ArcESB can receive secure connections through a demilitarized zone (DMZ) gateway. This protects corporate firewalls and maintains network security by funneling all external connection attempts to the DMZ.
Note: this feature is currently only available in the Windows edition of Arc, and only when using the embedded web server included with the application.
How the Gateway Works
Arc supports establishing an SSH reverse tunnel to receive data sent to the DMZ. Here’s how it works:
- An SSH server sits in the DMZ and acts as a ‘middle man’ between Arc and external trading partners.
- Arc connects to this SSH server and opens an SSH reverse tunnel on any open port (for example, port 7777).
- Once the tunnel has been opened, the SSH server will forward any traffic it receives on port 7777 directly to Arc.
- Trading partners connect to the SSH server and send any data intended for Arc to port 7777.
- The data is forwarded from the SSH server to Arc, using the SSH standard for transport security.
Thus trading partners can send arbitrary business data to Arc while only ever having access to the SSH server in the DMZ.
Setting Up the Gateway
Enabling DMZ Gateway support requires a few simple steps:
- Install an SSH server in the DMZ, or choose a DMZ with an SSH server already installed.
- For example, an Amazon Machine Instance pre-loaded with an SSH server, or a free OpenSSH server implementation installed on a DMZ machine.
- Select Enable Cloud Gateway in the Arc embedded web server configuration.
- Right-click the Arc icon in the system tray, select Server Options…, and navigate to the Cloud Gateway tab.
- Configure the connection settings for the SSH server sitting in the DMZ.
- The Test Connection button can dynamically accept the server’s certificate and verify the connection is successful.
- Set the Forwarding Port to the port (on the SSH server) where incoming data should be forwarded to Arc.
- Restart the Arc embedded web sever to automatically open an SSH reverse tunnel on the specified port.
After the above steps are complete, provide trading partners with connection details to the SSH server in the DMZ. Instruct them to send data to this SSH server on the port specified by Forwarding Port (rather than the default port 22).
Maintaining the Gateway
Arc automatically opens the gateway when the server (re)starts. Arc also handles reconnecting to the SSH server if the connection is dropped for any reason. No user maintenance is required to keep the gateway up and running.