**This message contains important information about forthcoming changes to the Exchange Network Authentication and Authorization Service. Please read this message in its entirety to understand if your agency or organization will be affected.**
U.S. EPA is planning updates to the Exchange Network’s security infrastructure known as the Network Authentication and Authorization Service (NAAS). As part of a longer-term modernization effort, the current NAAS application will be migrated to a new platform in the coming weeks. The system will retain all existing functionality and the re-platforming should be transparent to most users. Here are some important highlights about this upcoming change:
- The current URLs for the NAAS will not change.
- The IP addresses for the NAAS will be changing, so agencies with strict firewall rules will need to update them for the new IP addresses.
- Server security certificates will not be changing during this migration, so agencies will not need to adjust for new certificates.
Please see below for more information about anticipated timing and other considerations. Some details are still forthcoming, so watch for more information in future EN Alert emails. If you have any questions or comments please contact the Exchange Network Help Desk (see contact information below).
Timeline and Downtime
The tentative schedule for re-platforming the NAAS is:
- NAAS Test Environment – March 2021 (exact weekend dates TBA)
- NAAS Production Environment – April 2021 (exact weekend dates TBA)
EPA anticipates that the NAAS will be unavailable for part of the cutover weekend. EPA will communicate more specifics about the dates and the amount of downtime anticipated as that information becomes available. Watch for more details in a future EN Alert email. Please take note of this weekend downtime and inform your agency’s Exchange Network users that they will not be able to connect to the Exchange Network or NAAS-supported applications during the NAAS platform change.
Once the NAAS Test environment has been migrated to the new platform, EPA will notify the Exchange Network community in an EN Alert email. This will open an opportunity for the community to help verify that the re-platformed NAAS services are continuing to operate normally. During this testing period, partner agencies should:
- Verify that your nodes / dataflows remain operational and are working normally. Unless your agency is covered by one of the exceptional situations below, the NAAS services in the TEST environment should continue to work normally for you without any need for intervention on your part.
- Please report any anomalies, questions, or errors to the Node Help Desk (see information below).
In most cases, the NAAS re-platforming will be completely transparent and users will not need to take any action. The exceptions to that rule are listed below. Please read on to determine if your organization will be impacted by one of these situations. If you have questions, please contact the Exchange Network Help Desk (see below).
- Firewall Rules – After the migration, the IP addresses for the Test and Production NAAS will change. If you have an outbound firewall rule from your system to the current NAAS IP address, your agency will need to update your firewall rules to allow access to the new NAAS IP addresses. EPA will announce the new NAAS IP addresses in an EN Alert as soon as they are available. EPA will make every effort to provide this information at least 3 weeks prior to the cutover to allow time for partner agencies to adjust their firewall rules.
- Secure Authentication Key (SAK) – If your system communicates with the Exchange Network using a SAK, you will need to contact the Node Help Desk to obtain a new SAK.
Exchange Network Help Desk
For any questions or comments, or to report testing issues, please contact the Exchange Network Help Desk at:
- Email: [email protected]
- Phone: 1-888-890-1995 (Select Option 1 and then Option 5 from the menu)
Available 8:00 AM – 6:00 PM Eastern