DNS Address Change for web2.login.cornell.edu, Please Check Firewall Settings and Applications
At 7:00am Sunday, July 16, 2017, the DNS web2.login.cornell.edu will be repointed from its current address (22.214.171.124) in the central server farm to a static IP hosted with Amazon Web Services (AWS) (126.96.36.199). It is possible that some installations may have firewall rules that prevent CUWebAuth from contacting web2 at the new location. In the event that this comes up, there will not be any user impact (because CUWebAuth will still be able to contact the other weblogin servers, web1,3,4), and CIT Identity Management engineers can work with site admins to correct it after the move.
Additionally, please check any local firewall rules for static entries pointing to the old server.
As part of its high-availability (HA) mechanism, each CUWebAuth installation periodically checks in with each of the weblogin servers in order to determine whether any of them are offline. If a weblogin server appears to be offline, CUWebAuth will stop redirecting users to that server to log in until it comes back online.
In order for this HA mechanism to work, CUWebAuth on your web server must be able to contact each weblogin server over https (tcp 443). If firewall rules don't permit this contact to the new AWS IP, then CUWebAuth will think that web2 is offline and will stop sending users there.
This would not have any impact on users (they will just log in at web1, web3 or web4 instead), but it would mean that the site does not have the best HA. Identity Management will be checking our logs after the move to find any situations like this, and will contact individual service administrators about any problems.
If you have any questions or concerns, please contact firstname.lastname@example.org