The EmpowerID Cloud Gateway Client is a lightweight application installed on a Windows desktop or server machine within your on-premise network. This client enables your EmpowerID Cloud SaaS tenant to inventory and manages your on-premise systems without requiring network infrastructure changes or the introduction of firewall holes. The EmpowerID Cloud Gateway uses Azure Hybrid Connections, which allows for relaying data between different networks that can be “scoped to a single application endpoint on a single machine” using HTTP(S) and WebSockets. This way, services , and applications can access resources safely in the cloud and on-premise with a single host: port combination.
| Tip |
|---|
What is Azure Relay & Azure Relay Hybrid Connections? Azure Relay is a message service provided in the Azure Service Bus platform, which can expose services that run in on-premises to the public cloud. The services can be exposed without opening a port on the firewall with the use of using Azure Relay. Azure Hybrid Connectionsis a protocol feature provided by Azure Relay, which is open standard secured web sockets enabling multi-platform scenarios for HTTP and WebSockets. |
...
As part of the process when installing the cloud gateway, you configure a connection to Azure Hybrid Connections (listener queue in Azure). The Cloud Gateway Client application makes a connection connects to Azure Hybrid Connections and registers the connection details in the EmpowerID database. EmpowerID also makes a connection to Azure Hybrid Connections with the connection details. Neither system has direct knowledge of the other, nor do they need to do so. They only need to know about the service endpoint in Azure Hybrid Connections, which acts as a broker between the two. EmpowerID and the Cloud Gateway Client never write data to each other; they write data to and read data from the Azure Hybrid Connection. In this model, the Cloud Gateway connects to Microsoft Cloud in order to connect to the endpoint (Azure Hybrid Connection). EmpowerID, whether in the same cloud or on some other network, connects to the same Azure Hybrid Connection.
...
Before installing the Cloud Gateway Client (CGC) on a server, you need to create an EmpowerID Person with access to register and ping a Cloud Gateway server. You then use this Person to register the Cloud Gateway server in EmpowerID. During the registration process, EmpowerID verifies the Person has the appropriate access and then generates a certificate and stores it on the server with the Cloud Gateway Client. The public key is sent to EmpowerID and mapped to the EmpowerID Person used during the registration process. All subsequent calls to EmpowerID by the Cloud Gateway Client occur using certificate-based authentication. When the Cloud Gateway Client starts, it calls EmpowerID to retrieve the information needed by it needs to connect to Azure. EmpowerID uses this same information to connect to Azure, constituting a point-to-point connection between EmpowerID in the Cloud and the on-premised Cloud Gateway Client.
...
| Macrosuite divider macro | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Configure Settings & Person for the Cloud Gateway
Install & Verify the Cloud Gateway for SaaSApplication
Modify Proxy Information for the Cloud Gateway ClientAzure Relay Setup with the Cloud Gateway Client