Public cloud installations

Public cloud installations are usually based upon an Airlock Gateway image (.vmkd) or a marketplace images.

Cloud infrastructures usually do not support IP takeover between the nodes of an Airlock Gateway failover cluster. Because of this limitation, it is not possible to build a failover cluster with Airlock Gateway in the cloud.

  • About single NIC in cloud environments
  • Auto-scaling requires a single NIC setup.
  • Single NICs are easy to set-up and preconfigured in some cloud images, i.e., to meet the Azure marketplace requirements.

Single NIC – best practice

In single NIC setups, Gateway and back-ends share the same NIC. Without security measures, it is possible to bypass the Gateway and to directly address a back-end.

  • Recommended settings:
  • Use mutual TLS to secure the communication between the Gateway and the back-ends to overcome the single-NIC issue.
  • To secure management and service connections to the Gateway consider the following options:
    • -
      Set-up a VPC and limit the source-IP addresses to your companies IP address space.
    • -
      Use a VPN to establish a secure connection.
    • -
      Set-up a jump host.

Multi-NIC – best practice

Note that multi-NIC cloud setups do not offer autoscaling!

  • Recommended settings:
  • Set up a dedicated management NIC to separate service and management connections from the public interface.
  • Use dedicated IP addresses for service access and public access (virtual hosts).