dbWatch AS

Cloud router

Introduction

The dbWatch Control Center is structured around a network of nodes dedicated to managing server infrastructure. While these nodes effectively communicate within a single network, cross-network communication poses a unique challenge. To address this, we introduce the Cloud Router – a specialized node whose primary role is to securely route messages between different networks, ensuring the privacy and integrity of each domain is maintained.

Overview of Cloud Router

The Cloud Router is a pivotal element in the dbWatch architecture, designed to enable secure and efficient communication between different network segments. Uniquely positioned outside the individual networks, these routers eliminate the necessity for inbound firewall openings. This strategic placement not only enhances network security but also streamlines network management by simplifying the challenges associated with routing messages between networks.

A key aspect of the Cloud Router’s functionality is its heavy reliance on encryption protocols. These protocols are integral in controlling and securing the communication channels, ensuring that only authorized networks can interact with each other. This level of security is paramount in maintaining the integrity and privacy of each network domain while facilitating necessary inter-network connections.

Key Features

  • Untrusted by Design: The Cloud Router is engineered with the assumption that it could potentially be compromised. This “untrusted by design” approach ensures robust security measures are in place. By utilizing ephemeral keys and implementing comprehensive encryption for all communications, the system minimizes risks associated with compromised nodes. This design philosophy ensures that even in less secure environments, the integrity of message routing remains uncompromised.
  • Reduced Need for Inbound Rules: By positioning Cloud Routers outside individual networks, the need for configuring inbound firewall rules is significantly reduced, enhancing overall network security.
  • Streamlined Inter-Network Communication: Facilitates the management of message routing across various network segments, making the process more efficient and less complex.
  • Network Resilience: The Cloud Router network is structured to enhance reliability. By deploying a series of Cloud Routers, the system ensures message delivery even in instances where some routers encounter issues. This redundancy and resilience are key to maintaining continuous and reliable communication across the network, ensuring that critical messages are always routed efficiently, regardless of individual node disruptions.

Use Cases

  • Managing Multiple Networks as One: Businesses often operate servers across various network zones, including high-security internal zones, DMZ zones, and clouds. The Cloud Router enables the seamless management of these servers, making it as straightforward as if they were all located within a single zone. This capability simplifies the administration of complex network architectures, ensuring efficient and centralized control.
  • Managing Customer Networks: For service providers managing networks on behalf of customers, maintaining strict separation between different customers’ networks is crucial. The Cloud Router facilitates this by providing a secure way to manage each customer’s network independently, ensuring no crossover or unintended connection between them.
  • Temporary Access for Consultants: Hiring consultants often requires granting them access to specific network resources. The Cloud Router technology allows for the provision of limited, controlled access to consultants, enabling them to perform necessary tasks without full network access, thus ensuring security and privacy.
  • Instant Support from dbWatch Technicians: For immediate technical support, the Cloud Router offers a swift solution. By connecting to the Cloud Router network and authorizing access, dbWatch technicians can provide assistance quickly. This feature ensures prompt and efficient support, minimizing downtime and enhancing problem resolution.

Architecture

In a scenario where no direct connection is allowed between the dbWatch domain CA node and any of the Instance Hubs, a dbWatch Cloud Router can provide a secure connection point. It could be in a case where a Managed Service Provider wants to monitor several customer locations in the same setup, without a VPN and without opening ports in the customer firewall due to the increased attack vector this creates. A dbWatch Cloud Router is a specialized hardened dbWatch Server, more info on this here

Example drawing:

See Also

Cloud router security.

← Example architecture designs / Cloud router security →

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment