Secure Access Cloud (SAC) is a Software as a Service platform that allows corporate IT organizations to provide secure connectivity to corporate applications and services for designated audiences. SAC allows doing the above without exposing internal networks/datacenters to risks associated with network access and provides unparalleled visibility and governance into activities that are performed by the accessing parties.
In order to get start with SAC, one needs to configure the system to provide access as described in the below diagram:
In the diagram above, users can access published applications via the SAC cloud service, as these applications have a SAC Connector component deployed in their datacenter. A separate guide explains the steps that need to be taken in order to configure applications for access via SAC.
This guide explains how to deploy SAC Connector on a Linux machine located in the organizational datacenter (on-premises, or cloud-based).
The deployment of SAC Connector as Docker container consists of the following steps:
- Make sure that the host machine has sufficient connectivity
- Make sure that the host machine is running an up-to-date Docker Engine
- Installation of SAC Connector
Making sure that the host machine has sufficient connectivity
Below schema describes the communications that need to be allowed:
For those looking to restrict the allowed outbound TCP:443 communications only to the SAC infrastructure, please reach out to the SAC support for assistance. The exact addresses depend on the geographical location of your datacenter.
Making sure that the host machine has an up-to-date Docker Engine
In addition to allowing the connectivity mentioned above, in order to deploy SAC Connector as a Docker container on Linux, the Docker Engine should be installed on the host.
Docker provides detailed instructions on installing the Docker Engine on any type of server, desktop or cloud platform. Please make sure that these steps are taken before attempting to deploy SAC Connector.
Installation of the SAC Connector
In the SAC Administration Portal, please open the Sites view. In the Sites view, please either create a new site or open an existing site.
Please note, that when creating a new Site, a new Connector is created automatically:
When editing an existing site, clicking New Connector will create an additional connector.
All new connectors are created with a status "New".
Upon saving the changes made to the site, for every new connector the following window will pop up:
Note: When you copy, it will include the '\' at then end of each line. When you run the command you must delete these '\' characters and run the command as a single line command.
Opening Kerberos settings is required if the connector is providing connectivity to applications using Single Sign On with Kerberos Constrained Delegation.
Please copy the content of the text box and run it on the Linux server, making sure that the session user has permissions to manage Docker containers. The execution of the above command will pull the relevant version of the SAC Connector from Docker Hub and initialize it, allowing it to reach out to the SAC Cloud.
The configuration presented above makes sure that the container is restarted in any case it stops running, for example, if the host is rebooted.
6. The connectivity status indicator of the connector in the SAC Security Administration Console should change from gray or red to green.
If this change does not occur, and the connector remains gray, it usually indicates that the SAC Connector is unable to open an outbound HTTPS connection to the SAC Cloud. In order to troubleshoot this situation, please run the following command on the host: docker logs <name of your container> and follow the instructions that are shown.