Connection modes


Transparent

In transparent mode, users connect to destination server using given server’s IP address.

../../_images/deployment_transparent.png

Gateway

In gateway mode, users connect to destination server using the server’s actual IP address. Fudo Enterprise mediates connection with the server using own IP address. This ensures that the traffic from the server to the user goes through Fudo Enterprise.

../../_images/deployment_gateway.png

Proxy

In proxy mode, administrator connects to destination server using combination of Fudo Enterprise IP address and unique port number assigned to given server. Uniqueness of this combination enables establishing connection with a particular resource.

../../_images/deployment_proxy.png

Such approach enables concealing actual IP addressing and allows configuring servers to only accept requests sent from Fudo Enterprise.


Bastion

Note

The bastion mode is supported when connecting over SSH, RDP, VNC, Telnet, Telnet 3270, Telnet 5250, MS SQL protocols.

In bastion mode, the target host is specified within the string identifying the user and the server their are trying to connect to, e.g. ssh -l johndoe#root#example.server.org. This enables facilitating access to a group of monitored servers through the same IP address and port number combination.

../../_images/deployment_bastion.png

While connecting, the Fudo Enterprise expects:

<username>[@domain][#<serverlogin>#<address>[:<port>]], where:

  • <username>: User’s login on Fudo Enterprise,
  • [@domain] is optional,
  • <serverlogin>: user’s login on the target server,
  • <address>: server address on the target server (the <port> can be omitted if native for protocol).

Warning

# character in between is required.

Target object string is matched in the following sequence:

  1. Exact username - Fudo Enterprise tries to match the string with object defined in the local database.
  2. Exact server address - Fudo Enterprise tries to match the string with an IP address of a server object defined in the local database.
  3. IP address returned by the DNS service - Fudo Enterprise queries the DNS service and tries to match the returned IP address with an IP address of a server object defined in the local database.
  4. Hostname returned by the reverse DNS service - Fudo Enterprise queries the reverse DNS service and tries to match the returned hostname with a sever object defined in the local database.

Note

If an account object doesn’t have a login defined, the Fudo Enterprise system will ask for a login while connecting to the target server.

Related topics: