Connectors
The Enterprise Application Access (EAA) connector is a virtual appliance deployed behind the firewall in your data center or in hybrid cloud environments. It connects an authenticated user with assigned enterprise applications. Connectors behave like Lightweight Directory Access Protocol (LDAP) clients. They communicate with your Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) servers, and synchronize your AD users for authentication (EAA does not store any passwords).
You can deploy multiple connectors for redundancy and scaling. Connectors are cryptographically unique and devoid of any management interface or UI. As soon as you create a connector and power it on, it dials out on port 443
outbound and checks in with the EAA service for its configuration settings.
You can configure an application to be associated with several connectors for high availability. If a server or VM with a running connector fails, your application is still secured by at least one other running connector. Any additional connectors are separate resources as they each take up an instance or VM.
Connectors work to load balance application traffic. Ensure that all connectors required to secure a given application are able to reach the application.
You can grant a user a connector administrator role to configure connectors or a custom administrator role to manage the administration tasks for multiple resources with role-based access control in Akamai Control Center.
Enterprise Application Access does not support any modification to the connector image, including download and install any other software modules, or scripts, for any purpose, except initial network configuration, unless approved by Akamai and the customer.
Installation requirements
Installation requirements for connectors.
-
Compatible virtual environment:
- Amazon Web Services (AWS), either classic or EC2/VPC
- Docker
Client-access applications are not supported with docker-based connectors.
- Google Cloud Computing Engine (GCE)
- Microsoft Azure
- Microsoft Hyper-V
- OpenStack/KVM
- Oracle VirtualBox
- VMware
-
Network:
-
A private IP address inside the Local Area Network (LAN), either DHCP or static. The connector should run close to internal applications, possibly in the same subnet as the application, and be able to communicate with the application in test.
-
Dial-out access to the Internet on TCP port
443
. A connector must reach the Enterprise Application Access service over the internet. This communication is carried out over an open TCP port443
, and only needs outbound connectivity. -
Access to the applications. The port and protocol must be accessible in the LAN.
-
A firewall that allows the connector's private IP address to reach the application on configured port numbers. For example, a firewall rule to allow the connector to reach the application server internal IP address or hostname (if DNS is configured) on port numbers
80
,443
, or any application specific port.
-
-
Computing capability:
-
CPU. Four virtual core.
-
Memory. 8 GB RAM (12 GB for an AWS connector as they do not use swap space for storage).
-
Storage. 16 GB hard drive disk space (4 GB allocated to swap space and 12 GB of free space).
-
Create a new connector when you reach 100 applications on a single connector. Above these limit there's a risk of performance issues. Use at least two connectors for high-availability and load balancing.
Compatibility
Virtual machines (VMs) and cloud platforms that have been tested and are verified as compatible with EAA connectors:
-
VMware ESXi 5.0.x, VMware ESXi 5.1.x, VMware ESXi 5.5.x, VMware ESXi 6.0.x, VMware ESXi 6.5.x and later, VMPlayer 5.0, VMPlayer 6.0, VMPlayer 7.0, VMware Workstation version 10.0, VMware Workstation version 11.0, VMware Workstation version 11.1, VMware Workstation version 12.x, VMware Fusion 6.0x, VMware Fusion 7.0x
-
Oracle VirtualBox x64 5.0
-
Oracle VirtualBox x64 4.3.30
-
Oracle VirtualBox x64 4.2.3
-
Kernel Virtual Machine (KVM) Version 3.x
-
OpenStack Newton, OpenStack Mitaka, OpenStack Liberty, OpenStack: Support for any flavor running KVM images in QCOW2 format
-
Amazon Web Services (AWS) classic, Amazon Web Services (AWS) EC2/VPC
-
Google Compute Engine (GCE)
-
Microsoft Azure
-
Microsoft Hyper-V 2012 (Windows server 2012 R2), Microsoft Hyper-V 2012 (Windows server 2012), Microsoft Hyper-V 2012 (Hyper-V server 2012)
If you use a VM or cloud platform not included in the above list, or you need to allow service IPs to ensure connectivity with EAA connectors, please contact support.
Updated about 1 year ago