A Service is an object which represents servers based on their physical IP address. Services are hosted on a Gateway Proxy, which is a virtual appliance that can be used to terminate CoIP Overlay traffic. A Gateway Proxy hosts various Services, which can be used as the target of an Access Policy. The Access Policies can be programmed to provide least-privilege remote access for users based on roles or other attributes, or for remote servers in the cloud or in 3rd party environments.
A Service can consist of a single IP address or a CIDR subnet. Remote machines refer to the Service using a CoIP address, which can be the same as the machine’s physical address. In the diagram above, the user might refer to Service A with an overlay address (e.g. 172.24.10.2), while the cloud server might refer to Service C using the physical address (10.10.10/24).
Registering a Gateway Proxy
Setting up a Gateway Proxy is similar to onboarding an endpoint by installing the zLink agent; the process is described below.
A Gateway Proxy exists within the scope of an App Profile; make the sure correct App Profile is selected before proceeding.
Onboarding and Management > Services displays existing Gateway Proxy servers that can be used to host a Service. Register a new Gateway Proxy by clicking ‘Register Gateway Proxy +’, which brings up a dialog box that enables you to generate the installation package. Select the appropriate installation method, and download, unpack, and run the installer on machine you want to use as a Gateway Proxy. The installation process should be run with sudo privileges.
Once installed, the Gateway Proxy will be displayed and can be selected to host Services.