**This message contains important new details about forthcoming changes to the Exchange Network Authentication and Authorization Service (NAAS). The new information includes tentative migration dates and the new NAAS IP addresses. Please read this message in its entirety to understand if your agency or organization will be affected.**
As previously reported on March 8, U.S. EPA is planning updates to the Exchange Network’s security infrastructure known as the Network Authentication and Authorization Service (NAAS). The current NAAS application will be migrated to a new platform in the coming weeks. The system will retain all existing functionality and the re-platforming should be transparent to most users. Here are some important highlights about this upcoming change:
- The current URLs for the NAAS will not change.
- The IP addresses for the NAAS will be changing, so agencies with strict firewall rules will need to update them for the new IP addresses. See below for details.
- Server security certificates will not be changing during this migration, so agencies will not need to adjust for new certificates.
Please see below for more information about anticipated timing and other considerations. If you have any questions or comments please contact the Exchange Network Help Desk (see contact information below).
Schedule and Downtime
The anticipated schedule for re-platforming the NAAS is:
- New NAAS Test Environment
Tentatively available on March 29, 2021
Deployment planned for weekend of March 27-28 (expect service downtime during the weekend)
- New NAAS Production Environment
Tentatively available on April 19, 2021
Deployment planned for weekend of April 17-18 (expect service downtime during the weekend)
EPA anticipates that the NAAS will be unavailable for part of the deployment weekends. EPA will communicate more specifics about the amount of downtime anticipated as that information becomes available. Watch for more details in a future EN Alert email. Please take note of this anticipated downtime and inform your agency’s Exchange Network users that they will not be able to connect to the Exchange Network or NAAS-supported applications during the NAAS platform change.
Testing
Once the NAAS Test environment has been migrated to the new platform, EPA will notify the Exchange Network community in an EN Alert email. This will open an opportunity for the community to help verify that the re-platformed NAAS services are continuing to operate normally. During this testing period, partner agencies should:
- Verify that your nodes / dataflows remain operational and are working normally. Unless your agency is covered by one of the exceptional situations below, the NAAS services in the TEST environment should continue to work normally for you without any need for intervention on your part.
- Please report any anomalies, questions, or errors to the Node Help Desk (see information below).
Exceptional Situations
In most cases, the NAAS re-platforming will be completely transparent and users will not need to take any action. The exceptions to that rule are listed below. Please read on to determine if your organization will be impacted by one of these situations. If you have questions, please contact the Exchange Network Help Desk (see below).
- Firewall Rules – After the migration, the IP addresses for the Test and Production NAAS will change. If you have an outbound firewall rule from your system to the current NAAS IP addresses, your agency will need to update your firewall rules to allow access to the new NAAS IP addresses below:
Test NAAS
New IP Address: 204.47.254.135
URL: https://naas.epacdxnode.net
Planned Effective Date: March 29, 2021Production NAAS
New IP Address: 204.47.254.197
URL: https://cdxnodenaas.epa.gov
Planned Effective Date: April 19, 2021
- Secure Authentication Key (SAK) – If your system communicates with the Exchange Network using a SAK, you will need to contact the Node Help Desk to obtain a new SAK.
Exchange Network Help Desk
For any questions or comments, or to report testing issues, please contact the Exchange Network Help Desk at:
- Email: [email protected]
- Phone: 1-888-890-1995 (Select Option 1 and then Option 5 from the menu)
Available 8:00 AM – 6:00 PM Eastern