Connecting to TCP Servers with Luminate Secure Access Cloud
Luminate Secure Access Cloud (TM) can provide secure connectivity for any TCP-based protocol to any TCP Service deployed in on-premises, IaaS or PaaS environments. This article will explain how to configure the connectivity (for Luminate Administrators) and will provide a number of examples on how to use it (for Luminate users).
Below diagram explains the topology of the solution:
In the diagram, the Destination Server, deployed in the customer's datacenter or cloud location provides some kind of a service on TCP Ports XXX and YYY and the end-user is looking to consume this service (i.e., to connect to these ports) via Luminate Secure Access Cloud (TM).
The traffic is authenticated and authorized by Luminate Secure Access Cloud (TM) using any of these methods:
The traffic is encrypted in transit with the following means:
Definitions of TCP Tunnels are made in the Admin Portal (or via an API). First a Site that contains the TCP Servers should be chosen (naturally, Luminate Connectors defined in the site should be able to connect to the actual servers over TCP).
First, in the Applications view, create a new TCP Tunnel:
The most important fields when defining an SSH Tunnel are:
After defining the TCP Tunnel properties, it needs to be assigned to certain users or groups:
For each assigned entity, authentication settings should be chosen - either a one-time token or an SSH Key. All the policies related to SSH connections will apply to TCP Tunnels.
Using TCP Tunnels can be done by either doing Local Port Mapping using any SSH Client (OpenSSH, Putty, SecureCRT, MobaXterm - among others) or by using an application that supports connecting over an SSH Tunnel (such as, but not limited to, MySQL Workbench, pgAdmin, Robo 3T, FastoRedis and more).
Luminate Applications Portal offers a convenient UX for creating local port maps using an OpenSSH CLI. By clicking on an icon representing the tunnel, the user is presented with the following UX:
The UI is building a default port mapping command using a Local Host IP address and the same ports as the ones exposed by the original TCP servers. Naturally, the IP Address or the local ports can be changed.
Additionally, here are guides on using SSH Tunnels in different tools:
Many more different applications and tools have a built-in SSH Tunnel support.