ESM Network - Technical Specification

Contents

Introduction

Integration Framework

Configuration & Validation Process

Network Settings

Certificate Configuration

Network Connectivity Validation

Introduction

ESM Solution applications integrate with many external Customer and Supplier systems to facilitate data exchange from ESM’s spend management solutions. The following are common systems that Customers and Suppliers configure ESM IP addresses:

• Network / Firewall access and/or Proxy service whitelists 
• ERP/GL integrations
• Single Sign-on integrations
• S/FTP data transfers

This article outlines the basic network connectivity requirements and troubleshooting steps necessary to connect and exchange data with the ESM applications.

Integration Framework

The following diagram provide a general visual representation of the common integrations with ESM applications:

Configuration & Validation Process

As part of the ESM implementation methodology, it is important to establish and test connectivity at the network layer before integration validation can begin.

The basic connectivity configuration and validation process is as follows:

1. The Customer/Supplier establishes firewall protocols.
   • Configure firewall ports to be used for data connections.
   • Configure and whitelist proper IP addresses for ESM Training and Production servers.
2. ESM staff will configure ESM applications and validates basic network connectivity.
3. The Customer/Supplier will validate all network connectivity.
4. The Customer/Supplier and ESM staff will troubleshoot any issues.

Network Settings

ESM typically provides two standard and distinct application environments to each Customer:

1. One Training environment
2. One Production environment

Each Training environment connection allows ESM applications to validate Integration touchpoints against the Customer and Supplier integrated systems. This will ensure data flows and functionality are working correctly before the Production environment connections are established.

In some cases, Customer and Suppliers will whitelist IP addresses to ensure security protocols are followed when setting up these connections. The information below reflects network settings that Customers and Suppliers should assign within their firewall tables for each applicable ESM server environment.

Inbound IP Addresses

Note: Customers should whitelist the appropriate inbound IP addresses

Outbound IP Addresses

Production Server Note: For Production environments, each server has a management IP (see above) that would be used if the Customer or Supplier whitelists by IP address.

S/FTP Server Note: Customers only need to set up access to the ESM S/FTP servers if directed by ESM staff.

Certificate Configuration

ESM uses publicly trusted certificates from well-known certificate authorities (CAs) like Thawte. If the Customer site has their own self-signed certificate, then Thawte will provide a copy of that certificate for installation within ESM’s application(s).

Network Connectivity Validation

Once firewall configurations have been completed, it will be necessary to validate the network connectivity for both the ESM Training and Production environments. To accomplish this, Customers and Suppliers may have their own testing methods to ensure proper connectivity has been established. If the Customer/Supplier does not have a standard method for testing connectivity, the following information is intended to assist Customers/Suppliers with validating network connectivity.

Note: The information below pertains to UNIX and Windows-based systems only.

Basic Ping Test

Command: ping training.esmsolutions.com

Successful Result:

ping training.esmsolutions.com (208.67.123.207) 56(84) bytes of data.
64 bytes from 208.67.123.207: icmp_req=1 ttl=114 time=85.1 ms
64 bytes from 208.67.123.207: icmp_req=2 ttl=114 time=47.1 ms
64 bytes from 208.67.123.207: icmp_req=3 ttl=115 time=44.0 ms
64 bytes from 208.67.123.207: icmp_req=4 ttl=115 time=40.7 ms
^C
--- training.esmsolutions.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 15438ms
rtt min/avg/max/mdev = 40.733/54.288/85.190/17.985 ms

Unsuccessful Result:

ping training.esmsolutions.com (208.67.123.207) 56(84) bytes of data.
^C
--- training.esmsolutions.com ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 119594ms

Note: A BREAK command, such as [Ctrl]+C, may be required to terminate the PING request.

Basic Telnet Test (UNIX/Windows)

Command: telnet training.esmsolutions.com 443

Successful Result:

Trying 208.67.123.207...
Connected to training.esmsolutions.com.
Escape character is '^]'.

^]

telnet> quit
Connection closed.

Unsuccessful Result:

Trying 208.67.123.207...
telnet: Unable to connect to remote host: Connection timed out.

Note: The following items should be considered when using telnet:

• A successful connection attempt will result in a response similar to "Connected to training.esmsolutions.com". If the response is not similar to this, then the connection attempt was NOT successful.
• To close the connection, issue a BREAK command using [Ctrl]+], then type QUIT to terminate the session.
• Telnet may not be available by default on Windows systems.

Basic Traceroute Test (UNIX/Linux)

Command: traceroute –m 15 training.esmsolutions.com

Successful Result:

traceroute to training.esmsolutions.com (208.67.123.207), 15 hops max, 60 byte packets
1 192.168.8.1 (192.168.8.1) 11.446 ms 11.195 ms 11.054 ms
2 69.139.6.1 (69.139.6.1) 33.278 ms 35.588 ms 37.332 ms
3 xe-0-1-0-32767-sur01.lansdale.pa.panjde.comcast.net (68.86.193.33) 27.425 ms 27.441 ms 27.587 ms
4 69.139.192.65 (69.139.192.65) 28.115 ms 28.204 ms 28.313 ms
5 pos-2-3-0-0-cr01.newyork.ny.ibone.comcast.net (68.86.94.233) 34.259 ms pos-3-13-0-0-cr01.newyork.ny.ibone.comcast.net (68.86.95.165) 30.496 ms pos-2-3-0-0-cr01.newyork.ny.ibone.comcast.net (68.86.94.233) 34.160 ms
6 pos-1-5-0-0-pe01.111eighthave.ny.ibone.comcast.net (68.86.87.98) 35.877 ms 14.609 ms 19.242 ms
7 ix-7-1-1-0.tcore1.NTO-NewYork.as6453.net (209.58.26.137) 18.918 ms 21.319 ms 21.109 ms
8 209.58.26.94 (209.58.26.94) 48.811 ms 48.725 ms 48.674 ms
9 0.so-7-0-0.XL4.PHL6.ALTER.NET (152.63.3.81) 44.158 ms 44.367 ms 43.990 ms
10 0.xe-10-0-0.GW11.PHL6.ALTER.NET (152.63.20.138) 51.219 ms 53.106 ms 52.983 ms
11 69.7.225.45 (69.7.225.45) 52.865 ms 52.748 ms 46.827 ms
12 * * *
13 * * *
14 * * *
15 * * *

root@localhost:~#

Unsuccessful Result:

ping training.esmsolutions.com (208.67.123.207) 56(84) bytes of data.
^C
--- training.esmsolutions.com ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 119594ms

Note: The -m {number} in the command specifies the maximum number of hops (max time-to-live value) traceroute will probe and the default is 30.

Basic Traceroute Test (Windows)

Command: tracert –h 18 training.esmsolutions.com

Successful Result:

tracert –h 18 training.esmsolutions.com

Tracing route to training.esmsolutions.com [208.67.123.207] over a maximum of 30 hops:
1 117 ms 84 ms 74 ms 172.26.96.161
2 57 ms 219 ms 103 ms 172.26.96.1
3 59 ms 64 ms 107 ms 172.16.249.100
4 59 ms 50 ms 52 ms 12.249.2.9
5 70 ms 64 ms 131 ms 12.83.188.242
6 68 ms 64 ms 583 ms cr1.cgcil.ip.att.net [12.122.2.205]
7 78 ms 53 ms 52 ms ggr4.cgcil.ip.att.net [12.122.133.33]
8 * * * Request timed out.
9 83 ms 78 ms 200 ms vl-3507-ve-121.ebr1.Chicago2.Level3.net [4.69.158.138]
10 90 ms 73 ms 148 ms ae-6-6.ebr1.Chicago1.Level3.net [4.69.140.189]
11 96 ms 88 ms 130 ms ae-2-2.ebr2.NewYork2.Level3.net [4.69.132.66]
12 95 ms 76 ms 113 ms ae-45-45.ebr2.NewYork1.Level3.net [4.69.141.21]
13 89 ms 77 ms 113 ms ae-82-82.csw3.NewYork1.Level3.net [4.69.148.42]
14 79 ms 80 ms 164 ms ae-3-80.edge1.NewYork1.Level3.net [4.69.155.142]
15 91 ms 77 ms 198 ms 4.78.132.220
16 85 ms 78 ms 580 ms 10Gig-5-5.DBSi-CoreRtr-02.tek.dbsintl.net [69.7.225.53]
17 126 ms 129 ms 100 ms 10Gig-6-5.DBSi-CoreRtr-01.vf.dbsintl.net [69.7.225.45]
18 * * * Request timed out.
Trace complete.

Note: The –h {number} in the command specifies the maximum number of hops to search for the target and the default is 30 hops.