Scomis are making changes to the External Connector which will add a layer of resiliency to the service. In addition, to the resiliency, the External Connector Upgrade will also refresh the digital certificates that are used by the service, helping to ensure that the service keeps data secure during transit.
About External Connector
The External Connector is a managed solution that uses OpenVPN to create a secure tunnel between a school’s computer and the Scomis Infrastructure. This allows third-party applications to access SIMS .net data for reporting, attendance, messaging, security and other purposes. The self-service nature of External Connector first started in 2014 and has been running, largely unchanged since that date.
About the Upgrade
The External Connector Upgrade will make changes to the currently configured OpenVPN configuration files. Depending upon when the External Connector was installed a few different actions will be taken during the upgrade process. A detailed list is below. In essence, the External Connector will be upgraded so that it can use one of three different access points, allowing it to maintain a connection to Scomis should one of our ISP’s have a fault.
- Original certificate and configuration files will be deleted
- A new certificate and configuration will be downloaded for your school
- The OpenVPN configuration will be updated so that it can access 3 different server addresses (endpoints)
- A new version of Scomis Auto Update will be installed.
- The upgrade will also perform a tidy up of previously created backup and log files.
- OpenVPN will be restarted during the process
The Upgrade process will also delete any certificates and configurations which are no longer valid (revoked Install Keys)
What do Schools need to do?
All Schools that have an external connector must ensure that the computer/server with the External Connector can access the addresses and ports listed below, otherwise, the connector will fail to connect.
|externalconnector.scomis.org||HTTPS 443/TCP||The server where Auto Update will get details of SIMS Upgrades from. This will be accessed either directly or via a proxy server depending upon how Auto Update has been configured.|
|extvpn2020.scomis.org||443/TCP||OpenVPN Connection Endpoint. The TCP protocol does allow the address to be accessed via a proxy server.|
|extvpn-gmh.scomis.org||443/TCP||An Alias for extvpn2020.scomis.org|
|extvpn-chl.scomis.org||443/TCP||OpenVPN Connection Endpoint|
|upgrades.scomis.org||HTTPS 443/TCP||This address will be retired once all schools have upgraded to the latest version of Auto Update|
What will Auto Update do?
The updated version of Auto Update will still keep SIMS .net up to date with the same version that is running on the Scomis Hosted Platform. In addition to that, the service has been completely re-written so that its functions provide a better job of keeping the External Connector up to date. The Updated Version will;
- Keep SIMS .net up to date with the version installed on Scomis Hosted Applications
- Keep Scomis Auto Update up to date with the latest releases
- Update the OpenVPN Configuration as necessary
- Update the Windows Hosts files with details of the Scomis Database Servers
- Tidy any backups and log files that the Service Creates
- Remove Scomis Certificates and Configuration Automatically if they have been revoked (for instance, the school leaves the Hosted Applications Service).
How do I Upgrade
Once you have ensured that the Schools Firewall/Internet/ISP will allow access to the updated endpoint addresses, you can start the upgrade process by downloading and running our Upgrade Tool. The upgrade process is automatic and will show a log of its progress. During the upgrade process, Windows Installer Dialogs will be displayed – this is normal, the upgrade process should mean that you don’t need to interact with those processes.
What if I don’t upgrade
You must upgrade in order to continue using External Connector for your third party applications. Scomis are giving you the opportunity to carry out any actions needed to ensure that the External Connector will connect to the new addresses. If you do nothing, the Auto Update software will automatically download and attempt to Upgrade the External Connector certificates and Auto Update software, this could mean that your third party applications will stop working. We are planning to set the Auto Update to automatically upgrade in January 2022.