ESM Network - Technical Specification



Integration Framework

Configuration & Validation Process

Network Settings

Certificate Configuration

Network Connectivity Validation


ESM Solution applications integrate with many external Customer and Supplier systems to facilitate data exchange from ESM’s spend management solutions. The following are common systems that Customers and Suppliers configure ESM IP addresses:

  • Network / Firewall access and/or Proxy service whitelists 
  • ERP/GL integrations
  • Single Sign-on integrations
  • S/FTP data transfers

This article outlines the basic network connectivity requirements and troubleshooting steps necessary to connect and exchange data with the ESM applications.

Integration Framework

The following diagram provide a general visual representation of the common integrations with ESM applications:


Configuration & Validation Process

As part of the ESM implementation methodology, it is important to establish and test connectivity at the network layer before integration validation can begin.

The basic connectivity configuration and validation process is as follows:

  1. The Customer/Supplier establishes firewall protocols.
    • Configure firewall ports to be used for data connections.
    • Configure and whitelist proper IP addresses for ESM Training and Production servers.
  2. ESM staff will configure ESM applications and validates basic network connectivity.
  3. The Customer/Supplier will validate all network connectivity.
  4. The Customer/Supplier and ESM staff will troubleshoot any issues.

Network Settings

ESM typically provides two standard and distinct application environments to each Customer:

  1. One Training environment
  2. One Production environment

Each Training environment connection allows ESM applications to validate Integration touchpoints against the Customer and Supplier integrated systems. This will ensure data flows and functionality are working correctly before the Production environment connections are established.

In some cases, Customer and Suppliers will whitelist IP addresses to ensure security protocols are followed when setting up these connections. The information below reflects network settings that Customers and Suppliers should assign within their firewall tables for each applicable ESM server environment.

Inbound IP Addresses

Environment Server IP Address

Note: Customers should whitelist the appropriate inbound IP addresses

Outbound IP Addresses

URL Public IP Address Protocol/Port
Training Environment Server
Production Environment Server
S/FTP Server
Public FTP ftp / port 20 & 21
Public SFTP sftp / port 22

Production Server Note: For Production environments, each server has a management IP (see above) that would be used if the Customer or Supplier whitelists by IP address.

S/FTP Server Note: Customers only need to set up access to the ESM S/FTP servers if directed by ESM staff.

Certificate Configuration

ESM uses publicly trusted certificates from well-known certificate authorities (CAs) like Thawte. If the Customer site has their own self-signed certificate, then Thawte will provide a copy of that certificate for installation within ESM’s application(s).

Network Connectivity Validation

Once firewall configurations have been completed, it will be necessary to validate the network connectivity for both the ESM Training and Production environments. To accomplish this, Customers and Suppliers may have their own testing methods to ensure proper connectivity has been established. If the Customer/Supplier does not have a standard method for testing connectivity, the following information is intended to assist Customers/Suppliers with validating network connectivity.

Note: The information below pertains to UNIX and Windows-based systems only.

Basic Ping Test

Command: ping

Successful Result:

ping ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=114 time=85.1 ms
64 bytes from icmp_req=2 ttl=114 time=47.1 ms
64 bytes from icmp_req=3 ttl=115 time=44.0 ms
64 bytes from icmp_req=4 ttl=115 time=40.7 ms
--- ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 15438ms
rtt min/avg/max/mdev = 40.733/54.288/85.190/17.985 ms

Unsuccessful Result:

ping ( 56(84) bytes of data.
--- ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 119594ms

Note: A BREAK command, such as [Ctrl]+C, may be required to terminate the PING request.

Basic Telnet Test (UNIX/Windows)

Command: telnet 443

Successful Result:

Connected to
Escape character is '^]'.


telnet> quit
Connection closed.

Unsuccessful Result:

telnet: Unable to connect to remote host: Connection timed out.

Note: The following items should be considered when using telnet:

  • A successful connection attempt will result in a response similar to "Connected to". If the response is not similar to this, then the connection attempt was NOT successful.
  • To close the connection, issue a BREAK command using [Ctrl]+], then type QUIT to terminate the session.
  • Telnet may not be available by default on Windows systems.

Basic Traceroute Test (UNIX/Linux)

Command: traceroute –m 15

Successful Result:

traceroute to (, 15 hops max, 60 byte packets
1 ( 11.446 ms 11.195 ms 11.054 ms
2 ( 33.278 ms 35.588 ms 37.332 ms
3 ( 27.425 ms 27.441 ms 27.587 ms
4 ( 28.115 ms 28.204 ms 28.313 ms
5 ( 34.259 ms ( 30.496 ms ( 34.160 ms
6 ( 35.877 ms 14.609 ms 19.242 ms
7 ( 18.918 ms 21.319 ms 21.109 ms
8 ( 48.811 ms 48.725 ms 48.674 ms
9 ( 44.158 ms 44.367 ms 43.990 ms
10 0.xe-10-0-0.GW11.PHL6.ALTER.NET ( 51.219 ms 53.106 ms 52.983 ms
11 ( 52.865 ms 52.748 ms 46.827 ms
12 * * *
13 * * *
14 * * *
15 * * *


Unsuccessful Result:

ping ( 56(84) bytes of data.
--- ping statistics ---
119 packets transmitted, 0 received, 100% packet loss, time 119594ms

Note: The -m {number} in the command specifies the maximum number of hops (max time-to-live value) traceroute will probe and the default is 30.

Basic Traceroute Test (Windows)

Command: tracert –h 18

Successful Result:

tracert –h 18

Tracing route to [] over a maximum of 30 hops:
1 117 ms 84 ms 74 ms
2 57 ms 219 ms 103 ms
3 59 ms 64 ms 107 ms
4 59 ms 50 ms 52 ms
5 70 ms 64 ms 131 ms
6 68 ms 64 ms 583 ms []
7 78 ms 53 ms 52 ms []
8 * * * Request timed out.
9 83 ms 78 ms 200 ms []
10 90 ms 73 ms 148 ms []
11 96 ms 88 ms 130 ms []
12 95 ms 76 ms 113 ms []
13 89 ms 77 ms 113 ms []
14 79 ms 80 ms 164 ms []
15 91 ms 77 ms 198 ms
16 85 ms 78 ms 580 ms []
17 126 ms 129 ms 100 ms []
18 * * * Request timed out.
Trace complete.

Note: The –h {number} in the command specifies the maximum number of hops to search for the target and the default is 30 hops.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.

Articles in this section