Important Support Bulletin:
Background:
On November 26th, one of GlobalCerts’ partners and cloud service providers (Ongoing Operations) suffered a major cyber attack that completely shut down large portions of their cloud platform. As a result, our SecureTier servers and our internal support server that we use to access customer systems for support were taken offline. On Thursday, December 14th, the remaining SecureTier server that was still operational was also taken offline during their recovery efforts. You can read more about the incident from their official website here: https://ongoingoperations.com/incident-status/ The cloud service provider has decided NOT to restore operations at this point.
As a result, GlobalCerts has recovered our SecureTier servers and Support server from backups and shifted their deployment to our primary cloud provider, Microsoft Azure. Unfortunately, the previous IP addresses of the servers cannot be moved to the new environment. As a result, customers that have on-premises SMGs may need to adjust certain firewall settings to allows connection to/from these new IP addresses.
Impact:
SecuteTier servers are an important part of the SMG system which performs certificate management for all our customers. It also allows for transparent email encryption between all our customers. Unfortunately, the default settings for the SMG will temporarily defer emails if SecureTier cannot be reached, and therefore your SMG may have been deferring secure/signed emails while SecureTier servers were unavailable.
Actions you may need to make:
If you are using an on-premise SecureMail Gateway, you will need to ensure that our new IP addresses are allowed to communicate with the SMG. Please ensure your firewalls allow the following connections with your SMG(s):
- Inbound SSH (TCP port 22) connection from 4.242.32.238 (internal.globalcerts.net)
- Outbound connections to our new SecureTier server at 20.253.231.70. The SMG must be able to connect outbound on the following ports/protocols:
- UDP Port 123 (NTP)
- TCP+UDP Port 53 and Port 5353 (DNS/SecureTier)
- You may remove any rules allowing connections from 63.143.4.90 (our previous support server), as well as 63.143.2.43 and 63.143.14.18 (SecureTier servers)
Please do not hesitate to contact us with any questions on these changes.