Setting up an Application Site

Installing the Connector for Application-Level Access

The Connector is a lightweight software that acts as the only network interface in your data center. It creates a single, resilient, reverse tunnel connection (IPSecClosed A protocol suite for securing IP communications by authenticating and encrypting each IP packet of a communication session.) to Harmony Connect nearest point of presence. It runs on any Linux computer with DockerClosed Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. installed. It is completely infrastructure agnostic and can be hosted on any cloudClosed An administrator approved Harmony Connect cloud location that processes the internet and corporate traffic. provider or on-premises.

  • Each Connector can hold traffic of up to 500 Mbps.

  • You can deploy up to five Connectors in each site supporting up to 2 Gbps by using the same Docker command.

Note: This procedure applies only to Application-Level Access to Corporate Applications.

To configure the Application site for secure Application-Level access:

  1. In Harmony Connect, go to Assets > Application Sites and click Add Site.

  2. Enter the new site details and click Create:

    • Site Name - the name appears only in the management interface

    • Locations - select from the list a geographical location that your site can use for RDP routing. The location details are set below in Setting up an Application Site.

      Notes -

      • This location is intended only for RDP traffic routing. The rest of the traffic is routed through the main account location.

      • When you edit the location of an existing site, the stored RDP recordings become inaccessible from the interface.

  3. Follow instructions on the window that opens to install a Connector.

    Notes -

    • If your device interface is not preconfigured to eth0, then before running the command:

      • Delete -e DeviceInterfaceName=eth0 from the command

      • Replace eth0 with the preconfigured device interface. For example-e DeviceInterfaceName=ens192.

    • You can also install the Connector on Podman running Red Hat Linux 8.5. To install the Connector on Podman:

      1. Copy and paste the command to a Notepad.

      2. Replace docker with Podman.

      3. Replace --cap-add=NET_ADMIN with --cap-add=NET_ADMIN,NET_RAW.

      4. Copy and run the command on the target machine.

  4. Click OK.

    The site appears in the list of application sites.

To edit the Application site:

  1. In Harmony Connect, go to Assets > Application Sites and see the list of configured sites.

  2. Use the Actions icons in the sites table for additional operations with the site:

    Item Name Description

    Regenerate Key

    A unique secret key incorporated in the Docker command during your Connector installation.

    If the generated secret key is not saved, you may need to regenerate the key to upgrade a Connector or add a new Connector to the site.

    Edit Site

    You can edit the site name or the location of the data plane for RDP connections. When you edit the location, the stored RDP recordings become inaccessible from the interface.

    Delete Site

    You can delete the application site with its applications and policies.

Deploying the Connector

Note: This procedure applies only to Application-Level Access to Corporate Applications

Requirements

For requirements, see sk178065.

To deploy a connector:

  1. Open an SSH connection with the server where you have Docker installed.

  2. Run:

    sudo su

  3. Copy the command that appears in the on-screen instructions.

    Important - Make sure to save the entire command, including the Connector Secret, for future use.

  4. In your SSH session, paste the contents of the command into the terminal window.

  5. Docker container starts, even if one instance of the script is run on the system. Otherwise, the system downloads and starts the Docker container. The container starts automatically when the system restarts.

The Connector is ready, and you can see it online in Harmony Connect. To monitor the Connector connection status, see Monitor Connector.

Your end users can access their corporate applications through the User App Portal, on their web browser. When they access a corporate application, the User App Portal validates the user permissions and then communicates with the Connector deployed on the Data Center or Cloud site, to fetch the contents of the corporate application.

For installation of Linux and Docker on your computer, see Appendix A - Installing Linux and Docker.

Connector's Version Number

  1. To know version number of all the deployed Connectors, run:

    for c in $(docker ps | awk '/adanite/ {print $NF}'); do echo $c; docker inspect $c | grep VERSION=; done

  2. To know the latest Connector version available for you to deploy, run:

    curl --silent https://assets.checkpoint.security/connector-scripts/ConnectorOSValidator.sh | bash -s