Professional Documents
Culture Documents
Contents
Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
3
Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform
4
Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform
Support
Support 5
Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform
6 Support
chapter 1
Guidewire has established procedures and standards to provide reliable and efficient transmission of data between
your self-managed infrastructure and Guidewire Cloud running on Amazon Web Services (AWS). You connect your
data center to Guidewire Cloud over the internet. You can use available AWS services, such as AWS Direct
Connect, to establish high-throughput network connections from your data center to AWS. The primary needs for
data transmission to and from Guidewire Cloud are:
• Migration of your self-managed database to Guidewire Cloud.
• Ongoing connections between Guidewire Cloud and your self-managed or third-party systems.
AWS PrivateLink
You can use AWS PrivateLink to establish a private connection from your systems to Guidewire Cloud.
AWS PrivateLink provides private connections between AWS Virtual Private Clouds (VPCs), with no data
transmitted over the public network. A private connection increases security and also reduces latency. Guidewire
Cloud Platform supports inbound (ingress) PrivateLink connections. Outbound (egress) connections to your systems
cannot use PrivateLink.
To set up PrivateLink, first work with your AWS architects and solution partners. Working with AWS ensures that
your PrivateLink solution is consistent with AWS best practices and standards. Once you have PrivateLink set up,
contact Guidewire Cloud Operations to begin discussions about using PrivateLink with Guidewire Cloud.
Information Description
AWS account numbers Your 12-digit AWS account numbers. For example:
123456789012
234567890123
Private IP addresses Your IPv4 address ranges from which Guidewire services will
allow incoming connections. For example:
10.0.0.0/24
172.16.0.0/24
192.168.0.1/24
Information Description
PrivateLink URL Your dedicated PrivateLink URL specific to your tenant, which
you can use to route some or all of your traffic to Guidewire
Cloud.
VPC endpoint service name Sometimes referred to as VpcEsName.
Target VPC The VPC in which the client is running.
Availability zones Sometimes referred to as VpcEsZones.
Configure PrivateLink
Configure PrivateLink to connect with Guidewire Cloud.
Procedure
1. Create the necessary security groups to attach to the PrivateLink VPC endpoint.
a. In the AWS VPC dashboard sidebar, select Security groups.
b. Create the security groups with appropriate inbound rules that authorize your internal client subnets to
route traffic through PrivateLink.
Network connectivity with Guidewire Cloud Platform 9
Guidewire Cloud Platform 2021.11 Working with Guidewire Cloud Platform
That allows access from the authorized subnets. The security groups must have inbound rules from the client
network.
2. Create a VPC endpoint.
a. In the AWS VPC dashboard sidebar, select Endpoints.
b. Select Create endpoint.
c. For Name tag, enter a name for the endpoint.
d. Under Service category, select Other endpoint services.
e. In the Service name text box, enter the VPC endpoint service name (VpcEsName) provided to you by
Guidewire.
f. In the VPC drop-down list, select the target VPC.
g. In the Availability Zones list, select the availability zones provided to you by Guidewire.
h. In the Security groups list, select the security groups that allow access from the specified availability zone
subnets.
i. Select Create endpoint.
3. Create a private hosted DNS zone.
a. In the Amazon Route 53 dashboard, select Hosted Zones
b. Select Create hosted zone.
c. For Domain name, enter the fully-qualified domain name of the hosted zone that connects with the
Guidewire Cloud quadrant.
d. For Type, select Private hosted zone.
e. Under VPCs to associate with the hosted zone, select the applicable region and VPC.
f. Select Create hosted zone.
4. Create a star record for the hosted zone.
a. On the detail screen for the hosted zone, select Create record.
b. For Record name, type *.
c. In the Record type drop-down list, select CNAME.
d. In the Value text box, enter the DNS record from the VPC endpoint.
Note: Use the DNS address appearing at the top of the DNS names list for the endpoint.
e. Select Create records.
5. Update the Guidewire Cloud Console allowlist with the PrivateLink private IP addresses.
a. In Guidewire Cloud Console, select IP Allowlisting.
b. Select the IP Groups tab.
c. Select Create a group.
d. Type the group Name.
e. In the Add IP Range text box, type the range of IP address to add to the allowlist.
f. Select Add to the Allowlist.
g. Select Save.
h. Select the Assignments tab.
i. Select New assignment.
j. Select the Environment class and Application.
k. Set Access type to Private.
l. In the Assigned groups drop-down list, select the group to use for this assignment.