Skip to main content

Connector for Public Cloud IaaS Providers

Abstract

Private networks and application servers use Connectors to interface with CloudConnexa so that services and applications reachable or hosted on them can be accessed. Connectors are used to establish a connection to CloudConnexa that is meant to stay always ON.

Private networks and application servers use Connectors to interface with CloudConnexa so that services and applications reachable or hosted on them can be accessed. Connectors establish a connection to CloudConnexa that is meant to stay always ON. Networks can be connected using either IPsec or OpenVPN tunnels. Application servers, or Hosts as they are called in CloudConnexa, use only OpenVPN tunnels.

Basically, Connectors are just OpenVPN and IPsec protocol-compatible clients that make an outbound connection to a CloudConnexa Region (Point of Presence). It is the fact that the OpenVPN connection profile that these clients use and that their connection to CloudConnexa is associated with a CloudConnexa Network or Host entity that makes them Connectors.

Types of CloudConnexa Connectors

Connectors are of two types: a CloudConnexa Network Connector or a CloudConnexa Host Connector, depending on the CloudConnexa entity they are associated with.

Difference between Host and Network Connectors

Network Connector

A Network Connector connects a private network to CloudConnexa. Since it connects two networks (i.e., the CloudConnexa WPC and your private network), it must act as a router. The Connector's OpenVPN connection profile can be used with an OpenVPN-compatible hardware router or installed on a general-purpose computing device or virtual machine configured to act as a software router.

A Network Connector is an unattended Client application that is always connected to CloudConnexa for the purpose of:

  • Providing inbound access from the CloudConnexa WPC to the private network based on the private and public applications, routes, and IP Services configured as being reachable from that private network.

  • If the private network is configured to act as an Internet Gateway, providing inbound access to Internet traffic from the WPC to the private network

  • Providing outbound access to devices on the private network to WPC

A Network Connector can use IPsec and OpenVPN protocols.

Host Connector

Unlike a Network Connector, a Host Connector does not connect the WPC to a private network and, therefore, cannot be a router. A Host Connector connects an application server (for example, FTP server, remote desktop server, network attached storage system) to the CloudConnexa WPC.

Unlike a Network Connector, the Host Connector can only provide access to private applications running on the computing device it is installed on and can allow that device access to the WPC.

A Host Connector has to use OpenVPN protocol and not IPsec.

Deployment guides for IPsec Network Connectors

Deployment guides for OpenVPN Connectors

There are three main steps for getting an OpenVPN Connector operational:

  1. Install an OpenVPN client if it does not already exist.

  2. Obtain and use the Connector's OpenVPN connection profile.

  3. For a Network Connector, enable NAT and routing

OpenVPN Connector for Public Cloud IaaS

The information in the table below applies to both Host and Network Connectors. However, the instructions to enable NAT and routing do not apply to Host Connectors.

IaaS

Install Client

Obtain Profile

Enable NAT and routing for Network Connector

Guides

AWS

A CloudFormation template is generated based on the selected AWS Region.

The template is presented in the Deploy Connector section of the Administration Portal.

The template creates an Ubuntu EC2 instance and installs the OpenVPN 3 client.

The CloudFormation template has the needed instructions to retrieve the profile.

The CloudFormation template for Network Connector has the needed instructions to enable NAT and routing.

Note

During configuration, there is a field called ManageRoutes. Select True if you are doing a site-to-site setup and want to automatically push the subnets of the other sites to the VPC routing table.

Tutorial: Connect Your AWS VPC to CloudConnexa by Deploying a Connector

Tutorial: Enable DCO for a Linux Connector

Azure

An Azure Resource Manager (ARM) template is generated and presented on the Administration Portal Deploy Connector section.

The template creates an Ubuntu Virtual Machine and installs the OpenVPN 3 client.

The ARM template has the needed instructions to retrieve the profile.

The ARM template for Network Connector has the needed instructions to enable NAT and routing.

Tutorial: Connect Your Azure VNet to CloudConnexa by Deploying a Connector

Tutorial: Enable DCO for a Linux Connector

GCP

Connector with Cockpit

Launch a Linux VM on GCP and use the OS instructions for Linux

The profile token is used to import the profile.

The Linux script generated for the Network Connector includes the commands to setup NAT and routing.

Enabling NAT and routing may be required for the Connector with Cockpit installation. Tutorial: Enable routing and NAT on Linux

Tutorial: Use the Linux OpenVPN 3 Connector integrated with Cockpit

For IaaS providers not on the list, run a Linux instance and either use the Connector with Cockpit or generate scripts by selecting Linux as the Operating System.