Versions Compared

Old Version 38

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version Current

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

TunHub is a Cloudaware-managed proxy connection designed for CMDB to communicate with internal network resources via the Breeze agent.

logo rgb_sign dark (3).pngImage Added To see how Cloudaware seamlessly integrates with TunHub in action, request a demo.

Table of Contents
stylenone

Introduction

In order for Cloudaware CMDB collector to discover infrastructure running on the private network, customers must deploy a local proxy. Local collector proxy must have ingress access to the target endpoint and egress access to the Cloudaware TunHub's server. 

...

Table of Contents

...

Proxy configuration can be deployed to any Breeze agent that meets requirements. Up to 2 Breeze agents (active and standby) can be designated to support single endpoint connection.

...

2. Install Breeze on this server*.

Server requirements:

Linux only (Ubuntu

v14

14 and newer, Centos/RedHat

v6..8

/Oracle Linux 6-9, Debian 9 and newer, Amazon Linux*)

CPU: 1

Memory: 256 MB minimum

Storage: 200 MB

*Amazon Linux 2023 is currently not supported for TunHub

Ports:

outbound TCP 443 for Breeze agent (dest: breeze-server.cloudaware.com)

outbound TCP 443 for TunHub (dest: tunhub.cloudaware.com)

3. Once Breeze is installed, the server gets access to breeze-server.cloudaware.com and may act as TunHub proxy.

...

****Dedicated Port - check this box if it is not possible to have unique public source IP addresses for all egress Tunhub TunHub connections in your organization. This will assign a dedicated port out of 30000-40000 range (ensure that your firewall allows egress for this range). Otherwise, Tunhub TunHub listens on port 443 and expects the connection to be established from a unique public IP address.

...

5. Review the integration details. The yellow light in 'Primary Channel' means that TunHub is waiting for the local collector proxy (Breeze) to connect. 

Configure Routes

Tunhub TunHub integration should have at least one route configured. A route is an entity that maps a private address in your network to the one which is reachable by Cloudaware. The route generates an alternate address which customers may use for adding integrations that require secure connection.

...


4. Once the route is pre-configured and ready, get the generated Destination Host and Destination Port required for adding the integration in question.

Integration Name

Destination Host/Port To Be Used For Field(s)

JIRA

URL (e.g. https://tunhub.cloudaware.com:12345)

vCenter Management Server

URL (e.g. https://tunhub.cloudaware.com:12345)

SCCM

Host (e.g. tunhub.cloudaware.com)
Port (e.g. 1245)

5. Go back to the integration details. The green light in 'Primary Channel' means that TunHub integration has been successfully added. If there is a red light, please contact support@cloudaware.com.

...

If the checkbox ‘Managed by Cloudaware' is checked, neither a managed tunnel nor its routes can be edited/deleted by a customer.

API Access

The Cloudaware TunHub integration enables a secure connection to private Kubernetes, VMware, SCCM, Snowflake, Rancher, Jira, and other environments. Customers can use the external Cloudaware API to programmatically request the list of TunHub gateways (tunnels) or routes, change settings for a specific gateway, and swap primary and secondary channels.

Configuration

1. Address this guide to generate API Key and Token.

2. Use external.tunhub.tunnels APIs to send requests.

Sample Requests

  • the initial request to get the list of TunHub gateways (tunnels)

Code Block
GET https://external-dot-cloudaware-vm.appspot.com/_ah/api/external/v1/tunhub/tunnels?token=TOKEN_PLACEHOLDER&sandbox=false&key=KEY_PLACEHOLDER

where

TOKEN_PLACEHOLDER in token is your token generated earlier
KEY_PLACEHOLDER in key is your API key generated earlier

...

response example:

...

  • to get the list of routes of a specific TunHub gateway (tunnel) id

Code Block
GET https://external-dot-cloudaware-vm.appspot.com/_ah/api/external/v1/tunhub/tunnels/TUNHUB_TUNNEL_ID_PLACEHOLDER/routes?token=TOKEN_PLACEHOLDER&sandbox=false&key=KEY_PLACEHOLDER

where

TUNHUB_TUNNEL_ID_PLACEHOLDER is a TunHub tunnel id from the list of tunnels generated in the initial request (in the format: 1xxx1x11-1111-11xx-11x1-1111x11x11x1)
TOKEN_PLACEHOLDER in token is your token generated earlier
KEY_PLACEHOLDER in key is your API key generated earlier

...

response example:

...

  • to update name or description of a TunHub tunnel

Code Block
PUT https://external-dot-cloudaware-vm.appspot.com/_ah/api/external/v1/tunhub/tunnels/TUNHUB_TUNNEL_ID_PLACEHOLDER?token=TOKEN_PLACEHOLDER&sandbox=false&key=KEY_PLACEHOLDER

where

TUNHUB_TUNNEL_ID_PLACEHOLDER is a TunHub tunnel id from the list of tunnels generated in the initial request (in the format: 1xxx1x11-1111-11xx-11x1-1111x11x11x1)
TOKEN_PLACEHOLDER in token is your token generated earlier
KEY_PLACEHOLDER in key is your API key generated earlier

...

response example:

...

  • to swap primary and standby channels of a TunHub tunnel

Code Block
POST https://external-dot-cloudaware-vm.appspot.com/_ah/api/external/v1/tunhub/tunnels/TUNHUB_TUNNEL_ID_PLACEHOLDER/swap-channels?token=TOKEN_PLACEHOLDER&sandbox=false&key=KEY_PLACEHOLDER

where

TUNHUB_TUNNEL_ID_PLACEHOLDER is a TunHub tunnel id from the list of tunnels generated in the initial request (in the format: 1xxx1x11-1111-11xx-11x1-1111x11x11x1)
TOKEN_PLACEHOLDER in token is your token generated earlier
KEY_PLACEHOLDER in key is your API key generated earlier

...

response example:

...