CGW – Quick Deployment Guide

CGW – Quick Deployment Guide

1. Introduction

Adjacent to the internal applications running in a public cloud, data center, or on-premises server, Exium places a small piece of software called Cyber Gateway (CGW), deployed as a VM or bare metal, which is used to extend a highly secure Zero Trust Path out to the Intelligent Cybersecurity Mesh.

Its deployment is required for Secure Private Access and SD-WAN services. Please refer SPA Guide for details.

What is Cyber Gateway (CGW)?

The Cyber Gateway (CGW) is a key piece of software in our security architecture.  Its deployment is required for Secure Private Access and SD-WAN services.

The CGW must be deployed in the data center (or virtual private cloud) that is hosting the applications that you want to enable for remote access.  Once the CGW is deployed, our zero-trust network access capabilities can be configured to enable access to these apps.

The CGW can also be deployed in an-office location to connect that office to your network (SD-WAN).

We can help you determine where you should deploy the CGW in your environment.

Technical Requirements

The CGW requires a single virtual machine (VM) or bare metal (BM) machine to deploy.  We recommend a 1-vCPU machine with at least 1 GB RAM for initial testing. In production environments, resources allocated for the Cyber Gateway can be scaled, based on the bandwidth requirements.

Please consult the table below.  The CGW requires access to the internet and must be able to reach the internal applications that require secure private access.

vCPU

RAM HDD Type OS Supported Bandwidth
1 1GB 30GB VM / BM Ubuntu

Up to 400 Mbps

2. Deployment Instructions

Pre-requisites

  1. Create a Workspace, if not already done
  2. Create a user group in the Workspace admin console that requires secure private access (if different from admin)
  3. Add more users to the user group created, as and if needed.
  4. Create CGW and add Trust Paths in the Workspace admin console
  5. Associate the user group with the Trust Path created

Steps to bring up CGW VM

  1. Download Ubuntu 22.04 ISO click here
  2. Please select openssh-server option while installing Ubuntu server components
  3. CGW VM Creation (Refer only one from below list)

Note: Follow steps mentioned in below link to create VM but select above downloaded 20.04 ISO during installation

4. Recommended Resources:

    • Minimum 1 vCPU, 1 GB RAM, 30 GB HDD

5. Networking setup:

    • Internet must be accessible and UDP ports 4500 and 500 need to be whitelisted
      • Check CGW has internet access (ping 8.8.8.8)
      • Check DNS resolution works (ping google.com)
    • Check internal/private application servers are accessible from CGW VM.
      • Ping internal/private application server IP to verify connectivity

6. Install SSH server using below command (skip if already installed):

sudo apt-get install openssh-server

Steps to Install CGW Software

  1. Login via SSH using VM IP address or continue with VM console
  2. Execute below command:
sudo apt update; sudo apt install curl -y; curl -s https://clientreleases.s3.us-west-1.amazonaws.com/cgw/xcgw_install.sh | bash /dev/stdin workspace_name,cgw_name

Note: Above command will install CGW application and use provided workspace and CGW names. It will login automatically and connect the service. Before executing the command replace workspace_name and cgw_name words with actual values.

Steps to Clean and Reinstall CGW Software

  1. Execute below command in sequence
sudo apt remove –purge exium-lgw

sudo apt install exium-lgw

sudo xlgateway setup -w workspace_name -u cgw_name

Note: Above command will install CGW application. During setup command execution, replace workspace_name and cgw_name with actual values.