On-premises installations

On-premises installations are usually based upon an Airlock Gateway ISO image or a virtual machine disk image.

With a multi-NIC setup, a physical separation between service and public network can be established. For high availability requirements, Airlock Gateway can be set-up in a failover cluster.

Multi-NIC (recommended)

Multi-NIC setups offer the best combination of security advantages and high-availability options.

Recommended settings:

Set-up a dedicated management NIC to separate back-end and management connections from the public interface.
Use dedicated IP addresses for public access (virtual hosts) and back-end access.
Set-up an Airlock Gateway failover cluster. To harden your failover setup:
- -Use the public interface for failover cluster checks.
- -Use separated IP spaces for PIP/PPIP and virtual hosts.
- -Make the PIPs only reachable by the PPIPs of the partner nodes.

Single NIC

Single-NIC setups prevent bypassing by design because there is only a single connection between the Gateway and back-ends. Single-NIC setups also support Airlock Gateway failover cluster.

Recommended settings:

Use dedicated IP addresses for public access (virtual hosts) and back-end access.
Set-up an Airlock Gateway failover cluster. To harden your failover setup:
- -Use separated IP spaces for PIP/PPIP and virtual hosts.
- -Make the PIPs only reachable by the PPIPs of the partner nodes.

Further information and links

Failover cluster setup for on-premises installations