our App has been rejected by Apple because it does not work on pure IPV6 networks. We think it is because IBM CloudFoundry App hosting does not support it. How can we enable the IBM cloud foundry address such as tbms-proxy.eu-gb.mybluemix.net to be IPV6 compliant? thanks
If you can use a custom domain, one option could be to go through a gateway to enable IPv6.
Cloud Internet Services can do this by proxying requests to your app. Cloud Internet Services is powered by Cloudflare.
Once your domain is configured in Cloud Internet Services and added to IBM Cloud, IPv6 connectivity will be available.
Related
We are running an internal application which needs to connect to IBM Watson. Our Firewall team is looking for the IP Ranges we should allow for communication with Bluemix.
Name Geoortung Kunde Bereitstellung Domäne CF-API-Endpunkt Typ
eu-de Germany IBM Production eu-de.bluemix.net https://api.eu-de.bluemix.net public
I found a very useful webpage, but there is no information regarding the API Gateway in Frankfurt.
https://knowledgelayer.softlayer.com/faq/what-ip-ranges-do-i-allow-through-firewall
Can you help?
The Watson APIs hosts depend on where your service was instantiated.
us-south: https://gateway.watsonplatform.net,
eu-de. https://gateway-fra.watsonplatform.net
You only need to enable requests to the host where you Watson service instance is running. Make sure you use the URL and not the IP because it may change.
I've created an app and tried to publish to the App Store only to be rejected as the app crashes on launch when using an IPv6 only network.
I used IPv6-test.com and tested the demo API URL to find that the API doesn't support IPv6 yet. Is there a way I can get around this issue without using a different API?
If it could help I have the capabilities to host my own server with IPv6 support.
For an API server to be compatible with IPV6, you will need to just deploy it on a web server which is IPv6 enabled.
If its a Third party API on a Third party web server, I think there is not much you can do apart from writing and requesting to them to enable IPV6.
If its your own Web server, you can ask your hosting provider for an IPv6 address and check if they can provide you with IPv6 connectivity.
I am going to use Secure Gateway service in Bluemix and I have some questions about how I should make it work.
Systems in my data center's intranet access the Internet through a proxy (with no authentication). Can Secure Gateway connect to Bluemix via a proxy?
Does it connect to Bluemix via HTTPS protocol?
The network admins asked me: What are the IPs (or the IP range) of Bluemix, any idea?
Thank you very much.
A Secure Gateway instance runs in two parts, as shown in "Reaching enterprise backend with Bluemix Secure Gateway via console": the gateway and the gateway client. The gateway runs in Bluemix, the gateway client runs in the data center containing one or more systems of record to connect to. The gateway client needs network access to the Bluemix data center (typically via the Internet) and to the systems of record (via the data center's internal network). The gateway client initiates the connection, so it needs to know Bluemix's address, but Bluemix doesn't need to know the gateway client's address.
To answer your questions specifically:
A proxy isn't supported. The gateway and its client need direct access to each other.
The connection uses HTTPS for SSL encryption. The transport level security (TLS) options can be used to add authentication.
Bluemix's IP addresses aren't published.
For point 3:
The client connects outbound to the cloud services. Once the SecGW is connected, all additional Destination connects flow through that connection, no additional firewall or iptables rules are needed. If they have a rule in-place so that the on-premises machine where the SecureGateway client is installed can use the outbound port 443 (HTTPS) to make connections, that is all they need.
Does the Datapower Secure Connection in Bluemix require the Datapower to be internet facing ?
If Bluemix starts the connection, the answer is maybe yes.
But as the Basic Secure Connection (Software), if that one initiates the connection, the server running the Basic Secure Connection only needs to have internet access (behind a firewall/gateway/etc...), but doesn't need to be internet facing : IP# on internet.
I have set up a Bluemix DataPower Secure Connection (in the Bluemix Cloud Integration Service) towards my on-premise DataPower appliance. The DataPower Secure Connection are pointing to an Internet IP, and my on-premise firewall maps this to the DataPower appliances "DMZ" ethernet interface.
On the DataPower appliance, the Cloud Gateway Service is configured to receive connections from the Bluemix DataPower Secure Connections. This seems to work well for endpoints I have added to the Cloud Gateway Service. Right now I am working on adding (1-way and 2-way) TLS in the Bluemix DataPower Secure Connection.
To my knowledge the DataPower connector and the Basic Secure connector must be able to connect to your DataPower. This is usually initiated by the on-premises side, either your DataPower or the Basic Connector client running on-premises.
Also, DataPower v7.2 now supports Secure Gateway connectivity which is the preferred way to securely connect your cloud applications to your on-premises DataPower resources. The UI for DataPower has been updated to provide the ability to configure for these connections.
There is a conferencing application that I want to build on top of cloud foundry. Does cloud foundry support SIP and RTP protocols?
Inbound Cloud Foundry only supports HTTP and HTTPS through the router component, routing traffic on any other port to an application would not work.