Public cloud installations are usually based upon an Airlock Gateway image (.vmkd) or a marketplace images.
Cloud infrastructures usually do not support IP takeover between the nodes of an Airlock Gateway failover cluster. Because of this limitation, it is not possible to build a failover cluster with Airlock Gateway in the cloud.
- About single NIC in cloud environments
- ●Auto-scaling requires a single NIC setup.
- ●Single NICs are easy to set-up and preconfigured in some cloud images, i.e., to meet the Azure marketplace requirements.
Single NIC – best practice
In single NIC setups, Gateway and back-ends share the same NIC. Without security measures, it is possible to bypass the Gateway and to directly address a back-end.
- Recommended settings:
- ●Use mutual TLS to secure the communication between the Gateway and the back-ends to overcome the single-NIC issue.
- ●To secure management and service connections to the Gateway consider the following options:
- -Set-up a VPC and limit the source-IP addresses to your companies IP address space.
- -Use a VPN to establish a secure connection.
- -Set-up a jump host.
Multi-NIC – best practice
Note that multi-NIC cloud setups do not offer autoscaling!
- Recommended settings:
- ●Set up a dedicated management NIC to separate service and management connections from the public interface.
- ●Use dedicated IP addresses for service access and public access (virtual hosts).