About Security Connector
Enterprise Security Connector is a VM that you deploy in your enterprise to act as a DNS forwarder, DNS sinkhole, or an HTTP Forwarder.
-
Secure DNS Forwarder. An internal DNS resolver that forwards traffic to SIA where SIA policy is applied. DNS Forwarder allows you to identify machines that are making requests. By default, the DNS forwarder is enabled in Security Connector version 2.6.8 or later. For more information, see Security Connector as a DNS forwarder.
-
DNS sinkhole. Receives suspicious or malicious traffic. As a DNS sinkhole, Security Connector identifies machines that are infected with malware, attempts to download malware, or communicates with C&C servers. For more information, see Security Connector as a DNS sinkhole.
-
HTTP Forwarder. An enterprise proxy that forwards web traffic to SIA Proxy. For more information, see Security Connector as an HTTP Forwarder.
After November 30, 2024, Akamai will no longer support Security Connector versions earlier than 3.4.0. Akamai recommends that you download the latest version of Security Connector and deploy it on your hypervisor. For instructions, see Deploy Security Connector.
Download and deployment
You can deploy Security Connector on VMware ESXi, Microsoft Hyper-V, Amazon Web Services (AWS), or Microsoft Azure. If you plan to deploy Security Connector on VMware ESXi or Microsoft Hyper-V, you can download Enterprise Security Connector image file from the Security Connector page. You or an IT administrator needs to deploy the downloaded file or files as a VM in your network.
If you plan to deploy Security Connector on the AWS or Microsoft Azure cloud platforms, the image file is available in the AWS and Azure marketplaces. Support for AWS and Azure is available with Security Connector version 3.5.0 or later.
For VM requirements and an overview of the steps that are required to set up the security connector, see Setup virtual machine requirements and Set up the security connector.
As part of the security connector setup process, you define how network traffic flows to and from the security connector. In addition to identifying the corporate DNS server or resolver, you also configure two network interfaces in Security Connector.
By default, a virtual machine on Azure or AWS has an interface. As you deploy Security Connector, you also create an interface. A VM on VMware ESXi or Microsoft Hyper-V boots with two interfaces.
As you set up Security Connector, you select whether Security Connector as a DNS Forwarder or HTTP Forwarder will use one interface or two interfaces for data traffic. The Security Connector configuration determines how data flows through the two VM interfaces.
For example:
- If you select one interface for Security Connector, one VM interface is used for inbound and outbound data traffic, while the other VM interface is used for communication to and from Security Connector services (control traffic).
- If you select two interfaces for Security Connector, one VM interface is used for inbound data traffic, while the other VM interface is used for outbound data traffic and for control traffic. By using two Security Connector interfaces, your organization can apply different firewall rules to inbound and outbound traffic.
Security Connector as a sinkhole always uses two interfaces. While you can change the number of interfaces for HTTP Forwarder and DNS Forwarder, you cannot change this setting for the sinkhole.
The Security Connector has these interfaces:
- en1 interface (formerly the data interface). Depending on the number of interfaces you select for data, this interface can be used for inbound traffic, or for both inbound and outbound traffic.
- When you select one interface, the en1 interface is for both inbound and outbound traffic.
- When you select two interfaces, the en1 interface is for inbound traffic only.
The en1 interface IP address is the IP address of the DNS Forwarder and HTTP Forwarder.
- en2 interface (formerly the management interface). If there are two interfaces used for data, this interface is for outbound traffic and control traffic.
Depending on your Security Connector configuration, this table describes how the VM and Security Connector interfaces work together.
| Number of VM Interfaces | Number of Security Connector Interfaces for Data | Result |
|---|---|---|
| 2 | 1 | One VM interface is used for the en1 Security Connector interface. With this setup, both inbound and outbound data traffic flow through the en1 interface. The other VM interface is used for the en2 Security Connector Interface. This interface is used for the Web Console. |
| 2 | 2 | One VM interface is used for the en1 Security Connector interface. The en1 interface is used for inbound data traffic. It's also used for the Web Console. The other VM interface is used for the en2 Security Connector interface. With this setup, the en2 interface is used for outbound data traffic and for control traffic. |
After the security connector is configured with the network settings, you need to activate it. SIA allows you to generate the one-time code that is required for activation. After the connector is configured and activated, it communicates with SIA. Information about the security connector connection is shown in SIA including the security connector's IP address and the status of the communication.
You can secure the Web Console with TLS by generating an Akamai certificate or uploading an intermediate certificate that’s signed by your organization’s certificate authority. If you're using SIA Proxy, the proxy MITM certificate is the certificate that’s automatically used for the Web Console. For more information, see Security Connector Web Console.
Updated about 2 months ago