Managing proxy servers

In some cases, the connection to a target system may be slow, insecure or blocked by a firewall. This is often true when the connection is made over a wide area network.

To address such connectivity problems, Bravura Security Fabric includes an application proxy server. When a proxy server is deployed, the main Bravura Security Fabric server ceases to communicate with one or more (usually distant) target systems directly, and instead forwards all communication to those systems through one or more co-located proxy servers.

Communication from the main Bravura Security Fabric server to the proxy servers is encrypted, efficient, and tolerant of high latency. Communication between the proxy server and target systems continues to use native protocols, but it is physically controlled, in a high-bandwidth, low-latency, high-security LAN.

Websocket Connector Proxy

The proxy service by itself requires incoming connectivity on a chosen port. This may be acceptable when on a LAN network, but may not be feasible when faced with a SaaS environment or restrictive security policy. This optional Proxy Tunnel feature installs a service alongside the proxy service that connects to the proxy server over HTTPS and tunnels traffic between them.

In more detail, when firewalls intervene, the TCP port number of the proxy is programmable. A port redirector can be used; only a single firewall opening is required for multiple target systems. The Websocket Connector Proxy allows communication from the proxy server to the instance using websockets over SSL/TLS.

Persistent Connector Service

Installing Persistent Connector Service (agtsvc) on a proxy server allows you to run persistent listing on the proxy server

Implementing a Proxy solution

The following sections show you how to:

See also: