Public cloud installations

Public cloud installations are usually based upon an Airlock Gateway image (.vmkd) or a marketplace images.

Cloud infrastructures usually do not support IP takeover between the nodes of an Airlock Gateway failover cluster. Because of this limitation, it is not possible to build a failover cluster with Airlock Gateway in the cloud.

About single NIC in cloud environments
Auto-scaling requires a single NIC setup.
Single NICs are easy to set-up and preconfigured in some cloud images, i.e., to meet the Azure marketplace requirements.

Single NIC – best practice

In single NIC setups, Gateway and back-ends share the same NIC. Without security measures, it is possible to bypass the Gateway and to directly address a back-end.

Recommended settings:
Use mutual TLS to secure the communication between the Gateway and the back-ends to overcome the single-NIC issue.
To secure management and service connections to the Gateway consider the following options:

-Set-up a VPC and limit the source-IP addresses to your companies IP address space.
-Use a VPN to establish a secure connection.
-Set-up a jump host.

Multi-NIC – best practice

Note that multi-NIC cloud setups do not offer autoscaling!

Recommended settings:
Set up a dedicated management NIC to separate service and management connections from the public interface.
Use dedicated IP addresses for service access and public access (virtual hosts).

Further information and links

Techzone - Guides for Airlock Gateway cloud deployments