Cloud router
Setting up a cloud router.
A “Cloud Router” is a dbWatch Node that securely forwards messages. It must be in a network where both the client and server can reach it.
A Cloud Router setup requires a separate license.
For security reasons you do not want to cloud router to be a domain controller, and you do not want it to be a part of the domain you want to connect to.
So, to set up a cloud router, you need a separate dbWatch domain that this router will be a part of.
Lets assume you have two domains “prod.acme.com” and “router.acme.com”.
“prod.acme.com” is your existing production environment with one or more dbWatch Servers.
“router.acme.com” is the router domain you want to set up.
Step one
Install a domain controller for the “router.acme.com” domain. This should be in a secure network location.
Step two
Install the routing node.
Add a file called router.json to the config/node catalog.
The file defines a firewall for the node, and it will only allow connections defined here.
The file has the following syntax:
“domains” is a list of domains to allow message forwarding for. * means all.
“rules” is an ordered list of what host to allow incoming connections from. Each rule has up to 4 fields separated by space.
ALLOW/DENY
FROM-HOST
TO-HOST // currently ignored
MAX-CONNECTIONS // currently ignored
You typically want to allow connections from the routing domain domain controller, the server(s) and the client(s).
Example:
{
"domains":[
"*"
],
"rules":[
"ALLOW 192.168.0.20/32 *",
"ALLOW 156.10.0.3/32 * 10",
"DENY"
]
}Add the routing node to the “router.acme.com” routing domain.
Step three
Add a connection from one (or more) of the server(s) in the “prod.acme.com” domain to the cloud router.
You do this from the “Domain Configuration” view, by right clicking on a Server and selecting “Edit Connections”.
Then in the dialog that appears, click “Add connection” and specify the host:port for the cloud router.
Step four
Connect the client to the cloud router. You can then add the client to the “prod.acme.com” domain as if you were connecting directly to one of the Servers in the domain.