Scribd Logo
Upload

Welcome to Scribd!

  • Cloud Platform

    Uploaded by

    mpdevfus1983
    3 views10 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views10 pages

    Cloud Platform

    Uploaded by

    mpdevfus1983

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    Guidewire Cloud Platform™

    Working with Guidewire Cloud


    Platform
    Release 2021.11
    © 2021 Guidewire Software, Inc.
    For information about Guidewire trademarks, visit https://www.guidewire.com/legal-notices.
    Guidewire Proprietary & Confidential — DO NOT DISTRIBUTE

    Product Name: Guidewire Cloud Platform


    Product Release: 2021.11
    Document Name: Working with Guidewire Cloud Platform
    Document Revision: 23-October-2022
    Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform

    Contents

    Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

    1 Network connectivity with Guidewire Cloud Platform ............................... 7


    Network connections to Guidewire Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
    Database migration to Guidewire Cloud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
    AWS PrivateLink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
    Information required to set up PrivateLink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
    Configure PrivateLink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

    3
    Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform

    4
    Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform

    Support

    For assistance, visit the Guidewire Community.


    Guidewire customers
    https://community.guidewire.com
    Guidewire partners
    https://partner.guidewire.com

    Support 5
    Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform

    6 Support
    chapter 1

    Network connectivity with Guidewire


    Cloud Platform

    Guidewire has established procedures and standards to provide reliable and efficient transmission of data between
    your self-managed infrastructure and Guidewire Cloud running on Amazon Web Services (AWS). You connect your
    data center to Guidewire Cloud over the internet. You can use available AWS services, such as AWS Direct
    Connect, to establish high-throughput network connections from your data center to AWS. The primary needs for
    data transmission to and from Guidewire Cloud are:
    • Migration of your self-managed database to Guidewire Cloud.
    • Ongoing connections between Guidewire Cloud and your self-managed or third-party systems.

    Network connections to Guidewire Cloud


    All network transmission with Guidewire Cloud Platform is over the public internet. This includes connectivity via
    AWS DirectConnect Public VIF. Guidewire Cloud Platform supports AWS PrivateLink for inbound connections
    only, but not for outbound connections. Other private connections are not supported, including but not limited to
    S2S VPN, AWS VPC peering, AWS Transit Gateway, AWS DirectConnect Private VIF, and S3 bucket replication.
    Once your applications are running in Guidewire Cloud, you may want to establish connections between those
    applications and external systems. This is typically for the following uses:
    • Inbound communication – Connecting to a Guidewire Cloud service by accessing its user interface or by calling
    its APIs. For example, you can connect to the InsuranceSuite web user interface. Additionally, if you have an
    external portal or an integration with Salesforce, those systems can call the APIs exposed by Guidewire Cloud
    services.
    • Outbound communication – Having Guidewire Cloud applications connect with external systems. For example,
    an application might connect to LexisNexis, a credit scoring service, or one of your self-managed services such
    as a unique ID generator.
    All network communication from Guidewire Cloud Platform to external services is over the public internet via TLS/
    TCP, primarily using HTTPS but also email and messaging protocols.
    Guidewire Cloud Platform does provide several mechanisms to ensure the security of your data connections:
    • All connections to Guidewire Cloud are restricted to only approved and allowlisted IP addresses.
    • Connections to Guidewire Cloud application user interfaces and APIs use HTTPS over TLS.
    • API connections can optionally use mTLS.
    Network connectivity with Guidewire Cloud Platform 7
    Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform

    Database migration to Guidewire Cloud


    As part of your migration from self-managed products to Guidewire Cloud, you must perform a one-time migration
    of your data.
    Migrate your self-managed database to Guidewire Cloud by transferring a database backup to your dedicated
    Guidewire S3 bucket on AWS. Guidewire provides you with this secured S3 bucket for your transfer. Although you
    can make this transfer over a standard internet connection, Guidewire recommends that you use Direct Connect with
    a public virtual interface (VIF) for large transfers such as database snapshots. Direct Connect, integrated with the
    Guidewire Cloud Platform S3 public VIF, provides a fast and consistent connection that can be used to transmit data
    from your data center to the public IP of the S3 bucket. When your database transfer is complete, work with your
    Guidewire Cloud Operations partner to restore the backup directly to a Guidewire Cloud database. A private
    connection such as VPN is not supported for this data transfer.
    To set up AWS and Direct Connect, your organization must work directly with a vendor from Amazon’s provider
    network. You may already have an existing relationship with one of these providers. To find a preferred AWS
    partner in your area, see AWS Direct Connect Delivery Partners. Direct Connect is available with several capacity
    options: 1G, 10G, and 100G. For transmitting your self-managed database to Guidewire Cloud, you must use
    connection of 10G or greater. This provides a throughput of roughly 1TB/hour, which is required to minimize
    downtime during the upgrade deployment.
    For larger databases where the transmission time would exceed the allocated time, an individual database transfer
    might need to occur in multiple phases. After the initial transmission of the full database backup, any subsequent
    database changes must also be transferred. The mechanism for transferring the differences depends on the database
    technology being used:
    • For Microsoft SQL Server, you would perform a differential backup and then transfer it via Direct Connect to the
    Guidewire S3 bucket.
    • For Oracle, Guidewire would establish a temporary VPN (or AWS PrivateLink) connection between a
    Guidewire-owned AWS Virtual Private Cloud (VPC) and your data center. Guidewire would then use the AWS
    Data Migration Service (DMS) to connect to your database via JDBC and stream the database changes to the
    Guidewire S3 bucket.
    Database snapshots are encrypted prior to transferring. For an additional level of security, Guidewire provides the
    following options to leverage the temporary VPN and combine it with S3 replication:
    • Option 1: Guidewire would establish a temporary VPN connection between a custom AWS VPC and your data
    center and expose a private S3 bucket for the data transfer. This private S3 bucket would be replicated, using S3
    replication over the AWS backbone, to Guidewire Cloud.
    • Option 2: You would establish a temporary VPN connection between your AWS VPC and your data center and
    leverage an AWS data transfer solution such as AppSync. You would then transfer the data to a private S3
    bucket. This private S3 bucket would be replicated, using S3 replication over AWS backbone, to Guidewire
    Cloud.

    AWS PrivateLink
    You can use AWS PrivateLink to establish a private connection from your systems to Guidewire Cloud.
    AWS PrivateLink provides private connections between AWS Virtual Private Clouds (VPCs), with no data
    transmitted over the public network. A private connection increases security and also reduces latency. Guidewire
    Cloud Platform supports inbound (ingress) PrivateLink connections. Outbound (egress) connections to your systems
    cannot use PrivateLink.
    To set up PrivateLink, first work with your AWS architects and solution partners. Working with AWS ensures that
    your PrivateLink solution is consistent with AWS best practices and standards. Once you have PrivateLink set up,
    contact Guidewire Cloud Operations to begin discussions about using PrivateLink with Guidewire Cloud.

    8 chapter 1: Network connectivity with Guidewire Cloud Platform


    Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform

    Note the following regarding using PrivateLink with Guidewire Cloud:


    • Your AWS account must be in the same region as your Guidewire Cloud account.
    • You can have only one PrivateLink endpoint per Guidewire Cloud quadrant.
    • Guidewire Cloud supports PrivateLink using only HTTPS (port 443).
    • You are responsible for DNS and routing on your VPC for requests going to Guidewire domains.
    • Guidewire provides only VPC endpoint services (ES), and does not provide any other network configuration to
    support PrivateLink connectivity.
    For more information about AWS PrivateLink, see https://aws.amazon.com/privatelink.

    Information required to set up PrivateLink


    To set up your PrivateLink connection, you must exchange certain information with Guidewire Cloud Operations.
    When you request PrivateLink access, provide Guidewire with the following information:

    Information Description
    AWS account numbers Your 12-digit AWS account numbers. For example:
    123456789012
    234567890123

    Private IP addresses Your IPv4 address ranges from which Guidewire services will
    allow incoming connections. For example:
    10.0.0.0/24
    172.16.0.0/24
    192.168.0.1/24

    Guidewire then provides you with the following information:

    Information Description
    PrivateLink URL Your dedicated PrivateLink URL specific to your tenant, which
    you can use to route some or all of your traffic to Guidewire
    Cloud.
    VPC endpoint service name Sometimes referred to as VpcEsName.
    Target VPC The VPC in which the client is running.
    Availability zones Sometimes referred to as VpcEsZones.

    Configure PrivateLink
    Configure PrivateLink to connect with Guidewire Cloud.

    About this task


    Note: The following procedure is an example, provided primarily for reference. Your configuration
    may require additional setup. For more specific guidance, consult your network manager.

    Procedure
    1. Create the necessary security groups to attach to the PrivateLink VPC endpoint.
    a. In the AWS VPC dashboard sidebar, select Security groups.
    b. Create the security groups with appropriate inbound rules that authorize your internal client subnets to
    route traffic through PrivateLink.
    Network connectivity with Guidewire Cloud Platform 9
    Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform

    That allows access from the authorized subnets. The security groups must have inbound rules from the client
    network.
    2. Create a VPC endpoint.
    a. In the AWS VPC dashboard sidebar, select Endpoints.
    b. Select Create endpoint.
    c. For Name tag, enter a name for the endpoint.
    d. Under Service category, select Other endpoint services.
    e. In the Service name text box, enter the VPC endpoint service name (VpcEsName) provided to you by
    Guidewire.
    f. In the VPC drop-down list, select the target VPC.
    g. In the Availability Zones list, select the availability zones provided to you by Guidewire.
    h. In the Security groups list, select the security groups that allow access from the specified availability zone
    subnets.
    i. Select Create endpoint.
    3. Create a private hosted DNS zone.
    a. In the Amazon Route 53 dashboard, select Hosted Zones
    b. Select Create hosted zone.
    c. For Domain name, enter the fully-qualified domain name of the hosted zone that connects with the
    Guidewire Cloud quadrant.
    d. For Type, select Private hosted zone.
    e. Under VPCs to associate with the hosted zone, select the applicable region and VPC.
    f. Select Create hosted zone.
    4. Create a star record for the hosted zone.
    a. On the detail screen for the hosted zone, select Create record.
    b. For Record name, type *.
    c. In the Record type drop-down list, select CNAME.
    d. In the Value text box, enter the DNS record from the VPC endpoint.
    Note: Use the DNS address appearing at the top of the DNS names list for the endpoint.
    e. Select Create records.
    5. Update the Guidewire Cloud Console allowlist with the PrivateLink private IP addresses.
    a. In Guidewire Cloud Console, select IP Allowlisting.
    b. Select the IP Groups tab.
    c. Select Create a group.
    d. Type the group Name.
    e. In the Add IP Range text box, type the range of IP address to add to the allowlist.
    f. Select Add to the Allowlist.
    g. Select Save.
    h. Select the Assignments tab.
    i. Select New assignment.
    j. Select the Environment class and Application.
    k. Set Access type to Private.
    l. In the Assigned groups drop-down list, select the group to use for this assignment.

    10 chapter 1: Network connectivity with Guidewire Cloud Platform

    You might also like