Public-cloud deployment

Airlock Gateway is available as a cloud-ready disk image for major public-cloud providers. This article describes disk image properties, instance settings, swap configuration, network connectivity, and administrative access configuration. The following subsections provide provider-specific guidance for the public cloud platforms Azure, AWS, and GCP.

Disk image properties

The Airlock Gateway disk image is delivered in a minimal configuration to be adapted to the target environment during provisioning. The following table lists the main properties of the disk image together with their values and important considerations:

Property

Value

Description

Architecture

x86_64

Intel 64-bit architecture

Operating system

AlmaLinux

Base OS for Airlock Gateway

Format

VMDK, VHD, RAW (tar.gz)

Dedicated format per cloud provider

File system size

10 GB

The minimal disk size is 10 GB. If a larger disk is attached, the file system will automatically grow on first boot to use all available space.

Swap

Not configured

No swap is preconfigured. Swap must be defined during provisioning if required (see Swap configuration).

IP addresses

DHCP

Network configuration is obtained via DHCP. Only one IP address can be assigned per network interface. If multiple addresses or subnets are required, configure multiple NICs.

Administrative access

None

A preconfigured OS-level root user is available and can be used for administrative access via SSH. An application-level admin user is not preconfigured but can be created during provisioning if needed (see Administrative access configuration).

Initial Gateway configuration

Minimal setup

A reduced Airlock Gateway installation with a single NIC, prepared for DHCP-based networking. Provisioning with cloud-init is required.

Swap configuration

The recommended swap size depends on the instance sizing and can be calculated as installed RAM + 2 GB, with a maximum of 24 GB:

 
Example
SWAP = MIN(24 GB, RAM + 2 GB)

Different cloud environments may provide alternative mechanisms for configuring swap (e.g., using a dedicated swap device instead of a swap file on the root device). The following example shows how to create a swap file on the root device by means of the user-data script:

 
Terminal box
#cloud-config
swap:
  size: 8G
  filename: /swap.img
 
Notice

The cloud image does not include a preconfigured swap space. For production systems, we therefore strongly recommend configuring a swap space during the provisioning process.

For further information please refer to the cloud-init documentation, section Modules, subsection Mounts.

Network connectivity

The following network parameters are configured via DHCP upon boot:

  • Host name
  • IP address and netmask
  • Default gateway
  • Static routes
  • DNS server and domain

DHCP must be available for provisioning to succeed, as it is required to retrieve metadata and the user-data script.

Administrative access configuration

SSH

Root login via the SSH terminal requires deploying a public key. Use cloud provider features if available. As a fallback, define keys in the user-data script:

 
Terminal box
#cloud-config
ssh_authorized_keys:
  - ssh-rsa AAAAB3NzaC1yc2E.....

Configuration Center

Administrative access via the web UI requires a user with the airlock-administrator role. Create such a user and set an initial password using the user-data script, which also generates the corresponding REST token:

 
Terminal box
#cloud-config
runcmd:
  - /opt/airlock/base/bin/airlock-user-manager-tool --set --user admin --password <secret> --role airlock-administrator --jwt

After installation, proceed with system provisioning via SSH using the airlock-user-manager-tool for further guidance on how to continue system setup in unattended or manual installations.