The EmpowerID Cloud Gateway Client enables is a lightweight application that can be installed on a Windows desktop or server machine within your on-premise network to enable your EmpowerID Cloud SaaS tenant to inventory and manage your on-premise systems without requiring ports to be opened on your firewallnetwork infrastructure changes or the introduction of firewall holes. The EmpowerID Cloud Gateway is a lightweight client uses Azure Hybrid Connections, which allows for the relaying of data between different networks that can be installed on a Windows desktop or server machine in your on-premise network. The Cloud Gateway client then makes a secure and encrypted outbound HTTPS connection to an EmpowerID queue in Azure as a bridge for communication between the EmpowerID Cloud servers and your on-premise network. You can install multiple Cloud Gateways on-premise for fault tolerance and increased performance“scoped to a single application endpoint on a single machine” using HTTP(S) and WebSockets. In this way, services and applications can access resources safely in the cloud and on-premise with a single host:port combination.
How does the Cloud Gateway Client allow EmpowerID to interact with systems in the local network?
As part of the process when installing the cloud gateway, you configure a connection to Azure Hybrid Connections (listener queue in Azure). The Cloud Gateway Client application makes a connection to Azure Hybrid Connections and registers the connection details in the EmpowerID database. EmpowerID also makes a connection to Azure Hybrid Connections with the connection details. Neither system has direct knowledge of the other, nor do they need to do so. They only need to know about the service endpoint in Azure Hybrid Connections, which acts as a broker between the two. EmpowerID and the Cloud Gateway Client never write data to each other; they write data to and read data from the Azure Hybrid Connection. In this model, the Cloud Gateway connects to Microsoft Cloud in order to connect to the endpoint (Azure Hybrid Connection). EmpowerID, whether in the same cloud or on some other network, connects to the same Azure Hybrid Connection.
Communication Flow
Before installing the Cloud Gateway Client (CGC) on a server, you need to create an EmpowerID Person with access to register and ping a Cloud Gateway server. You then use this Person to register the Cloud Gateway server in EmpowerID. During the registration process, EmpowerID verifies the Person has the appropriate access and then generates a certificate and stores it on the server with the Cloud Gateway Client. The public key is sent to EmpowerID and mapped to the EmpowerID Person used during the registration process. All subsequent calls to EmpowerID by the Cloud Gateway Client occur using certificate-based authentication. When the Cloud Gateway Client starts, it calls EmpowerID to retrieve information needed by it to connect to Azure. EmpowerID uses this same information to connect to Azure, constituting a point-to-point connection between EmpowerID in the Cloud and the on-premised Cloud Gateway Client.
...
| Info |
|---|
Unsolicited communication originating from the Cloud Gateway Client is not processed by EmpowerID. |
...
| Macrosuite divider macro | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Install the Cloud Gateway for SaaS