Access-Seeker Cutover Checklist

DO NOT CALL REGISTER

Access-seeker Cutover Checklist

The Do Not Call Register has a new service provider. Our primary goal is to minimise the impact on access-seekers when performing washes. However there are some unavoidable changes that you will need to prepare for if you are using the SFTP (AWS) or SOAP (RTA) interfaces.

The following is a checklist of items that will require attention.

WEBSITE

Passwords

All passwords to the website services will be cleared and accounts disabled prior to cut over.

The Administration user for your account will need to connect to the Do Not Call Register website (https://donotcall.gov.au) and attempt to log into their account. Instructions will be displayed to reset the password. Once the password is reset the Administration user will then be responsible for reenabling other wash-only users and re-setting their passwords.

The functionality for uploading wash files and Quick Check will continue to be available on the website although due to design changes to the interface, you may notice a different look and feel.

SFTP

Passwords

For security purposes, all passwords to the SFTP service will be changed. Access-seekers will be supplied new passwords by SMS as part of the cutover. (Note, Access-seekers need to complete the Do Not Call Register - Request for sFTP account form to initiate this process).

Access-seekers must update any existing processes with these new passwordsafterthe cutover.

SSH Keys

Access-seeker's using SSH keys to authenticate when accessing the SFTP server must provide a new SSH key and upload it. Please see the document Do Not Call Register - Using SSH Key for SFTP Authentication for details on how to generate and upload a new SSH key.

Note, if Access-seekers supplied the SSH key along with the form for generating new passwords, they do not need to regenerate the key a second time once they receive their password.

SSH Libraries/Tools

For security reasons the SFTP server will only support modern cipher algorithms.

It is recommended that Access-seekers manually uploading files ensure the application used is the most recent version of that application.

Access-seekers using custom code to connect to and interact with the SFTP server should confirm that any SFTP libraries are compatible with the ciphers supported. Please see the complete list below in Appendix 1 – Supported Ciphers for SFTP

Firewall

In addition to passwords or SSH keys, access to the SFTP server is controlled using an IP whitelist. Prior to cutover all access-seekers using SFTP to perform washes must provide the IP address of the server they will be connecting from to SFTP.

In addition, access-seekers should ensure they are able to reach the new SFTP servers, as the IP addresses will change. The IP addresses for the new servers are 180.92.221.211 (production) and 203.47.114.61 (DR). Access-seekers must ensure they can reach these servers through port 22.

Check folder structures

The folder structure on the new SFTP server has changed. Access-seekers uploading and downloading files manually should not be affected.

Access-seekers using custom code to upload and download may need to update the folder paths you are using. The new paths are:

·  /public/upload

·  /public/download

·  /public/archive

SOAP

Passwords

All passwords to the SOAP service will be cleared and accounts disabled prior to cut over. The Administration user for the account will need to connect to the Do Not Call Register site (https://donotcall.gov.au) and attempt to log in to the website. Instructions will be displayed to reset the password for this user. Once the password is reset the Administration user will then be responsible for re-enabling other users and re-setting their passwords. This includes the user account associated with the SOAP services.

SOAP Service

The GetWashResult service has changed behaviour when querying ClientReferenceIds that have been used more than once. After the cutover to the new register operator (8.30 am, 22 September 2015), only the result of most recent wash made with the provided ClientReferenceId will be returned. Access-seekers using SOAP and querying the GetWashResult service should ensure that a unique ClientReferenceId is used per call.

Appendix 1 – Supported Ciphers for SFTP

The server supports the following options for kex_algorithms :

·  diffie-hellman-group-exchange-sha1

·  diffie-hellman-group-exchange-sha256

·  diffie-hellman-group1-sha1

·  diffie-hellman-group14-sha1

The server supports the following options for server_host_key_algorithms :

·  ssh-dss

·  ssh-rsa

The server supports the following options for encryption_algorithms_client_to_server :

aes128-ctr aes192-ctr aes256-ctr arcfour128 arcfour256

The server supports the following options for encryption_algorithms_server_to_client :

·  aes128-ctr

·  aes192-ctr

·  aes256-ctr

·  arcfour128

·  arcfour256

The server supports the following options for mac_algorithms_client_to_server :

·  hmac-ripemd160

·  hmac-sha1

·  hmac-sha2-256

·  hmac-sha2-512

· 

The server supports the following options for mac_algorithms_server_to_client :

·  hmac-ripemd160

·  hmac-sha1

·  hmac-sha2-256

·  hmac-sha2-512

· 

The server supports the following options for compression_algorithms_client_to_server :

·  none

· 

The server supports the following options for compression_algorithms_server_to_client :

·  none

· 

Page | 2