Page Comparison

The EmpowerID Cloud Gateway Client for SaaS enables your EmpowerID Cloud SaaS tenant to inventory and manage your on-premise systems without requiring ports to be opened on your firewall. The Cloud Gateway is a lightweight client that can be installed on a Windows desktop or server machine in your on-premise network. The Cloud Gateway client then makes a secure and encrypted outbound HTTPS connection to an EmpowerID queue in Azure as a bridge for communication between the EmpowerID Cloud servers and your on-premise network. You can install multiple Cloud Gateways on-premise for fault tolerance and increased performance.

...

Requirements

...

Communication Flow

Before installing the Cloud Gateway Client (CGC) on a server, you need to create an EmpowerID Person with access to register and ping a Cloud Gateway server. You then use this Person to register the Cloud Gateway server in EmpowerID. During the registration process, EmpowerID verifies the Person has the appropriate access and then generates a certificate and stores it on the server with the Cloud Gateway Client.

...

The public key is sent to EmpowerID and mapped to the EmpowerID Person

...

used during the registration process. All subsequent calls to EmpowerID by the Cloud Gateway Client occur using certificate-based authentication. When the Cloud Gateway Client starts, it calls EmpowerID to

...

• Remote Cloud Gateway Access Level – This Access Level grants two operations, Register Server and Update Heart Beat.

• Certificate associated with the Person account

Install the EmpowerID Cloud Gateway

...

On a designated on-premise machine, double-click the EmpowerIDCloudGateway.msi installer file to run it.

...

In the EmpowerID Cloud Gateway Setup wizard that appears, enter the Host URL to connect with and click Next.

...

...

On the Ready to install page, click the Install button. 

When the agent finishes installing, click the Finish button to close the wizard.

...

...

Optionally, if you are using a proxy to connect to the internet, select Use Proxy and then enter the address in the Proxy Address field.

...

...

Click Connect.

...

...

Enter the EmpowerID username and password for the dedicated cloud service account and click Login.

...

Click OK to close the Registration Complete message box.

Open Services.msc and start the EmpowerID Remote Agent Windows service.

...

retrieve information needed by it to connect to Azure. EmpowerID uses this same information to connect to Azure, constituting a point-to-point connection between EmpowerID in the Cloud and the on-premised Cloud Gateway Client.

...

The above image provides a high-level overview of the process and communication flow that occurs between EmpowerID, the Cloud Gateway Client, and Azure. The process is as follows:

• Step 1 – You create a dedicated Person account with the appropriate access in EmpowerID needed to register and ping a Cloud Gateway server. This Person account should be solely dedicated for this use and should not be linked to an actual user.

• Step 2 – You register the Cloud Gateway Client on a server using the EmpowerID Person account created above. If the Person successfully authenticates and has the required access, EmpowerID registers the client on the server, generates a certificate and stores that certificate on the server hosting the Cloud Gateway Client. The public key is sent securely to EmpowerID as part of the registration process, where it is mapped to the Person account used to register the client. The certificate is then used to authenticate all communications between the client and EmpowerID.

• Step 3 – The client securely calls EmpowerID to retrieve information needed by the client to connect to Azure.

• Step 4 – The client connects to the queue in Azure using the information received from EmpowerID.

• Step 5 – EmpowerID connects to the Azure queue using the same connection information sent to the Cloud Gateway Client, constituting a point-to-point connection between EmpowerID in the cloud and the on-premise Cloud Gateway Client. All such communications are secured via TLS.

...

Next Steps

...