site-date-published: 2004.01.23
site-date-update: 2012.11.27

Validation of download servers

site-problemdesc

Some users of Norman's software have strict rules regarding http (web) access through their firewalls. Only particular IP addresses and/or computer names are allowed to be accessed. This means that the servers involved in an update of Norman's software have to be allowed access through the firewall(s) in order to update successfully.

site-solutiondesc

There are two different type of servers involved in an Internet update of Norman's software - the validation servers (that check the authentication key) and the download servers. All of these have to be accessable.

The current validation servers

  • IP 193.69.114.11 - DNS name: niuone.norman.no
  • IP 193.69.114.11 - DNS name: niusix.norman.no
  • IP 193.69.114.12 - DNS name niutwo.norman.no
  • IP 193.69.114.15 - DNS name niufour.norman.no
  • IP 193.69.114.15 - DNS name niuseven.norman.no
  • IP 193.69.114.16 - DNS name niuthree.norman.no
  • IP 193.69.114.19 - DNS name niunine.norman.no
  • IP 81.93.161.138 - DNS name niufive.norman.no
  • IP 81.93.161.138 - DNS name niueight.norman.no

The current download servers

After a request from the Norman Internet Update has validated successfully the download servers are contacted to check if any new program modules are available.

The computer names used as name for the download servers are download.norman.no and normanasa.vo.llnwd.net. However, these computer names resolve to potentially more than 10.000 different IP addresses depending e.g. on the client's geographical location and when one tries to update the Norman installation.
This will be a problem for those who restrict access through the firewall based on IPs as it will be impossible to keep more than 10.000 different IPs updated constantly.

There is a workaround regarding this. However, we recommend that this is used by care, as it will depend on the fact that the particular download server is accessable at any point in time when one tries to update Norman's software using Norman Internet Update.

Such a restriction does not apply in a normal update situation.

This is what customers who deploy such restrictive rules on the update computer(s) must do:

Do a DNS lookup to the server download.norman.no and normanasa.vo.llnwd.net
The IPs that are resolved should be the download servers best suited for the customer in question at that point in time.
Example: 194.176.73.151 and 87.248.201.33 (these IPs are valid download servers that may be used, though they will probably not be the best ones for most customers)
Open the firewall for the IP addresses resolved.
Edit the hosts file(s) on the computer(s) that shall be able to download updates.
Add the following lines to the computer's hosts file

'local_download_server_IP1'    download.norman.no
'local_download_server_IP2'    normanasa.vo.llnwd.net