Skip to main content

BAIS Windows Firewall Rules

This document describes how to add/remove/edit Windows Firewall rules for the BAIS servers. All rules are managed through Ansible automation in the Globalscape Repo.

Rules should be adjusted by the project team on a self-service basis.

Prerequisites

Process

A PR for changes to the BAIS NSG rules should be raised by the person or team requesting the change. The Platform Operations will review the PR and provide approval, followed by executing the pipeline on behalf of the requester. See steps 1 to 8 for details on raising a PR.

Self-Service Steps

  1. Clone Globalscape Repo to your local machine. bash git clone https://github.com/hmcts/globalscape-azure-infrastructure
  2. Create a new branch, typically with a JIRA ticket number. bash git checkout -b BRANCH-NAME
  3. Navigate to newansible/files where you will see 4 CSV files containing firewall rules. (2 NLE and 2 Prod)
  4. Modify the CSV file for the required environment looking to existing rules for formatting guidance. Note: removing rules from the CSV will remove them from the server.
  5. Push your new branch bash git push --set-upstream origin BRANCH-NAME
  6. Create a Pull Request and review changes compared with master.
  7. Look out for typical formatting issues such as extra spaces or unusual characters.

  8. Specifically the ‘-’ in port ranges can often need deleted and retyped depending on how CGI have exported the CSV.

  9. CI will run automatically across STG after the PR is raised. Azure DevOps

  10. Review build log and investigate any issues, pushing corrections to the pipeline will auto trigger another CI build.

  11. Raise a BAU ticket with the PlatOps team requesting PR approval and execution.

Platform Operations Steps

  1. Review PR
  2. If terraform Plan is successful: In Azure DevOps
  3. ‘Run Pipeline’
  4. Branch/tag: Your new branch name
  5. Commit: Blank
  6. Stage to Run: BAIS_Servers
  7. Location: UK South
  8. Environment: Set as required.
  9. Advanced Options: Leave as default.

Click Run

  1. Verify windows server accurately reflects CSV file change in from PR. You can access the servers using the guide: Server Access

  2. Merge branch with Master.

This page was last reviewed on 26 January 2024. It needs to be reviewed again on 26 January 2025 by the page owner platops-build-notices .
This page was set to be reviewed before 26 January 2025 by the page owner platops-build-notices. This might mean the content is out of date.