The DONUTs are moving out of their parent's basement!
Internal resources, are best resources. And I guess security is important too.
TL;DR
Thanks to budgets, and security concerns, all DONUTs now live behind ZScaler, and each url has changed. Where the string "herokuapp" was, it's now "ps.ringcentral" instead.
For example, if the old DONUT address was https://sip-provisioning.herokuapp.com, it's now https://sip-provisioning.ps.ringcentral.com.
New URLs
- https://sip-provisioning.ps.ringcentral.com
- https://extension-activator.ps.ringcentral.com
- https://ccrns.ps.ringcentral.com
- https://advanced-rules.ps.ringcentral.com
- https://caller-id-audit.ps.ringcentral.com
- https://phone-and-extension-assigner.ps.ringcentral.com
What's Heroku?
Heroku is a very user friendly, and simple web hosting service, that was bought by Salesforce of all people a while back. It's got some really nice integrations, which allow a website to be deployed straight from Github.com, a supremely popular code repository platform (now owned by Microsoft).
In the early days of DONUTs, before PSi had a really solid web infrastructure design, using Heroku was a huge boon. We could simply write up the code, hit a button, and ProServ had something useable! Loads of time was saved!
Budgetary Concerns
All things being equal, the cost is almost not relevant. And that's probably why PSi hasn't been too concerned with moving it for a long time either. I mean, what's a couple hundred bucks compared to saving people hundreds of hours of button clicks?
That said though, we were using a corporate card to pay for the Heroku service, and that got axed at the end of the year. If anyone in RC needs software, RC isn't going to be reimbursing the cost. The software has to be paid through the normal process of having IT vet the software, and pull money from your department's budget to pay for it.
Security Concerns
Heroku is public. There's no IP whitelisting, or anything like that. Meaning that anyone could open up the page if they happened to find it. Since the user needs to login, this wasn't an issue. Once we added the cool little thing where you can authorize as a customer, once you logged in as an RC employee, then security concerns basically went away. Until...
Without a boat load of details, if someone was really snooping at the code loaded on their webpage once they opened up the DONUT, they could see some private credentials. It didn't create a security breach though.
When you create a developer application with the RingCentral Developer Portal, you're given some private credentials that signify that the app, belongs to you. This does loads of stuff, like generates usage statistics on the developer portal, and if an app is causing errors or something, RC knows whose app it is, and can reach out to the app's owner to fix it. These private credentials don't allow access to a customer's account info directly though. Someone still has to login, before any information is exposed.
So the security issue essentially is, if someone got these private credentials, they could let RC customers login, and it would look to RC as though the customer had logged into our DONUT, even though they could be on some other page, doing something entirely different.
With all that said, just good practice to have everything on our AWS account, behind ZScaler. Thus the move!