Installation and Configuration

AVG Business SSO Connecting to Active Directory

How to Scale out SharePoint Server 2007 from a single server farm to a 3 server farm with Microsoft Network Load Balancing on the Web servers.

Installation Guide for Pulse on Windows Server 2012

App Orchestration 2.5

Application Notes for the Ingate SIParator with Avaya Converged Communication Server (CCS) - Issue 1.0

Agent Configuration Guide

Welcome to SoftLayer. Welcome. How to Get Started. Portal Overview. Support Guidelines. Technical Resources. First 48 Hours

Virtual Data Centre. User Guide

1 PC to WX64 direction connection with crossover cable or hub/switch

App Orchestration Setup Checklist

Using TestLogServer for Web Security Troubleshooting

Setup Guide Access Manager 3.2 SP3

MY HELPDESK - END-USER CONSOLE...

Barracuda Link Balancer Administrator s Guide

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Setting Up Scan to SMB on TaskALFA series MFP s.

F-Secure Messaging Security Gateway. Deployment Guide

Virtual Appliance Setup Guide

Configure Single Sign on Between Domino and WPS

DOSarrest Security Services (DSS) Version 4.0

Websense Content Gateway HTTPS Configuration

Aventail Connect Client with Smart Tunneling

Chapter 6 Virtual Private Networking Using SSL Connections

Learning the Basics of Citrix Web Interface 4.6, Citrix Secure Gateway 3.1 and GoDaddy Wildcard SSL Certificate

Networking and High Availability

LumInsight CMS Installation Guide

2X SecureRemoteDesktop. Version 1.1

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Installation Guide for Pulse on Windows Server 2008R2

6421B: How to Install and Configure DirectAccess

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Configuring SSL VPN on the Cisco ISA500 Security Appliance

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Okta/Dropbox Active Directory Integration Guide

Installation Guide. Version 1.5. May 2015 Edition ICS Learning Group

User Guide. Cloud Gateway Software Device

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

How To Plan A Desktop Workspace Infrastructure

System Administration Training Guide. S100 Installation and Site Management

KEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure

NetSpective Global Proxy Configuration Guide

Configuration Information

Upgrade Guide BES12. Version 12.1

nexvortex Setup Guide

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Creating client-server setup with multiple clients

Setting Up Sharp MX-Color Imagers To Scan To

Networking and High Availability

Fasthosts Internet Parallels Plesk 10 Manual

Dell SonicWALL SRA 7.5 Citrix Access

Deployment Guide. For the latest version of this document please go to:

Enterprise Vault.cloud Deployment Checklist

LifeSize Transit Deployment Guide June 2011

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

freesshd SFTP Server on Windows

FAQ: BroadLink Multi-homing Load Balancers

Transcription:

PAYware Connect Gateway Guide of Instruction to work with PAYware Connect Multi-site Data Centers Frequently Asked Questions

Table of Contents Contents Introduction... 3 URL Routing Configuration Change... 3 How will this impact a merchant location?... 3 How do I determine if a merchant location is at risk?... 4 FAQs... 6 History of PAYware Connect DNS Best Practices... 8 Background... 8 Multiple URLs / Domains... 8 Best Practice Guidelines... 8 2

Introduction To prepare for bringing the PAYware Connect second data center online, VeriFone is making certain all partners are aware of the changes that are to come. This document will explain in detail the upcoming changes, the reason for these changes, what our partners must to prepare their merchants for these changes and the schedule for these changes. URL Routing Configuration Change VeriFone s first step to deploy the redundant data center will be to redirect the current PAYware Connect URLs from direct access at the existing data center to a new multi-site management service. The purpose of this service is to allow VeriFone to seamlessly move traffic between the two data centers, meaning without any routing changes on your end, as needed (schedule and unscheduled). This change will change the IP addresses to which the PAYware Connect URLs resolve. How will this impact a merchant location? The following merchants will be affected by the scheduled PAYware Connect change: Firewalls/Access Control Lists [ACLs]: Merchant locations that limit outbound Internet traffic via a firewall or some other form of Access Control lost need to ensure that the new IP addresses are added to their firewall in advance of this change. Additionally, the legacy IP addresses should be retained indefinitely. Static IPs: Merchant Locations that in any fashion using static IP addresses instead of URL's are at risk of a service interruption. There are three ways that a static IP address could be introduced by your infrastructure: o The IP address is hardcoded in your application o The IP address is cached in your DNS server o The HOST Name/IP address resides in your local host table The following merchants will not be affected by this URL IP address change: Merchants connecting via the Dial interface will be unaffected. Merchants using PAYware Mobile and not using WiFi will be unaffected. However, PAYware Mobile users using WiFi for Internet access and the the outbound traffic is limited by some sort of Access Control List [Firewall or other] are at risk. 3

How do I determine if a merchant location is at risk? 1. Firewall/Access Control Lists: a. If a merchant location has a firewall [or other Access Control List] with rules limiting specific IP addresses the POS system can connect to outside the merchant s network proper, a new set of IP address ranges must be added for Datacenter 2 while maintaining the Datacenter 1 IP Address range in your ACL. The additional IP ranges conveyed in the September 2011 communication are highlighted below in red. Existing: 63.111.8.4-63.111.8.60 New Ranges: 68.64.45.36-68.64.45.62 65.254.220.36-65.254.220.46 209.198.197.130-209.198.197.131 209.198.196.25-209.198.196.30 66.129.115.97-66.129.115.102 209.198.205.177-209.198.205.182 NOTE: Do not delete the existing IP addresses b. Once the additional IP addresses have been added, a merchant location can test access to the existing datacenter [ensuring current access is not broken], direct access to the new data center [as a failsafe], and finally to the new multi-site management service: 1. Existing data center: 1. Using a browser on a PC/server that route through the same network path as your point of sale system. a. Go to https://ipcharge.net/ipchapi/rh.aspx b. Go to https://ipcharge2.net/ipchapi/rh.aspx 2. A Successful response will be returned on the web browser of "Bad Request" 2. Multi-site management service for API access can be tested by following the below instructions [Note: these test addresses have been updated to reflect the newest IP addresses conveyed in Sept 2011 communication]. 1. Using a browser on a PC/server that route through the same network path as your point of sale system. 4

a. Go to https://209.198.196.26/ipchapi/rh.aspx b. Go to https://66.129.115.98/ipchapi/rh.aspx 2. Depending on which browser you use, you will receive some sort of error indicating that the site is not valid. This is OK. Accept whatever message is provided to proceed to the site. 3. A Successful response will be returned on the web browser of "Bad Request" 4. Accessing PAYware Connect via the Test URL s above is only for validating your network connectivity. Please utilize the correct domain name instead of IPAddress for production traffic. 3. Multi-site management service for Portal access can be tested by following the below instructions [Note: these test addresses have been updated to reflect the newest IP addresses conveyed in Sept 2011 communication]. 1. Using a browser on a PC/server that route through the same network path as your point of sale system. a. Go to https://209.198.196.25/mc b. Go to https://66.129.115.97/mc 2. Depending on which browser you use, you will receive some sort of error indicating that the site is not valid. This is OK. Accept whatever message is provided to proceed to the site. 3. If you successfully connect, you will be presented with the login page to the PWC Store Portal 4. Accessing PAYware Connect via the Test URL s above is only for validating your network connectivity. Please utilize the correct domain name instead of IPAddress for production traffic. 2. Use of Static IPs: a. Determine what method is used to interface with PAYware Connect, URL or static IP address. 1. If you currently use https://ipcharge.com or https://ipcharge2.com, you are using the URL. 2. If you currently use 63.111.8.9 or 63.111.8.33 [port 443], you are using a static IP address. 3. If you cannot tell, contact your software partner. 5

b. Merchant who is caching (storing) the IP addresses for long usage windows will need to clear the cache. The URL/IP Address resolution should be resolved on a transactional basis. 1. On Windows Desktop, click START 2. Type in "CMD" or "Command" 3. At the command prompt (C:\>) type in "IPCONFIG /FLUSHDNS" 4. Perform this command immediately following PAYware Connect Maintenance Window that announces the URL IP/Addresses are being updated. FAQs What error message would a merchant see who is trying to access the PAYware Connect Store/Merchant Portal see if the URL is not resolving to correct IP Address? Depending on browser software, merchant will see something like Cannot locate host or DNS Look-up failed type message. The failure to connect would be very obvious to the user. Will the FLUSHDNS command work for all versions of Windows? This command will work for all newer versions of Windows. If using Windows 2000, use command DNSFLUSH. How do I confirm that FLUSHDNS command worked? A user can confirm the command worked correctly by attempting to access Store/Merchant Portal at https://ipcharge.com/mc or access the Corporate/Reseller Portal at https://ipcharge.com/rc. If FLUSHDNS command worked, these URLs will resolve to the new correct IP address. What error message would a merchant location that is trying to execute a transaction see if the PAYware Connect API integration URL is not resolving to correct IP Address? When the integrated application attempts to connect to the URL and the DNS cache still has the old IP address, the application will receive a communication error. How that is reported back to the user, would be answered by the POS integrator. The failure to communicate would be obvious. 6

What error message would an integrated merchant or virtual terminal merchant see if a static IP address is no longer available? Both the integrated merchant and virtual terminal merchant would see a failure to communicate or failure to connect type message. In Windows Explorer, the user could see Internet Connection Problem and ask if the user wishes to troubleshoot. Also, depending upon the merchant s firewall configuration, the firewall could return a message indicating that the IP Address route is unavailable. The failure to connect to the static IP address will be obvious. Will VeriFone still recommend a primary and secondary URL approach that rolls automatically from primary to secondary after this URL Address is changed at VeriFone s data center? Yes, VeriFone will always recommend the practice of utilizing a primary and secondary URL Address with automatic fail-over routing. This data center change does not alter that best practice. How long from the time of formal announcements being sent will the change be made? (How long do merchant/partners have to make updates?) Our goal is to deploy these changes approximately 45 days after delivery of notification. Are the IP address updates available currently for any merchant validation testing? Yes, but not for production traffic. VeriFone has exposed these IP addresses for the purposes of testing general access only. See the previously provided instructions for testing this access. Will there be other host name changes coming in the future that merchants and partners will need to address? As previously stated in the DNS Best Practices Guide, VeriFone may add host names and IP addresses as needed. However, these changes would never be deployed without following a similar merchant/partner notification process. 7

History of PAYware Connect DNS Best Practices VeriFone established the best practice document for our Merchants, Resellers, and Integrators in order to minimize potential future interruption of service with respect to DNS and Domain Registrar routing issues while maintaining secure access to the PAYware Connect Gateway in August, 2009. Background Secure Sockets Layer (SSL) technology protects your Web site and makes it easy for your Web site visitors to trust you in three essential ways: 1. An SSL Certificate enables encryption of sensitive information during online transactions. 2. Each SSL Certificate contains unique, authenticated information about the certificate owner. 3. A Certificate Authority verifies the identity of the certificate owner when it is issued. It is important that the client utilize the proper URL when accessing PAYware Connect in order for the web-browser or integrated application to verify the SSL Certificate against the URL provided. If there are any Certificate errors establishing the secure HTTPS/SSL connection, the client should not send any sensitive data to that server. If a user attempts to connect to PAYware Connect by IP Address rather than URL, a certificate error will be generated and it will be more difficult for the client/integrated application to verify that the site connected to is the secure and authenticated PAYware Connect server and not rogue phishing site. Multiple URLs / Domains For redundancy, VeriFone established multiple Domain Names, SSL Certificates, and DNS management to the PAYware Connect Gateway with multiple vendors. This has been done to prevent one Vendor/ Domain Registrar from causing a single point of failure which would prevent merchants from processing mission critical payment transactions. Best Practice Guidelines All access to the PAYware Connect Gateway should utilize one of the available published URLs. If connectivity via the URL is not achieved, then one of the available alternate URLs should be automatically utilized. Multiple URLs should be configurable in the Integrated Application in order to provide redundancy in case one of the URLs becomes unavailable, primary and secondary. The Integrated Application should have the ability to change the URL ondemand if necessary without requiring a code-recompile. 8

The following Domains are currently available for production use: Domain Name Purpose Used By Year Introduced Ipcharge.com Access to PAYware Connect Resellers, Merchants, October, 2005 Virtual Terminal Console Aggregators Ipcharge2.com Access to PAYware Connect Resellers, Merchants, February, 2009 Virtual Terminal Console Aggregators Ipcharge.net Integration Access to Merchants October, 2005 PAYware Connect Ipcharge2.net Integration Access to PAYware Connect Merchants February, 2005 The URLs currently supported: URL Access To DNS Certificate https://ipcharge.com/mc Merchant Console enom A GoDaddy Access https://ipcharge2.com/mc Merchant Console GoDaddy GoDaddy Access B https://ipcharge.com/rc Reseller Console enom A GoDaddy Access https://ipcharge2.com/rc Reseller Console GoDaddy GoDaddy Access B https://ipcharge.net/ipchapi/rh.aspx Integrated enom A THAWTE Merchant Access https://ipcharge2.net/ipchapi/rh.aspx Integrated GoDaddy - THAWTE Merchant Access B ***ADDITIONAL URL s WILL BE ADDED AS REQUIRED 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information