Migrating to Azure

Owned by Febin Joy
Last updated: 11 Mar, 2024
5 min read

Our team is fully committed to executing a seamless migration and ensuring that your website operates flawlessly on the new Azure server. We have taken all necessary precautions to make this migration as smooth as possible. Rest assured, once the migration is complete, you can continue to enjoy the benefits of our services. Please refer to the relevant Sections below for more details. If you have any additional technical queries, please raise a service desk ticket and the corresponding technical team will respond to it. Ensure that you loop in your CSM. We appreciate your understanding and cooperation throughout this migration process.

 

For Non Key Master Customers

If you currently do not have a key cabinet, there is no need for you to make any changes at your end. Your website will be migrated seamlessly without any action required from your side. You can continue using our services as usual.

The migration process will take place during the specified maintenance window, which will be scheduled outside of office hours. We have carefully selected this time to minimise any potential disruption to your daily operations.

During the migration, there will be an estimated downtime of approximately 15–20 minutes. We understand the importance of keeping your website up and running smoothly, and we apologise for any inconvenience this temporary interruption may cause.

For Key Master Customers

Firewall Rules for customers worldwide (Other than US)

You should have currently whitelisted the following: Outbound TCP 80 (HTTP) and 443 (HTTPS) to sync.keymaster.net.au(119.9.44.89).

You will just need to add a few additional whitelisting:

Key Master customers will need to ensure the following rules are in place. If they do not exist, it will need to be added.

  • Outbound SSH (port 22) to kmutil.keymaster.net.au (119.9.53.35 & 119.9.54.64) for remote connection by Smartrak for operational support of KM 3 (This is only for KM3 customers)

  • Outbound SSH (port 22) to gpssyd1.keymaster.net.au (119.9.14.11 & 119.9.54.64) for remote connection by Smartrak for operational support of KM 2 (This is only for KM2 customers)

Outbound SSH (port 22) line of sight to our code repository server github.com to download firmware updates.

If these actions are not complete before the migration date, we will not be able to troubleshoot, log or create backups of your key master cabinet until the action has been completed.

FAQs

We don't block any outbound network traffic. Do we need to take any action?

If there is no firewall rule that blocks outbound traffic to the specified IP addresses and URLs, No action is required from your end. Please note that there may be a 15-20 minute downtime during the specified maintenance window. You need to be prepared for this.

We don't use a Key Master. Do we need to take any action?

No action is required from your end. Please note that there may be a 15-20 minute downtime during the specified maintenance window. You need to be prepared for this.

Are there any inbound connections or firewall rules required?

All communication is outbound from the cabinet. No inbound firewall rules are required.

What is the PoolCar URL referred?

Your PoolCar URL is the web address of your PoolCar instance. e.g. xyz.poolcar.com or abc.poolcar.com

What does the outbound connection to sync.keymaster.net.au do?

Key cabinets communicate with sync.keymaster.net.au to announce that they are online and healthy. Smartrak monitors the health of the cabinets and if this heartbeat is missing, the cabinet is considered offline. Daily backup of the cabinet database is uploaded to Smartrak’s secure server using this.

What does the outbound connection to PoolCar Server and PoolCar URL do?

The cabinets sync bookings and perform check out and check in of booking using these URLs. If these are not allowed, cabinets will not be able to download, check out or check in bookings from PoolCar.

What does the outbound connection to kmutil.keymaster.net.au and gpssyd1.keymaster.net.au do?

Whenever there is an issue with the cabinet, Smartrak staff would need to remotely access the cabinet for troubleshooting if required. This is made possible with the help of these servers. If communication to these servers is not allowed, Smartrak staff will not be able to troubleshoot issues in the cabinet.

Why do we need to have an outbound firewall rule for github.com

Smartrak deploys the firmware of the KeyCabinet to a private repository in GitHub. When an attempt is made to update the firmware of a cabinet, the latest firmware is pulled from GitHub and necessary changes are applied.

What would happen if we didn’t have the firewall rule in place?

As shown in the following image, outbound communication to various systems is required for the smooth working of the cabinet. If the traffic is interrupted by a firewall, the respective functionality will not work properly resulting in undesired results.

cabinet_sync.png

We have already provided SSH access to domains - kmutil.keymaster.net.au, gpssyd1.keymaster.net.au and github.com as fully qualified domain name (FQDN). Will it pick up the IP address change automatically?

Yes. It will be automatically picked up. Key Master cabinet does not use IP address internally. It uses FQDN for the outbound communication and IP address gets resolved automatically.

Could you provide a more specific time when the migration will happen?

Unfortunately, we are not able to provide a specific time at this moment. The expected downtime would be around 15–20 minutes within the maintenance window.

Should we remove all other IP address whitelisting other than the ones specified above

Removing those whitelisting before the migration will impact your Key Cabinet's ability to communicate with PoolCar. It is advised to remove them once the migration is over.

To set the Firewall rules, What would be the source IP?

The source IP address would be the IP address of your cabinet. Unfortunately, we do not have the visibility to provide this information. Your IT would be able to provide this info. If you have enabled DHCP in the cabinet, the cabinet IP would change, and you will need to allow access to all IP address in your network. If you are using dedicated IP addresses for cabinets, Please provide access to only those IPs.

How do we identify if the cabinet is a KM2 or KM3?

Please check your cabinet Serial Number. If it is 000165 or below, it is a KM2 cabinet. Cabinets with serial numbers 000166 and above are KM3 cabinets.

What are the keymaster.net.au and poolcar.net.au entries that will fall stale after the migration date? Can we remove them from our firewall ACLs/whitelisting?

Any other firewall entries with a different IP address for keymaster.net.au and poolcar.net.au other than the ones provided are safe to be removed after the migration. Removing those whitelisting BEFORE the migration will impact your Key Cabinet's ability to communicate with PoolCar. It is advised to remove them only AFTER the migration is over and everything is verified.

Who would be the best person to talk to if I have additional technical questions?

For any additional technical queries, please raise a service desk ticket and the corresponding technical team will respond to it. Ensure that you loop in your CSM.