1. Introduction
Adjacent to the internal applications running in a public cloud, data center, or on-premises server, Exium places a small piece of software called Cyber Gateway (CGW), deployed as a VM or bare metal, which is used to extend a highly secure Zero Trust Path out to the Intelligent Cybersecurity Mesh.
CGW deployment is required for Secure Private Access and SD-WAN services. Please refer SPA Guide for details. Once the CGW is deployed, our zero-trust network access capabilities can be configured to enable access to the apps in the public cloud, data center, or on-premises server.
We can help you determine where you should deploy the CGW in your environment.
Technical Requirements
The CGW requires a single virtual machine (VM) or bare metal (BM) machine to deploy. We recommend a 1-vCPU machine with at least 1 GB RAM for initial testing. In production environments, resources allocated for the Cyber Gateway can be scaled, based on the bandwidth requirements.
Please consult the table below. The CGW requires access to the internet and must be able to reach the internal applications that require secure private access.
vCPU |
RAM | HDD | Type | OS | Supported Bandwidth |
1 | 1GB | 30GB | VM / BM | Ubuntu |
Up to 400 Mbps |
2. Deployment Instructions
Pre-requisites
- Create a Workspace, if not already done
- Create a user group in the Workspace admin console that requires secure private access (if different from admin)
- Add more users to the user group created, as and if needed.
- Create CGW and add Trust Paths in the Workspace admin console
- Associate the user group with the Trust Path created
Steps to bring up CGW VM
- Download Ubuntu 22.04 ISO click here
- Please select openssh-server option while installing Ubuntu server components
- CGW VM Creation (Refer only one from below list)
Note: Follow steps mentioned in below link to create VM but select above downloaded 20.04 ISO during installation
-
- Create Ubuntu on VMWare Hypervisor click here
- Create Ubuntu on Hyper-V click here
- Create Ubuntu on KVM click here
- Create Ubuntu on AWS EC2 click here
- Create Ubuntu on GCP click here
- Create Ubuntu on Azure click here
- In case machine is bare metal, skip VM creation and continue from step 4
4. Recommended Resources:
-
- Minimum 1 vCPU, 1 GB RAM, 30 GB HDD
5. Networking setup:
-
- Internet must be accessible and UDP ports 4500 and 500 need to be whitelisted
- Check CGW has internet access (ping 8.8.8.8)
- Check DNS resolution works (ping google.com)
- Check internal/private application servers are accessible from CGW VM.
- Ping internal/private application server IP to verify connectivity
- Internet must be accessible and UDP ports 4500 and 500 need to be whitelisted
6. Install SSH server using below command (skip if already installed):
sudo apt-get install openssh-server |
Steps to Install CGW Software
- After CGW creation on admin console, users can copy software install command and use it directly on CGW VM.
- Login via SSH using VM IP address and execute copied command from above step.
- Command overview:
sudo apt update; sudo apt install curl -y; curl -s https://clientreleases.s3.us-west-1.amazonaws.com/cgw/xcgw_install.sh | bash /dev/stdin workspace_name,cgw_name |
Note: Above command will install CGW application and use provided workspace and CGW names. It will login automatically and connect the service. Before executing the command replace workspace_name and cgw_name words with actual values.
In case of two interface setup, command will exit after software installation. User must execute “”sudo xlgateway setup” command manually to complete the process.
Steps to Clean and Reinstall CGW Software
- Execute below command in sequence
sudo apt remove --purge exium-lgw sudo apt install exium-lgw sudo xlgateway setup -w workspace_name -u cgw_name |
Note: Above command will install CGW application. During setup command execution, replace workspace_name and cgw_name with actual values.