About Security Connector
Enterprise Security Connector is a VM that you deploy in your enterprise to act as a DNS forwarder, DNS sinkhole, or an HTTP Forwarder.
-
Secure DNS Forwarder. An internal DNS resolver that forwards traffic to SIA where SIA policy is applied. DNS Forwarder allows you to identify machines that are making requests. For more information, see Security Connector as a DNS forwarder.
-
DNS sinkhole. Receives suspicious or malicious traffic. As a DNS sinkhole, Security Connector identifies machines that are infected with malware, attempts to download malware, or communicates with C&C servers. For more information, see Security Connector as a DNS sinkhole.
-
HTTP Forwarder. An enterprise proxy that forwards web traffic to SIA Proxy. For more information, see Security Connector as an HTTP Forwarder.
After November 30, 2024, Akamai will no longer support Security Connector versions earlier than 3.4.0. If you are using a version that is earlier than version 3.4.0, Akamai recommends that you download the latest version of Security Connector and deploy it on your hypervisor. For instructions, see Deploy Security Connector.
Download and deployment
You can deploy Security Connector on VMware ESXi, Microsoft Hyper-V, Nutanix, Quick Emulator (QEMU) and Kernel-based Virtual Machine (KVM), Amazon Web Services (AWS), or Microsoft Azure. Note the following:
- If you plan to deploy Security Connector on VMware ESXi or Microsoft Hyper-V, you can download Enterprise Security Connector image file from the Security Connector page. You or an IT administrator needs to deploy the downloaded file or files as a VM in your network.
- If you plan to deploy Security Connector on QEMU/KVM, contact your Akamai representative to get the files you need for setup.
- If you plan to deploy Security Connector on the AWS or Microsoft Azure cloud platforms, the image file is available in the AWS and Azure marketplaces. Support for AWS and Azure is available with Security Connector version 3.5.0 or later.
For VM requirements and an overview of the steps that are required to set up the security connector, see Setup virtual machine requirements and Set up the security connector.
VM and Security Connector interfaces
As part of the security connector setup process, you define how network traffic flows to and from the security connector. If you set up your virtual machine with two network interfaces, you can configure whether Security Connector uses one or two interfaces for data flow.
If you select one interface for data, the following applies:
- en1 is used for data ingress (inbound traffic) and egress (outbound traffic)
- en2 is used for the Web Console
If you select two interfaces for data, the following applies:
- en1 is used for data ingress (inbound traffic) and the Web Console
- en2 is used for data egress (outbound traffic)
By default, a virtual machine on Azure or AWS has one network interface (en0). If you want to configure two interfaces to better manage traffic flow as previously described, you can add an additional network interface to the VM. A virtual machine on VMware ESXi, Microsoft Hyper-V, and QEMU/KVM boots with two interfaces (en1 and en2).
Note the following:
- If you set up the virtual machine with one network interface, you do not have the option to set up two interfaces for data on the Security Connector. In this case, the en0 interface is used for both inbound and outbound traffic, and the same is used for the Web Console.
- Security Connector as a sinkhole requires two interfaces. While you can change the number of interfaces for HTTP Forwarder and DNS Forwarder when there are two VM interfaces, you cannot change this setting for a sinkhole configuration.
After the security connector is configured with the network settings, you need to activate it. SIA allows you to generate the one-time code that is required for activation. After the connector is configured and activated, it communicates with SIA. Information about the security connector connection is shown in Enterprise Center including the security connector's IP address and the status of the communication.
Updated about 16 hours ago