Setting up an Application Site
Installing the Connector for Application-Level Access
The Connector is a lightweight software that acts as the only network interface in your data center. It creates a single, resilient, reverse tunnel connection (IPSec A protocol suite for securing IP communications by authenticating and encrypting each IP packet of a communication session.) to Harmony Connect nearest point of presence. It runs on any Linux computer with Docker Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. installed. It is completely infrastructure agnostic and can be hosted on any cloud An administrator approved Harmony Connect cloud location that processes the internet and corporate traffic. provider or on-premises.
-
Each Connector can hold traffic of up to 500 Mbps.
-
You can deploy up to five Connectors in each site supporting up to 2 Gbps by using the same Docker command.
Note: This procedure applies only to Application-Level Access to Corporate Applications.
To configure the Application site for secure Application-Level access:
-
In Harmony Connect, go to Assets > Application Sites and click Add Site.
-
Enter the new site details and click Create:
-
Site Name - the name appears only in the management interface
-
Locations - select from the list a geographical location that your site can use for RDP routing. The location details are set below in Setting up an Application Site.
Notes -
-
This location is intended only for RDP traffic routing. The rest of the traffic is routed through the main account location.
-
When you edit the location of an existing site, the stored RDP recordings become inaccessible from the interface.
-
-
-
Follow instructions on the window that opens to install a Connector.
Notes -
-
If your device interface is not preconfigured to eth0, then before running the command:
-
Delete
-e DeviceInterfaceName=eth0
from the command -
Replace eth0 with the preconfigured device interface. For example
-e DeviceInterfaceName=ens192
.
-
-
You can also install the Connector on Podman running Red Hat Linux 8.5. To install the Connector on Podman:
-
Copy and paste the command to a Notepad.
-
Replace
docker
withPodman
. -
Replace
--cap-add=NET_ADMIN
with--cap-add=NET_ADMIN,NET_RAW
. -
Copy and run the command on the target machine.
-
-
-
Click OK.
The site appears in the list of application sites.
To edit the Application site:
-
In Harmony Connect, go to Assets > Application Sites and see the list of configured sites.
-
Use the Actions icons in the sites table for additional operations with the site:
Deploying the Connector
Note: This procedure applies only to Application-Level Access to Corporate Applications
Requirements
For requirements, see sk178065.
To deploy a connector:
-
Open an SSH connection with the server where you have Docker installed.
-
Run:
sudo su
-
Copy the command that appears in the on-screen instructions.
Important - Make sure to save the entire command, including the Connector Secret, for future use.
-
In your SSH session, paste the contents of the command into the terminal window.
-
Docker container starts, even if one instance of the script is run on the system. Otherwise, the system downloads and starts the Docker container. The container starts automatically when the system restarts.
The Connector is ready, and you can see it online in Harmony Connect. To monitor the Connector connection status, see Monitor Connector.
Your end users can access their corporate applications through the User App Portal, on their web browser. When they access a corporate application, the User App Portal validates the user permissions and then communicates with the Connector deployed on the Data Center or Cloud site, to fetch the contents of the corporate application.
For installation of Linux and Docker on your computer, see Appendix A - Installing Linux and Docker.
Connector's Version Number
-
To know version number of all the deployed Connectors, run:
for c in $(docker ps | awk '/adanite/ {print $NF}'); do echo $c; docker inspect $c | grep VERSION=; done
-
To know the latest Connector version available for you to deploy, run:
curl --silent https://assets.checkpoint.security/connector-scripts/ConnectorOSValidator.sh | bash -s