Eikon Networking Guide v2.11

(1)

NETWORKING GUIDE

THOMSON REUTERS EIKON

NETWORKING GUIDE

(2)

REVISION HISTORY

DATE VERSION REVISION DETAILS

14 Jun 2010 1.0 First Release version

6 Feb 2011 2.0 - Update and reformat document

- Add Proxy and Firewall Policy - Update DNS table

7 Feb 2011 2.01 - Add Verisign and GeoTrust in Content Filtering Policy 23 Feb 2011 2.02 -Add Reuters Insider information

-Add Certificate Management

-Add Certificate Revocation concept in Appendix -Add Private Network Routing table

-Add TCP/IP port 10240 for CFI -Update DNS table

-Remove List of Thomson Reuters Eikon Host from Appendix 2 Mar 2011 2.03 -Add IP address divulge policy in DNS section

-Correct DNS host name for Reuters Insider -Correct TCP/IP port for CFI

21Apr 2011 2.04 -Add ia.thomsonreuters.com Domain

-Add eikontest.thomsonreuters.com for System Test -Add Appendix E WinHTTP Proxy configuration -Add WPAD issue on Thomson Reuters Hosted

-Correct information on Certificate Revocation through WinHTTP -Add Certificate Revocation list validation and WinHTTP

24 May 2011 2.05 -Add graphics.thomsonreuters.com for System Test -Add training.thomsonreuters.com for Knowledge network -Add saleforce.com and force.com for Knowledge Network -Add section 3.3 DACS Daemon services for RTIC connection -Add more information on service on Content filtering

14 July 2011 2.06 -Add customers.reuters.com not available on Savvis network -Correct on Certificate management typo mistake

-Update BT routing table for Thomson Reuters Eikon and Thomson Reuters Eikon Wealth Management

- Add Section Thomson Reuters Hosted Private deployment

- Update DNS table for Eikon for Wealth Management due to the streaming service change in August 2011

29 Sep 2011 2.07 -Update Savvis Private Network information

-Add a new chapter, Thomson Reuters Eikon for Wealth Management -Change thomsonreuters.com DNS suffix to Internet

-Add DNS table for Savvis

-Change pdf.reuters.com domain to reuters.com domain as news content have multiple link e.g. pdf.reuters.com, link.reuters.com, r.reuters.com,

blogs.reuters.com, www.reuters.com, etc.

- Add Section 1.3Thomson Reuters Hosted Internet and Customer Managed -Add Jre.exe to Personal Firewall table in order to fix an issue on Aviva program 4 Nov 2011 2.08 -Provide some news URL instead of reuters.com

-Correct Thomson Reuters Eikon for Wealth Management DNS table -Update Appendix A

(3)

Hihifrds.com loanpricing.com pointcarbon.com* ReutersRealEstate.com Streetsight.thomson.com tiles.virtualearth.net

- Add Troubleshooting section in Appendix D - Combine Appendix E as a section in Appendix D -Update Certificate Revocation section

- Move duplicate content to Chapter 5 and 6 - Add Internet Options in Chapter 5

- Remove Section 1.3

24 Feb 2012 2.10 - Add Eikon for Compliance Management content filtering policy in Chapter 5 - Add DNS rule for Thomson Reuters Hosted Private

- Add Autex, breakingviews in Internet Service - Remove DNS Round Robin for TSP and SPX - Correct PAZW to PAWZ

27 Mar 2012 2.11 -Add new 75.124.118.0/24 for Thomson Reuters Platform -Add public.login.cp.thomsonreuters.net

(4)

CONTENT

About this document ... 6

Intended readership ... 6

In this guide ... 6

Glossary ... 7

1. Thomson Reuters Hosted Deployment ... 8

1.1 Thomson Reuters Hosted Internet ... 8

1.2 Thomson Reuters Hosted Private Network ... 10

2. Thomson Reuters Managed Deployment ... 13

2.1 BT infrastructure ... 15

2.2 SAVVIS infrastructure ... 16

3. Customer Managed Deployment ... 18

3.1 BT infrastructure ... 20

3.2 SAVVIS infrastructure ... 22

3.3 DACS Daemon service for RTIC Connection ... 23

4. Thomson Reuters Eikon for Wealth Management ... 24

4.1 Thomson Reuters Eikon for Wealth Management Internet... 24

4.2 Thomson Reuters Eikon for Wealth Management Private Network ... 25

4.3 Proxy and Firewall Policy ... 28

5. Internet Service for Thomson Reuters Eikon ... 30

5.1 Internet Service DNS ... 30

5.2 FIREWALL Policy ... 31

5.3 Web Proxy Auto-Discovery Protocol (WPAD) ... 33

5.4 Reuters Insider ... 33

5.5 Thomson Reuters Eikon for Compliance Management ... 33

5.6 Internet Options Setting ... 34

6 Thomson Reuters Eikon Certificate Management ... 37

6.1 Thomson Reuters Eikon Certificates authorities ... 37

6.2 Thomson Reuters Eikon for Wealth Management Certificates authorities ... 38

6.3 Testing Trusted Root Certificate ... 38

Appendix A: List Of device TCP/IP Information ... 39

Time Series Proxy TCP/IP Port ... 39

(5)

Reuters Insider Firewall Port allowed ... 40

BT Routing for Thomson Reuters Managed Device ... 40

Savvis Network Information for Thomson Reuters Managed Device ... 40

Appendix B: List of switch allocation on BT Switch (VLAN) ... 42

Appendix C: Local DNS configuration to support network failover (Private Delivery to internet)* ... 43

(6)

ABOUT THIS DOCUMENT

INTENDED READERSHIP

This document is intended for Thomson Reuters support personals; Field Engineers, Planning Engineers, Client Implementation Specialists, Technical Deployment Specialist, Technical Account Managers and Client Network engineers.

It can also be useful for Thomson Reuters Eikon customer’s IT or Networking personnel to plan Thomson Reuters Eikon deployment.

IN THIS GUIDE

This guide provides an overview of the network set up requirement for Thomson Reuters Eikon, delivered globally using Thomson Reuters Platform that covers TCP/IP Standard ports, Network routing and DNS. The chapter is based on Customer Delivery mode. You can implement it following the deployment on site. Thomson Reuters Eikon requires some services that are available on Internet only. It is recommended that clients have Internet connection in order to get all services which are listed in Chapter 5.

(7)

GLOSSARY

Abbreviations and acronyms are listed here:

Abbreviation/Term Definition

BT British Telecom

CAS Central Authentication Service

CFI Contributor Frontend IP – also known as the Open Contributor

Front End

CRL Certificate Revocation List

DNS Domain Name Server

DTS Direct Technical Specialist, providing pre-sales support and service management for all Direct customers.

ePO McAfee Anti-Virus ePolicy Orchestrator

FTA File Transfer Application

GMI Global Management Infrastructure

HMDS Hosted Market Data System

HTTP Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure

NGTX Next Generation Transactions

IP Internet Protocol

ISP Internet Service Provider

OCSP Online Certificate Status Protocol

PAZW Performance Analysis Web Zone

PKI Public key Infrastructure

RSS Reuters Site Server

RTMP Real Time Messaging Protocol

RWS Reuters Workstation Server

SIG Secure Internet Gateway

SMF Server Management Foundation

SNMP Simple Network Management Protocol

SSH Secure Shell

TAM Technical Account Manager

TCP Transmission Control Protocol

TPM Tivoli Provisioning Manager

UDP User Datagram Protocol

WinHTTP Microsoft Windows HTTP Services

(8)

1. THOMSON REUTERS HOSTED DEPLOYMENT

1.1 THOMSON REUTERS HOSTED INTERNET

TCP/IP Standard Port for Thomson Reuters Hosted Internet

Product Profile Protocol Port Numbers

Workstation  Thomson Reuters Thomson Reuters Servers Use Thomson Reuters Hosted TCP 1024+  80 1024+  80 1024+  443 1024+  443 Thomson Reuters Platform Administration Service Views Service Streaming Service Search &Navigation Service

Time Series Service Messaging Service Trading Service Update Service Reuters Insider TCP/UDP 1024+  53 1024+  53 DNS server DNS server

(no Internet Proxy)

DNS Server for Thomson Reuters Eikon Hosted Internet

All Thomson Reuters Hosted deployment servers are able to resolve IP address through local Internet Service Provider (ISP) DNS. The following domains must be selected forwarding

DNS DNS Server Thomson Reuters Service

thomsonreuters.com Internet ISP Thomson Reuters Eikon

cp.thomsonreuters.net Internet ISP Thomson Reuters Eikon

reuters.com Internet ISP Customer Zone and URL links in some

news content, Trading Services, SDN, etc

trading.thomsonreuters.net Internet ISP Trading Service, System Test

Additional Internet domains/services are listed in Chapter 5.

Please be aware that Thomson Reuters will not divulge IP address information in any

circumstances. Doing so prevent us from changing IP addresses as and when needed without notification period and these IP addresses may not always be under our direct control. Clients should always use DNS.

Proxy Server: If clients implement an Internet proxy server on site, it is necessary that the proxy be able to solve the following domain correctly. Internet Explorer object will forward all request to the proxy server without resolving the domain name service.

Proxy and Firewall Policy

See information in Chapter 5.

(9)

Authentication Proxy

Thomson Reuters Eikon has been qualified with the following authenticated proxies:

PROXY AUTHENTICATION METHOD

Apache Basic

Apache DIGEST

Squid Basic

Squid DIGEST

MS ISA NTLM

It is advisable to allow Reuters Insider URL to bypass NTLM authentication in Proxy, as we have experienced authentication timeouts with Flash-based applications with a number of clients when NTLM authentication is enabled.

Web Proxy Auto-Discovery Protocol (WPAD)

Thomson Reuters Eikon does not support the Web Proxy Auto-Discovery Protocol (WPAD). The Update Agent cannot connect to the dedicated proxy server indicated in the WPAD file; as a consequence, users are not able to install Thomson Reuters Eikon or upgrade to the latest Service Releases or Hotfixes. The issue is under investigation by our development teams.

EXE Download Policy

Thomson Reuters Eikon installation package is an EXE Wrapper file (MSI/MSP file wrap inside EXE file). These files are virus checked and signed by Thomson Reuters before they are published on Thomson Reuters Update Service. Your site (workstation) firewall must be set-up to allow the download of these packages. Thomson Reuters is using this file format to guarantee best compression rates for the downloaded packages.

Firewall has to ALLOW the following servers to download EXE file through http protocol:

DOMAIN DOWNLOAD

customers.thomsonreuters.com For installation bootstrap, system Test standalone over Internet

*.download.cp.thomsonreuters.net For Thomson Reuters Eikon packages on Update Service

(10)

Internet Service for Thomson Reuters Eikon

See information on Chapter 5

Certificate Revocation List Validation

See the information on Chapter 6

1.2 THOMSON REUTERS HOSTED PRIVATE NETWORK

BT Service Package

The following Service Packages are mandatory:

 Thomson Reuters Platform with Real Time 2.0

 Messaging Service Package

 NGTX service Package

 Contribution Service package (Optional for Contribution)

TCP/IP Standard Port for Thomson Reuters Hosted Private

Product Profile Protocol Port Numbers Workstation  Thomson Reuters Thomson Reuters Servers Use Thomson Reuters Hosted Private Deliver over Private Network TCP 1024+  80 1024+  80 1024+  443 1024+  443 Thomson Reuters Platform Administration Service Views Service Streaming Service Search &Navigation Service

Time Series Service Messaging Service Trading Service Update Service

1024+  10240 1024+  10240

CFI server Contribution Service on

CFI server through InsertLink,

TCP/UDP 1024+  53 1024+  53

DNS server DNS

Reuters Insider is not available on this delivery mode.

DNS

See DNS suffices in Chapter 3.

The DNS server configuration are as following:

CLIENT CONFIGURATION DNS COMMENT

(11)

only (No Client Site DNS) SERVFAIL answer from BT DNS for invalid domains. Client site DNS using

selective forwarding or conditional forwarding

EDNS BT DNS response time will be slower unless record is already in cache

Client site DNS using zone delegation

EDNS

The EDNS and BT DNS are shown as in the table:

EDNS DNS IP Address BT Extranet DNS FQDN

London 155.195.64.4 edns02.uk.extranet.reuters.biz

New York 155.195.84.4 edns02.us.extranet.reuters.biz

Singapore 155.195.76.4 edns02.sg.extranet.reuters.biz

BT DNS IP Address BT DNS FQDN

London 155.195.48.4 londnsaa001.a.radianz.net

New York 155.195.48.36 hpggnsba001a.radianz.net

Singapore 155.195.48.68 sinsnsba001a.radianz.net

BT Private Network Routing

The client can set up as either:

 Set up BT Router as a default gateway or

 Set up the following routing to BT router

IP Subnet Description / Used for EIKON

65.63.72.0 /22 and 75.124.118.0/24 65.62.0.0/15 and 75.124.118.0/24 or - 65.62.64.0/22 - 65.62.68.0/22 - 65.63.72.0/22 -75.124.118.0/24

Thomson Reuters Eikon

Uses this range if installing both Thomson Reuters Eikon and Thomson Reuters Eikon for Wealth Manager on site.

67.56.184.0/21 _{Messaging Service over Private Network – this is a mandatory}

component but the default is source from Internet

155.195.48.0/22 BT DNS

155.195.64.0/18 Customer Zone, Contribution (Insert Link)

204.109.128.0/17

or 204.109.109.224.0/21

(12)

Internet Service for Thomson Reuters Eikon

Certificate Revocation List Validation

(13)

2. THOMSON REUTERS MANAGED DEPLOYMENT

TCP/IP Standard Port for Thomson Reuters Managed

Product Profile Protocol Port Numbers Workstation  Thomson Reuters Thomson Reuters Servers Use Thomson Reuters Managed Profile Deliver over Private Network

TCP 1024+  14002

1024+  14002 1024+  80 1024+  80

Streaming Proxy Streaming Service

Update Service 1024+  80 1024+  80 1024+  443 1024+  443 Thomson Reuters Platform Administration Service Views Service Search &Navigation Service

Time Series Service Messaging Service Trading Service 1024+  80 1024+  80 1024+  8082* 1024+  8082*

Time Series Proxy Time Series Service

*port 8082 is for maintenance services. 1024+  10240

1024+  10240

CFI server through InsertLink, Eikon Excel TCP/UDP 1024+  53

1024+  53

DNS server DNS

Thomson Reuters Eikon Multimedia Service (Reuters Insider) is delivered over the Internet. Each desktop will need to have access to make HTTP and HTTPS connections. Furthermore, video is streamed using Adobe Flash RTMP protocol tunnelled through HTTP so no further ports are required other normal HTTP:80 and HTTPS: 443.

DNS

The following domains must be selected forwarding or delegating toward authorities DNS server.

DNS Authoritative

DNS Server

Thomson Reuters Service

thomsonreuters.com Internet Thomson Reuters Eikon , Collaboration,

Customer Zone over Internet

extranet.thomsonreuters.biz Extranet DNS Thomson Reuters Eikon,

Customer Zone, Collaboration

cp.thomsonreuters.net Extranet DNS Thomson Reuters Eikon and Thomson

Reuters Eikon for Wealth Management

public.login.cp.thomsonreuters.net Internet Thomson Reuters Eikon

customers.reuters.com Extranet DNS/ Internet Customer Zone trading.thomsonreuters.net Extranet DNS / Internet** Trading Service fitrading.reuters.com Extranet DNS / Internet** Trading Service fxtrading.reuters.com Extranet DNS / Internet** Trading Service rtextrading.reuters.com Extranet DNS / Internet** Trading Service

(14)

* *These domains require NGTX Service package. If you have the NGTX Service package, the DNS MUST forward to the Extranet DNS rather than Internet DNS.

Additional Internet domains/services are listed in Chapter 5. It is recommended that client has Internet connection for Thomson Reuters Eikon in order to get full services.

DNS resource name lookup

You need to add a host record entry for Thomson Reuters Platform services into your local DNS servers with your local server IP address. The entry should be put in the same DNS suffixes that set up on the Advanced TCP/IP settings on the workstation.

Servers DNS entry

Streaming Proxy tr-streaming-proxy

TimeSeries Proxy tr-timeseries-proxy

E.g. If the first DNS Suffix Search List of the client workstation is “xxx.company.com”, you have to add the “tr-timeseries-proxy” host record entry added to the xxx.company.com domain. Thus the workstation is able to resolve IP address of the local Streaming Proxy by lookup “tr-streaming-proxy” upon Thomson Reuters Eikon application start-up.

However, this new DNS entry name can be changed in the Thomson Reuters User Profile in Administration Service to reflect the new DNS hostname. Please contact your TAM or DTS and make a request.

FIREWALL Policy

Internet Service for Thomson Reuters Eikon

Certificate Revocation List Validation

EXE Download Policy

(15)

customers.extranet.thomsonreuters.biz For installation bootstrap, system Test standalone over Private Network

tr-streaming-proxy For Thomson Reuters Eikon packages on

Streaming Proxy

2.1 BT INFRASTRUCTURE

 Thomson Reuters Platform Service Package version 2.0 is a mandatory for all sites

 Messaging Service Package is needed unless you set up Collaboration Service over Internet  Contribution Service Package is needed for InsertLink

 NGTX Service Package is needed unless you set up Trading Service over Internet

The recommended Extranet DNS server configurations are as following:

Client workstation resolver only (No Client Site DNS)

BT DNS Clients use local resolver fall-through. This relies on SERVFAIL answer from BT DNS for invalid domains. Client site DNS using selective

forwarding or conditional forwarding

EDNS

(16)

The recommended DNS search ordering is based on the client location as following:

REGION FIRST DNS SERVER SECOND DNS SERVER THIRD DNS SERVER

EMEA London New York Singapore

AMERICA New York London Singapore

ASIA Singapore New York London

BT Private Network Routing

65.63.72.0/22 and 75.124.118.0/24 65.62.0.0/15 and 75.124.118.0/24 or - 65.62.64.0/22 - 65.62.68.0/22 - 65.63.72.0/22 -75.124.118.0/24

67.56.184.0/21

*Messaging Service over Private Network – this is a mandatory component but the default is source from Internet

155.195.48.0/22 BT DNS – Optional

155.195.64.0/18 DNS Service –on EDNS, Customer Zone, **Contribution (Insert

Link) 204.109.128.0/17

or 204.109.109.224.0/21

***Trading Service over Private Network

Note:

* Messaging Service Package is needed

**Contribution Service package is needed ***NGTX service Package is needed

2.2 SAVVIS INFRASTRUCTURE

Note: The following services are not available on SAVVIS Private Network. Customers have to set up on Internet only:

 Messaging Service Package

(17)

 Customers Zone for customers.reuters.com

DNS Server

EDNS Savvis Extranet DNS

IP Address

Savvis Extranet DNS FQDN

Nutley 192.155.142.4 edns03.us.extranet.reuters.biz

Hazelwood 192.155.141.196 edns04.us.extranet.reuters.biz

DNS

DNS Authoritative DNS

Server

cp.thomsonreuters.net Extranet DNS Thomson Reuters Eikon

customers.reuters.com Internet Customer Zone

trading.thomsonreuters.net Internet Trading Service

fitrading.reuters.com Internet Trading Service

fxtrading.reuters.com Internet Trading Service

rtextrading.reuters.com Internet Trading Service

Savvis Private Network Routing

192.155.137.0/25 192.155.138.0/25

159.220.80.0/27 Customer Zone on Extranet

(customers.extranet.thomsonreuters.biz) 192.155.142.0/28

192.155.141.192/28

(18)

3. CUSTOMER MANAGED DEPLOYMENT

TCP/IP Standard Port for Customer Managed

Protocol Port Numbers Workstation  Thomson Reuters Thomson Reuters Servers Use Customer Managed Profile

Deliver over Private Network TCP 1024+  14002 1024+  14002 1024+  8101 1024+  8101 1024+  8261 1024+  8261 RMDS 6, ADS RMDS 5, RMDS 6, ADS RMDS 5, RMDS 6 , ADS

Realtime Data Service (RSSL)

Realtime Data Service (SSL) Permission Proxy 1024+  80 1024+  80 1024+  443 1024+  443 Thomson Reuters Platform Administration Service Views Service Search &Navigation Service TimeSeries Service Messaging Service Trading Service Update Service 1024+  80 1024+  80 1024+  8082* 1024+  8082*

Time Series Proxy TimeSeries Service

*port 8082 is for maintenance services. 1024+  2400

1024+  2400

DBU (Optional) TimeSeries Data for 3rd party feed

1024+  8302 1024+  8302

DACS server Permission Service

DACS Daemon 1024+  80

1024+  80 1024+  443 1024+  443

Update Proxy Update Service

1024+  10240 1024+  10240

CFI server through InsertLink, Eikon Excel TCP/UDP 1024+  53 1024+  53 DNS server DNS Update Proxy TCP 1024+  80 1024+  80 1024+  443 1024+  443 Thomson Reuters Platform Update Service

(19)

DNS

DNS Authoritative

DNS Server

thomsonreuters.com Internet Thomson Reuters Eikon, Collaboration,

Reuters Insider over Internet

extranet.thomsonreuters.biz Extranet DNS Thomson Reuters Eikon, Thomson Reuters

Eikon for Wealth Management Customer Zone, Collaboration

cp.thomsonreuters.net Extranet DNS Thomson Reuters Eikon and Thomson

Reuters Eikon for Wealth Management

public.login.cp.thomsonreuters.net Internet Thomson Reuters Eikon

customers.reuters.com Extranet DNS/ Internet Customer Zone trading.thomsonreuters.net Extranet DNS / Internet** Trading Service fitrading.reuters.com Extranet DNS / Internet** Trading Service fxtrading.reuters.com Extranet DNS / Internet** Trading Service rtextrading.reuters.com Extranet DNS / Internet** Trading Service

** These domains require NGTX Service package. If you have the NGTX Service package, the DNS MUST forward to the Extranet DNS rather than Internet DNS.

DNS resource name lookup

You need to add a host record entry for Thomson Reuters Platform services into your local DNS servers with your local server IP address. The entry should be put in the same DNS suffixes that set up on the Advanced TCP/IP settings on the workstation.

Deployed Services DNS entry

TimeSeries Proxy tr-timeseries-proxy

Update Proxy tr-update-proxy

Configuration Proxy tr-config-proxy

E.g. If the default lookup domain of the client workstation is “xxx.company.com” where “xxx” is the host being resolved then you need the “tr-timeseries-proxy” host record entry added to the company.com domain.

However, this new DNS entry name can be changed in the Thomson Reuters User Profile in Administration Service to reflect the new DNS hostname. Please contact your TAM or DTS and make a request.

(20)

FIREWALL Policy

Internet Service for Thomson Reuters Eikon

Certificate Revocation List Validation

EXE Download Policy

Firewall has to ALLOW the following servers to download EXE file through http protocol:

customers.extranet.thomsonreuters.biz For installation bootstrap, system Test standalone over Private Network

<Update Proxy> For Thomson Reuters Eikon package on

Customer Managed

1

3.1 BT INFRASTRUCTURE

 Thomson Reuters Platform Service Package version 2.0 is a mandatory for all sites

 Messaging Service Package is needed unless you set up Collaboration Service over Internet  Contribution Service Package is needed for Contribution product e.g. InsertLink

 NGTX Service Package is needed unless you set up Trading Service over Internet

The recommended Extranet DNS server configurations are as following:

(21)

CLIENT CONFIGURATION DNS COMMENT Client workstation resolver only

(No Client Site DNS)

BT DNS Clients use local resolver fall-through. This relies on SERVFAIL answer from BT DNS for invalid domains. Client site DNS using selective

EDNS

BT Private Network Routing

(22)

65.62.0.0/15 and 75.124.118.0/24 or - 65.62.64.0/22 - 65.62.68.0/22 - 65.63.72.0/22 -75.124.118.0/24

67.56.184.0/21

*Messaging Service over Private Network – this is a mandatory component but the default is source from Internet

155.195.48.0/22 BT DNS – Optional

155.195.64.0/18 DNS Service –on EDNS, Customer Zone, **Contribution (Insert

Link) 204.109.128.0/17

or 204.109.109.224.0/21

***Trading Service over Private Network

Note:

* Messaging Service Package is needed

**Contribution Service package is needed

***NGTX service Package is needed

3.2 SAVVIS INFRASTRUCTURE

Note: The following services are not available on SAVVIS Private Network. Customers have to set up on Internet only:

 Messaging Service Package (collaboration)

 NGTX Service Package

 Customers Zone for customers.reuters.com

DNS Server

EDNS Savvis Extranet DNS

IP Address

Savvis Extranet DNS FQDN

Nutley 192.155.142.4 edns03.us.extranet.reuters.biz

Hazelwood 192.155.141.196 edns04.us.extranet.reuters.biz

DNS

DNS Authoritative DNS

Server

cp.thomsonreuters.net Extranet DNS Thomson Reuters Eikon

(23)

trading.thomsonreuters.net Internet Trading Service

fitrading.reuters.com Internet Trading Service

fxtrading.reuters.com Internet Trading Service

rtextrading.reuters.com Internet Trading Service

Savvis Private Network Routing

192.155.137.0/25 192.155.138.0/25

159.220.80.0/27 Customer Zone on Extranet

(customers.extranet.thomsonreuters.biz) 192.155.142.0/28

192.155.141.192/28

DNS service

3.3 DACS DAEMON SERVICE FOR RTIC CONNECTION

Ensure that the personal firewall does not block those services on the client machine. And the following services are valid in the file C:\Windows\System32\etc\services

dacs_lib 8211/tcp #dacs_snkd.exe dacs_perm 8250/tcp #dacs_snkd.exe

(24)

4. THOMSON REUTERS EIKON FOR WEALTH MANAGEMENT

4.1 THOMSON REUTERS EIKON FOR WEALTH MANAGEMENT INTERNET

TCP/IP Standard Port for Thomson Reuters Eikon Wealth Management Internet

Product Profile Protocol Port Numbers

Workstation  Thomson Reuters Thomson Reuters Servers Use Thomson Reuters Eikon for Wealth Management Internet TCP 1024+  80 1024+  80 1024+  443 1024+  443 Thomson Reuters Platform Administration Service Views Service News Service Streaming Service Search &Navigation Service

Time Series Service Update Service

Reuters Insider

DNS Server

All Thomson Reuters Hosted deployment servers are able to resolve IP address through local Internet Service Provider (ISP) DNS. The following domains must be selected forwarding

DNS Authorized DNS

Server

thomsonreuters.com Internet Thomson Reuters Eikon for Wealth

Management, Reuters Insider, Customer Zone

cp.thomsonreuters.net Internet Thomson Reuters Eikon for Wealth

Management

reuters.com Internet Customer Zone and some URL link in

some news content, e.g. pdf.reuters.com, link.reuters.com, www.reuters.com

force.com Internet Migration tools (Knowledge Network)

reutersinsider.com Internet Reuters Insider

saleforces.com Internet Migration tools (Knowledge Network)

sdn.reuters.com Internet Securitised Derivative Network

Thomson.112.2o7.net Internet Insider

training.thomsonreuters.com trainingportal.us

Internet Thomson Reuters E-Learning

webex.com Internet Remote Support

(25)

4.2 THOMSON REUTERS EIKON FOR WEALTH MANAGEMENT PRIVATE NETWORK

It is strongly recommended that client have both Private network and Internet connection

BT Service Package

The following BT Service Packages are needed:

 Thomson Reuters Platform with Real Time 2.0

TCP/IP Standard Port for Thomson Reuters Hosted Private

Product Profile Protocol Port Numbers Workstation  Thomson Reuters Thomson Reuters Servers Use Thomson Reuters Eikon for Wealth Management Private Network Deliver over Private Network TCP 1024+  80 1024+  80 1024+  443 1024+  443 Thomson Reuters Platform Administration Service Views Service News Service Streaming Service Search &Navigation Service

Time Series Service Update Service

Customer Zone TCP/UDP 1024+  53

1024+  53

DNS server DNS

Reuters Insider requires Internet connection.

DNS Server

All Thomson Reuters Hosted deployment servers are able to resolve IP address through BT DNS and local Internet Service Provider (ISP) DNS. The following domains must be selected forwarding

DNS Authorized DNS

Server

cp.thomsonreuters.net Extranet Thomson Reuters Eikon for Wealth

Manager

extranet.thomsonreuters.biz Extranet Thomson Reuters Eikon for Wealth

Manager, Customer Zone

thomsonreuters.com Internet Customer Zone, Reuters Insider

customers.reuters.com Internet/ Extranet Customer Zone

force.com Internet Migration tools (Knowledge

Network) geotrust.com

verisign.com

Internet Certificate Validation

reutersinsider.com Internet Reuters Insider

reuters.com Internet URL link in some news content,

e.g. pdf.reuters.com, blogs.reutes.com,

www.reuters.com

salesforce.com Internet Migration tools

(26)

thomson.112.2o7.net Internet Reuters Insider

trainingportal.us Internet Thomson Reuters E-Learning

webex.com Internet Remote Support

webtrendslive.com Internet Migration tools

Note*: NGTX service package is required

Uses BT DNS as shown in the table:

BT Private Network Routing

The client can set up as either:

 Set up BT Router as a default gateway or

 Set up the following routing to BT router

Client workstation resolver only (No Client Site DNS)

BT DNS Clients use local resolver fall-through. This relies on SERVFAIL answer from BT DNS for invalid domains. Clients with dedicated Extranet workstations can use the EDNS to take advantage of faster response Client site DNS using selective

(27)

BT Private Network Routing

65.62.0.0/15 or

- 65.62.64.0/22 - 65.62.68.0/22 - 65.63.72.0/22

Thomson Reuters Eikon for Wealth Management

155.195.48.0/22 BT DNS – Optional

155.195.64.0/18 DNS Service –on EDNS, Customer Zone

Note:

*NGTX service Package is needed

Thomson Reuters Eikon for Wealth Management Internet and Thomson Reuters Eikon

Customer Managed on Private Network

The Administration service over Private Network is able to authenticate the Internet Services. If clients have Thomson Reuters Eikon for Wealth Management over Internet and Thomson Reuters Eikon over Private network on the same site, set up the additional DNS on DNS server:

download.cp.thomsonreuters.net Internet ISP/ Extranet DNS*

(28)

cp.thomsonreuters.net Extranet DNS Administration Service

extranet.thomsonreuters.biz Extranet DNS Thomson Reuters Platform Service

* Thomson Reuters Eikon Excel for Wealth Management installation files, Hotfixes, Add-ons are

downloaded from the domain download.cp.thomsonreuters.net. Clients are able to download packages from either Internet or Private network.

4.3 PROXY AND FIREWALL POLICY

Authentication Proxy

Thomson Reuters Eikon for Wealth Management does not support Authentication Proxy. Streaming Services is not able to be established streaming service through HTTP authentication process. Reuters Insider always has slow response with Authentication Proxy.

Certificate Management

See Chapter 6

FIREWALL Policy

Thomson Reuters Eikon Excel is a part of Thomson Reuters Eikon for Wealth Management. See Section 5.2 for more information.

Content filtering Policy

DNS Suffixes Thomson Reuters Service

cp.thomsonreuters.net cp.thomsonreuters.com ia.thomsonreuters.com eikon.thomsonreuters.com eikon.extranet.thomsonreuters.biz cp.extranet.thomsonreuters.biz ia.extranet.thomsonreuters.biz

Thomson Reuters Eikon for Wealth Management customers.reuters.com customers.extranet.thomsonreuters.biz customers.thomsonreuters.com Customer Zone eikontest.thomsonreuters.com graphics.thomsonreuters.com

Thomson Reuters Eikon Excel System Test

reuters.com breakingviews.com

URL link in some news content e.g. pdf.reuters.com, www.reuters.com, blogs.reuters.com, www.breakingviews.com

sdn.reuters.com Securitized Derivatives Network

force.com salesforce.com webtrendslive.com

Migration tools (Knowledge network)

(29)

insider.thomsonreuters.com reutersinsider.com

thomson.112.2o7.net

(used for analytic and report of user interactions)

Reuters Insider

training.thomsonreuters.com trainingportal.us

Thomson Reuters E-learning

geotrust.com verisign.com

Certificate Validation

(30)

5. INTERNET SERVICE FOR THOMSON REUTERS EIKON

5.1 INTERNET SERVICE DNS

The following DNS Suffixes are able to be resolved on internet only. It is strongly recommended that clients have Internet Connection in order to get the services.

public.login.cp.thomsonreuter.net Internet ISP Thomson Reuters Administrative Services

blogs.reuters.com Internet ISP News URL link

breakingviews.com Internet ISP News URL link

link.reuters.com Internet ISP News URL link

pdf.reuters.com Internet ISP News URL link

r.reuters.com Internet ISP News URL link

today.reuters.com Internet ISP News URL link

topnews.reuters.com Internet ISP News URL link

uk.reuters.com Internet ISP News URL link

www.reuters.com Internet ISP News URL link

thomsonreuters.com Internet ISP Thomson Reuters web services

trainingportal.us Internet ISP Thomson Reuters E learning

training.thomsonreuters.com Internet ISP Thomson Reuters E learning

reutersinsider.com Internet ISP Reuters Insider

thomson.112.2o7.net Internet ISP Reuters Insider

force.com Internet ISP Thomson Reuters Eikon Migration Tools

salesforce.com Internet ISP Thomson Reuters Eikon Migration Tools

webtrendslive.com Internet ISP Thomson Reuters Eikon Migration Tools

webex.com Internet ISP Remote Support

emaxx.reuters.com Internet ISP Bond Holdings

sdn.reuters.com Internet ISP Securitized Derivatives Network

autex.com Internet ISP Autex

autexnow.com Internet ISP Autex

db.dealwatch.jp Internet ISP Deal watch

europrospectus.com Internet ISP Euro Prospectus

fixedincomelabs.com Internet ISP Fixed Income in Thomson Reuters Eikon

Hihifrds.com Internet ISP Treasury Community Tools

Intindex.com Internet ISP International Index Company

Lipperweb.com Internet ISP Lipper Market Insight

loanpricing.com Internet ISP Load Pricing

pointcarbon.com* Internet ISP Eikon Point Carbon C&E

ReutersRealEstate.com Internet ISP Thomson Reuters Real Estate

rts.scanrate.dk Internet ISP Danish MBS

Streetsight.thomson.com Internet ISP Street Sight

Stormpulse.com** Internet ISP Stormpulse Weather Service

tiles.virtualearth.net** Internet ISP Aerial and Satellite image for Interactive Map component

Tubemogul.com Internet ISP Stormpulse Weather Service

tradeweb.com Internet ISP Tradeweb

Geotrust.com Internet ISP Certificate Management

Verisign.com Internet ISP Certificate Management

Digicert.com Internet ISP Certificate Management

(31)

tta.thomson.com Internet ISP Thomson Reuters Transacation Analytics***

globalrelay.com Internet ISP Thomson Reuters Messaging

Compliance***

* Eikon Point Carbon will be integrated in Q1, 2012.

**Interactive Map component, a new object will be available early 2012 ***Thomson Reuters Eikon for Compliance Management services only

5.2 FIREWALL POLICY

If you use Thomson Reuters Messaging 8.x and Thomson Reuters Eikon on the same machine, see the Thomson Reuters Messaging 8 Firewall/IP Guide in

https://customers.reuters.com/a/support/paz/pazDocs.aspx?dId=389804

Content Filtering Policy

If you set up a policy for Content Filtering on the Internet Proxy or Firewall, the following DNS suffixes must be set to ALLOW for Thomson Reuters Eikon.

DNS Suffixes Thomson Reuters Service

thomsonreuters.com Thomson Reuters Web Services

thomsonreuters.net Thomson Reuters Web Services

reuters.com Thomson Reuters Web Services

autex.com Autex

autexnow.com Autex

breakingviews.com Breaking News

collab.thomsonreuters.com Collaboration Service

cp.thomsonreuters.com Thomson Reuters Eikon and

cp.thomsonreuters.net Thomson Reuters Eikon and

customers.reuters.com Customer Zone

customers.thomsonreuters.com Customer Zone

db.dealwatch.jp Internet ISP

digicert.com Certificate Revocation Validation

eikon.thomsonreuters.com Thomson Reuters Eikon and

Thomson Reuters Eikon Wealth management

eikontest.thomsonreuters.com System Test

europrospectus.com Internet ISP

fitrading.reuters.com Trading Service, System Test

fixedincomelabs.com Fixed Income tools

force.com Thomson Reuters Eikon Migration tools

(Knowledge network)

fxtrading.reuters.com Trading Service, System Test

geotrust.com GeoTrust Certificate Revocation Validation

graphics.thomsonreuters.com System Test

(32)

ia.thomsonreuters.com Thomson Reuters Eikon Wealth Management

insider.thomsonreuters.com Reuters Insider

Intindex.com International Index Company

Lipperweb.com Lipperweb

loanpricing.com Loan Pricing

pointcarbon.com Eikon Point Carbon

reutersinsider.com Reuters Insider

ReutersRealEstate.com Thomson Reuters Real Estate

rtextrading.reuters.com Trading Service, System Test

rts.scanrate.dk Internet ISP

salesforce.com Thomson Reuters Eikon Migration tools

(Knowledge network)

stormpulse.com Strom Pulse

streetsight.thomson.com Thomson Street sight

thomson.112.2o7.net Reuters Insider

(used for analytic and report of user interactions) tiles.virtualearth.net Aerial and Satellite image for Interactive Map

component

tradeweb.com Trade web

trading.thomsonreuters.net Trading Service, System Test

trainingportal.us Thomson Reuters E-learning

traininig.thomsonreuters.com Thomson Reuters E-learning

Tubemogul.com Internet ISP

verisign.com Verisign Certificate Revocation Validation

webex.com Remote Support

Note: Customers can use thomsonreuters.com and reuters.com instead of adding multiple entries from the table.

The multimedia news service, Reuters Insider, uses the Akamai Content Delivery Network (CDN), the 3rd party service provider, to cache and distribute dynamic and static content through thousands of Edge servers. Due to the dynamic nature of the Akamai CDN, the user is dynamically directed to the Akamai Edge servers that offer the best performance. Therefore please allow content for Content-Type

=”application/x-fcs” for Reuters Insider.

Personal Firewall

If you use a personal firewall, please ensure that the Firewall allows those processes:

PROCESS NAME SERVICES

Kobra.exe Thomson Reuters Eikon Desktop

Excel.exe Thomson Reuters Eikon Excel

Rdmc.exe System Test

(33)

Isdm.exe Thomson Reuters Update Services

Jre.exe Trading Services

Note: Kobra.exe and Jre.exe are not available on Thomson Reuters Eikon for Wealth Management

5.3 WEB PROXY AUTO-DISCOVERY PROTOCOL (WPAD)

Thomson Reuters Eikon does not support the Web Proxy Auto-Discovery Protocol (WPAD). The Update Agent cannot connect to the dedicated proxy server indicated in the WPAD file; as a consequence, users are not able to install Thomson Reuters Eikon or upgrade to the latest Service Releases or Hotfixes. The issue is under investigation by our development teams.

5.4 REUTERS INSIDER

Reuters Insider does not support delivery over Private Delivery connections because internet delivery offers greater scalability, is more cost effective for clients and it's not prudent for video streaming to share the same connection as time-critical data. Many proxy and enterprise network monitoring tools allow bandwidth management of video internet traffic and these can be used to control quality and quantity risks associated with the internet delivery method.

Reuters Insider uses the Akamai Content Delivery Network (CDN), the 3rd party service provider, to cache and distribute dynamic and static content through thousands of Edge servers. Due to the dynamic nature of the Akamai CDN, the user is dynamically directed to the Akamai Edge servers that offer the best

performance. Therefore please allow content for Content-Type =”application/x-fcs” for Reuters Insider.

NTLM Authentication

It is advisable to allow Reuters Insider to bypass NTLM authentication, as we have experienced

authentication timeouts with Flash-based applications with a number of clients when NTLM authentication is enabled. For additional information, visit

https://kb.bluecoat.com/index?page=content&id=KB3243&actp=LIST

Timeouts or Disconnections

If Reuters Insider video streams occasionally time out or disconnect and it does not appear to be an issue with your proxy, the problem might be caused by:

A default setting in Internet Explorer versions 6 or 7 that limits the user to two concurrent connections to a server. As Reuters Insider is a feature rich multimedia platform, it sometimes requires more than two concurrent connections. This is a known limitation of these versions of Internet Explorer; the Microsoft article at the following URL explains how to increase this value: http://support.microsoft.com/kb/282402.

5.5 THOMSON REUTERS EIKON FOR COMPLIANCE MANAGEMENT

Content Filtering

For Thomson Reuters Eikon for Compliance Management, it is necessary that client allow the additional DNS suffix from section 5.2

DNS SUFFIX SERVICES

(34)

tta.thomson.com Thomson Reuters Transaction Analytics compliance.collab.thomsonreuters.com Thomson Reuters Messenger Compliance –

Administration Portal

ecm-archiver.globalrelay.com Thomson Reuters Messenger Compliance – Global Relay Reviewer Portal

5.6 INTERNET OPTIONS SETTING

Advanced Option

 Enable Use HTTP1.1

 Enable Use HTTP 1.1 through proxy connections

(35)

Check Certificate Revocation

Web installation is will fail if certificate revocation check is turned on and Internet cannot be reached. Refer to the following table for recommended actions.

CLIENT SITE ADVISE

Client without Internet access and Thomson Reuters Hosted Private

Advise to disable the following IE options

 Check for publisher’s certificate revocation  Check for server certificate revocation

(36)

Note: the setting is per-user, unless locked by IT policies. Client with Internet access For security reason, client should enable those options.

(37)

6 THOMSON REUTERS EIKON CERTIFICATE MANAGEMENT

For security purposes, servers, Thomson Reuters Eikon package and Thomson Reuters Eikon Excel for Wealth Management package requires up to date certificates at installation, update and start-up. To ensure access to Thomson Reuters at all time, it is crucial that you validate the Certificate Management approach most appropriate to your network.

With the SSL certificate, it is required to validate the status of the certificates used when performing authentication, signing or encryption operations. Failures to validate the certificates prevent the product working. The validation can be either CRL or OCSP based on the client Operating System. See more information in Appendix D. It is necessary the certificates be validated through Internet or Internal

Certificate Infrastructure, Microsoft Online Responder, OCSP Proxy and etc., unless delegated to an internal certificate management system

You have to ensure that the certificate validation process can be updated from both

 *.geotrust.com

 *.verisign.com

Microsoft provides a number of white papers how to set trust relationship within a closed network. Starting point is here:

 Certificate Status and Revocation Checking (Windows XP):

http://social.technet.microsoft.com/wiki/contents/articles/certificate-status-and-revocation-checking.aspx

 How Certificate Revocation Work (Windows 7, Windows 2008) http://technet.microsoft.com/en-gb/library/ee619754(WS.10).aspx

 Windows root Certificate Program: http://support.microsoft.com/kb/931125

6.1 THOMSON REUTERS EIKON CERTIFICATES AUTHORITIES

Thomson Reuters Eikon uses root certificates are shown as

TRUSTED ROOT CERTIFICATE AUTHORITIES

INTERMEDIATE CERTIFICATE AUTHORITIES

Verisign Verisign: Class 3 Public Primary

Certificate Authority – G2

Verisign Class 3 Secure Server CA- G2

http://crl.verisign.com/SVRSecureG2.cer

Verisign Class 3 Public Primary Certificate Authority – G5

VeriSign Class 3 Secure Server CA-G3

Equifax* Equifax Secure Certificate Authority

GeoTrust GeoTrust Glocal CA GeoTrust SSL CA

Thawte Thawte Timestamping CA

DigiCert** DigiCert High Assurance EV Root

CA

DigiCert High Assurance CA-3 Note: *Equifax Secure Certificate Authority is replacing by GeoTrust Global CA

**DigiCert is used for Eikon Carbon Point which will be integrated in Eikon by Q1, 2012.

The Trusted root certificates that are required by Microsoft Windows is listed in KB 293781,

(38)

6.2 THOMSON REUTERS EIKON FOR WEALTH MANAGEMENT CERTIFICATES

AUTHORITIES

Thomson Reuters Eikon for Wealth Management uses root certificates as

TRUSTED ROOT CERTIFICATE AUTHORITIES

INTERMEDIATE CERTIFICATE AUTHORITIES

Verisign Verisign: Class 3 Public Primary

Certificate Authority – G2

Verisign Class 3 Secure Server CA- G2

Verisign Class 3 Public Primary Certificate Authority – G5

VeriSign Class 3 Secure Server CA-G3

Equifax* Equifax Secure Certificate Authority

GeoTrust GeoTrust Glocal CA GeoTrust SSL CA

Thawte Thawte Timestamping CA

Note: *Equifax Secure Certificate Authority is replacing by GeoTrust Global CA

The Trusted root certificates, required by Microsoft Windows, are listed in Microsoft KB 293781, http://support.microsoft.com/kb/293781 It is necessary that all of them are available on the machine.

6.3 TESTING TRUSTED ROOT CERTIFICATE

The Trusted Root can be tested from the following URL

TRUSTED ROOT CERTIFICATE TEST URL

Verisign: Class 3 Public Primary Certificate Authority – G2 https://ssltest24.bbtest.net

Verisign Class 3 Public Primary Certificate Authority – G5 https://ssltest2.bbtest.net Equifax Secure Certificate Authority https://ssltest11.bbtest.net

GeoTrust Glocal CA https://ssltest15.bbtest.net

(39)

APPENDIX A: LIST OF DEVICE TCP/IP INFORMATION

This Appendix shows all device information.

TIME SERIES PROXY TCP/IP PORT

Services Network Port Note

Management TCP/UDP: 8082, 8085

SSH: 22

SNMP 161/ UDP

Thomson Reuters Eikon HTTP

Time Series Service HTTP

STREAMING PROXY TCP/IP PORT

Network components Network components

connect to the ports on Streaming Proxy

Streaming Proxy

connects to the ports on the network components

Note

RSS Dynamic TCP: 2000, 8801

HMDS Dynamic TCP: 14002

RWS Dynamic TCP: 8101

Thomson Reuters Eikon TCP: 14002 Dynamic

Application Console TCP: 8603, 7011 TCP: 8603, 7011

SMF TCP: 8603, 7011 TCP: 8603, 7011

Update Proxy TCP: 80 TCP: 80

Dealing Key station TCP: 8101 Dynamics

GMI components Ports to be opened in

Streaming Proxy Ports to be opened in other devices Note SSH Traffic, 22, 9510, 9514, 9515 / TCP TPM Server

CAS Agent Manager Traffic

9511, 9512, 9513, 9080

/TCP TPM Server

CAS Agent Manager Traffic;

Inventory Collector Traffic

161 / UDP NetCool Server

SNMP Gets

SNMP Traps 162 / UDP NetCool Server

Precision / IP Traffic 3306, 4100, 7600, 32972 / TCP

3306, 4100, 7600, 32972 / TCP

NetCool Server

ICMP ICMP ICMP NetCool Server

SSH Traffic 22 / TCP NerCool Server

Probe Rule Traffic 80 / TCP NetCool Server

Syslog Message 514 / TCP, 514 / UDP NetCool Server

Data/File Retrieval from PAWZ Agent / PAWZ Agent Profile Update

1661 / TCP PAWZ Server

PAWZ Real Time Agent Data

2102 / TCP PAWZ Server

(40)

ePO 8902, 8903 / UDP 8900 / UDP ePO Server

Microsoft Ports to be opened in

Streaming Proxy

Ports to be opened in other devices

Note

Windows Server Activation 1688/ TCP KMS Server

REUTERS INSIDER FIREWALL PORT ALLOWED

 HTTP 80

 HTTPS 443

 One of these ports (80, 443, 1935) must be open for RTMP to live.flash.insider.thomsonreuters.com

BT ROUTING FOR THOMSON REUTERS MANAGED DEVICE

IP SUBNET DOMAIN/SYSTEM DESCRIPTION/USED FOR TR EIKON

65.62.0.0 / 15 Spring Servers (Ex Client WAN Range)

Super net (Aggregated Prefix)

Spring Server Ex Client WAN Range contains

- 65.62.64.0/22 Range1 - 65.62.68.0/22 Range 2 - 65.63.72.0/22 Range 3 67.56.0.0 / 15 Reuters servers range 03 Reuters server range 3

75.124.0.0 / 16 Reuters servers CAA15 Contain (Spring Servers (Ex Client WAN range 4,

75.96.96.0 / 20 Reuters servers CAA18 Reuters servers CAA18

155.195.48.0 / 22 Reuters servers range 01 Reuters servers range 01 155.195.64.0 / 18 Reuters servers range 01 Reuters servers range 01 159.220.192.0 /20 Global Management Infrastructure

(GMI)

Global Management Infrastructure (GMI)

198.206.64.0 /18 Reuters client range 10 Spring Reuters Servers Range 2 _{(198.206.86.0/23),} 198.210.128.0 /17 Reuters client range 06 Reuters client range 06

204.109.128.0 /17 FCE clients range 04 FCE clients range 04

206.60.0.0 /16 Spring Reuters servers range 3 Spring Reuters servers range 3

SAVVIS NETWORK INFORMATION FOR THOMSON REUTERS MANAGED DEVICE

IP Subnet Note

159.220.0.0/16 Thomson Reuters Managed

(41)

192.155.136.0/21 Thomson Reuters Platform Services, DNS

SERVICES HOST NAME IP ADDRESS

NTP Server NTCP-NTP201 192.155.40.64

NTCP-NTP202 192.155.40.66

(42)

APPENDIX B: LIST OF SWITCH ALLOCATION ON BT SWITCH (VLAN)

Recommended IP address for Streaming Proxy Server and Time Series Proxy on Private Delivery managed VLAN switch

These are recommended IP Address for Streaming Proxy Server and Time Series Proxy devices connecting to the BT Managed VLAN Switch. A different network range should only be used if the suggested IP address range conflicts with your internal network.

Device IP Address (Option A) VLAN HSRP IP Address (Option B) VLAN HSRP SPX / TSP (No Converge-VLAN130)

Switch 1 - IDN-DAF VLAN Sub Interface Address 172.31.11.1 /24 N/A 192.168.11.1 /24 N/A Switch 1 port 9 – 1st client SPX / TSP 172.31.11.11 /24 N/A 192.168.11.11 /24 N/A Switch 1 port 10 – 3rd client SPX / TSP 172.31.11.12 /24 N/A 192.168.11.12 /24 N/A Switch 1 port 11 – 5th client SPX / TSP 172.31.11.13 /24 N/A 192.168.11.13 /24 N/A Switch 1 port 12 – 7th client SPX / TSP 172.31.11.14 /24 N/A 192.168.11.14 /24 N/A Switch 1 port 13 – 9th client SPX / TSP 172.31.11.15 /24 N/A 192.168.11.15 /24 N/A Switch 1 port 14 – Network Monitor 172.31.11.10 /24 N/A 192.168.11.10 /24 N/A

SPX / TSP (No Converge-VLAN130)

Switch 2 - IDN-DAF VLAN Sub Interface Address 172.31.12.1 /24 N/A 192.168.12.1 /24 N/A Switch 2 port 9 – 2nd client SPX / TSP 172.31.12.11 /24 N/A 192.168.12.11 /24 N/A Switch 2 port 10 – 4th client SPX / TSP 172.31.12.12 /24 N/A 192.168.12.12 /24 N/A Switch 2 port 11 – 6th client SPX / TSP 172.31.12.13 /24 N/A 192.168.12.13 /24 N/A Switch 2 port 12 – 8th client SPX / TSP 172.31.12.14 /24 N/A 192.168.12.14 /24 N/A Switch 2 port 13 – 10th client SPX / TSP 172.31.12.15 /24 N/A 192.168.12.15 /24 N/A Switch 2 port 14 – Network Monitor 172.31.12.10 /24 N/A 192.168.12.10 /24 N/A

SPX / TSP (Standard Converge-VLAN160)

Switch 1 - IDN-SAF VLAN Sub Interface Address 172.25.10.1 /24 172.25.10.3 /24 192.168.20.1 /24 192.168.20.3 /24 Switch 1 port 17 – 1st client SPX / TSP 172.25.10.11 /24 192.168.20.11 /24

Switch 1 port 18 – 3rd client SPX / TSP 172.25.10.13 /24 192.168.20.13 /24 Switch 1 port 19 – 5th client SPX / TSP 172.25.10.15 /24 192.168.20.15 /24 Switch 1 port 14 - Network Monitor 172.25.10.9 /24 192.168.20.9 /24

SPX / TSP (Standard Converge-VLAN160)

Switch 2 - IDN-SAF VLAN Sub Interface Address 172.25.10.2 /24 172.25.10.3 /24 192.168.20.2 /24 192.168.20.3 /24 Switch 2 port 17 – 2nd client SPX / TSP 172.25.10.12 /24 192.168.20.12 /24

Switch 2 port 18 – 4th client SPX / TSP 172.25.10.14 /24 192.168.20.14 /24 Switch 2 port 19 – 6th client SPX / TSP 172.25.10.16 /24 192.168.20.16 /24 Switch 2 port 14 - Network Monitor 172.25.10.10 /24 192.168.20.10 /24

(43)

APPENDIX C: LOCAL DNS CONFIGURATION TO SUPPORT NETWORK

FAILOVER (PRIVATE DELIVERY TO INTERNET)*

*This configuration should only apply in case of BT MPLS failover i.e. not something to setup by default.

Configuration Microsoft Windows 2003 Server DNS for Selective Forwarding

NOTE: Microsoft refers to this as Conditional Forwarding

For Forwarders tab, all other DNS domains, the forwarder IP Address list is containing eDNS and Internet DNS. As figure below (155.195.76.4 is eDNS server and 203.144.207.29 is Internet ISP DNS).

For the cp.thomsonreuters.net suffix,

The forwarder IP address list needs add both eDNS and Internet ISP DNS. Add both DNS Providers because when the primary (Private Delivery) Infrastructure is fail, it will use Internet ISP DNS to resolve instead.

(44)

For the extranet.thomsonreuters.biz suffix,

The forwarder IP address list needs add both eDNS only.

For the thomsonreuters.com suffix,

(45)

Configuration Microsoft Windows 2003 Server DNS for Delegation

For the extranet.thomsonreuters.biz suffix

 To Delegate this domain create a new Forward Lookup Zone (Standard Primary) called thomsonreuters.biz as the step showing below:

1. Right Click on Forward Lookup Zone to create new zone

(46)

3. Select Primary zone and Click Next

(47)

5. Create a new file with file name (default) and Click next

(48)

7. Click Finish

(49)

9. Create New Delegation by Right Click on thomsonreuters.biz domain

(50)

11. Enter “extranet” in the Delegated domain and Click next

(51)

13. Enter the eDNS server name into the FQDN, Click Resolve to get the IP Address and Click OK

(52)

15. Click Finish

 Repeat create cp.thomsonreuters.com domain for delegated domain.

(53)

 Forwarding DNS for cp.thomsonreuters.net domain

NOTE: It is not recommended to delegate the Universal Domains and Global Universal Domains, cp.thomsonreuters.net, since this breaks failover from MPLS to Internet. Please use forwarding DNS for cp.thomsonreuters.net