Public cloud installations

Public cloud installations are usually based upon an Airlock Gateway image (.vmkd).

Cloud infrastructures usually do not support IP takeover between the nodes of an Airlock Gateway failover cluster. Because of this limitation, it is not possible to build a failover cluster with Airlock Gateway in the cloud.

About single NIC in cloud environments
Auto-scaling requires a single NIC setup.
Single NICs are easy to set-up and preconfigured in some cloud images.

Single NIC – best practice

In single NIC setups, Gateway and back-ends share the same NIC. Without security measures, it is possible to bypass the Gateway and to directly address a back-end.

Recommended settings:
Use mutual TLS to secure the communication between the Gateway and the back-ends to overcome the single-NIC issue.
To secure management and service connections to the Gateway consider the following options:

-Set-up a VPC and limit the source-IP addresses to your companies IP address space.
-Use a VPN to establish a secure connection.
-Set-up a jump host.

Multi-NIC – best practice

Note that multi-NIC cloud setups do not offer autoscaling!

Recommended settings:
Set up a dedicated management NIC to separate service and management connections from the public interface.
Use dedicated IP addresses for service access and public access (virtual hosts).

Further information and links

Techzone - Guides for Airlock Gateway cloud deployments