***Note that deploying and running a hub within Azure is NOT currently officially tested nor supported.***
The following instructions are offered as suggestions for successfully configuring hub-tunnels in Azure/AWS.
How can I deploy a remote/secondary hub in Azure that will connect to a hub external to Azure via secure tunnel?
For this given environment/scenario:
The UIM Primary hub server is the tunnel client
<uimprimaryhub> - primary hub (tunnel 'client')
The Primary hub should be located within the company's network/enterprise ('On-premise')
There are two remote/secondary tunnel hubs:
1) Secondary hub (tunnel Server for DMZ)
2) Secondary hub (in Azure cloud - tunnel Server for Azure environment)
You must have a tunnel between Azure / AWS hubs and your on-premise hub install and the hub in Azure should be configured as the Tunnel Server.
Download the following packages to your local archive, then upgrade the robot and hub via drag and drop.
http://support.nimsoft.com/Files/Archive/00055/robot_update-7_93.zip
http://support.nimsoft.com/Files/Archive/00001/hub-7_93.zip
Note that if you see a "Finished with 'Unknown status' message" in the distribution window after upgrading the hub, you can ignore the message.
You can setup and use a Static hub to create the tunnel:
Static Route
Hubs discover other hubs by sending out broadcast (UDP) messages. Non-primary hubs that are separated from the primary hub by routers or firewalls cannot discover other hubs over UDP. Configure a static route between the hubs.
Static routes are used to:
1. Connect two hubs that are in the same environment, that reside on different network subnets.
2. Connect to a hub outside a firewall so that you can create a secure tunnel to the hub.
If you successfully added the remote hub in Azure as a static hub and now you can see it under the UIM (Nimsoft) domain, then at that point you should be able to add/configure the tunnel. Once the tunnel is in place AND you still see the hub under the UIM domain, then you can delete the static hub entry, and check to see if the hub is showing up under the UIM domain.
***Note that it may take a few minutes for the hub to come up and display itself under the UIM domain.***
Troubleshooting
- Check the tunnel port (48003) connectivity on both sides using telnet.
- Check firewall rules, AV, filtering/IDS, and you may want to use Wireshark to capture the traffic and see what’s happening if the tunnel is not connecting.
Please also review and apply these hub configuration suggestions:
Improving Tunnel Stability
From what we have found in some situations, the only way it works in Azure is if the Azure hub is a tunnel Server with a PUBLIC IP, and the tunnel clients connect to it on the PUBLIC IP and port 48003.
Be sure to always ensure the connectivity between the Azure hub server and the UIM hub for port 48003 on both ends before trying to distribute any probe packages.