Agilicus Connector
Network Facilitator
The Agilicus Connector facilitates connection from a bastion network and end-users. It installs on a device somewhere inside the protected network, making an outbound connection.
Agilicus Connector Overview
The Agilicus Connector facilitates connection from a bastion network and end-users. It installs on a device somewhere inside the protected network, making an outbound connection.
If you are new to the system, you may try a full ‘demo’ setup with your own connector in a virtual enviroment in our system, with no install. See “Agilicus AnyX Demo“. When you ‘create a connector’ it will offer you a ‘demo’ this will create a new virtual environment to test in with no isntall, no obligation.
The Connector is self-updating. Once installed it will stay up to date. The live Changelog shows the updates that have occurred.
Connectors facilitate:
- shares [must have local access to the files)
- Web Applications (must have onward connectivity)
- Local authentication
- Network resources (e.g. SSH, Remote Desktop, VNC)
Theory of Operation
The Agilicus Connector creates an outbound connection, using HTTPS, to the Agilicus AnyX Cloud. This persistent connection is then used to route individual user requests back in to the appropriate resource.
Each individual inbound request first has the user identity checked (authentication), then has the user’s role (authorisation) checked, prior to being routed inwards.
The net affect is that no traffic arrives at the protected resources unless it is for:
- An authenticated user (optionally with multifactor authentication)
- An authorised action (e.g. can the user edit the wiki)
- A valid resource
This is a very strong guarantee, and, achieved without complex (or any) firewall rules.
The use of industry-standard HTTPS and WebSocket means inspecting firewalls such as Zscaler or PaloAlto can be used in the path.
If we expand the data flow for a hypothetical SSH client with animation, we will see the WebSocket flows (blue) establish, and then the ssh flow. The SSH flow is delivered from User to SSH server encrypted end-to-end: the host key is maintained intact.
Installation
Installation of the connector is very simple: 3 steps.
First, create (Admin console: Resources/Connectors/New)
Second, name (a name that means something, must be a valid hostname. E.g. the machine it is installed on, the site it connects, etc)
Third, install (paste the command on the target machine)
Once installed, the connector will keep itself up to date using The Update Framework.
Create
Name
Install
During the creation of the Connector you will give it a name. This name should have some meaning for you, e.g. the site it is installed in, the host it is installed on, etc. We recommend it be the hostname that is running the Connector.
At this stage you will see a dialog giving installation instructions. At the top are 3 tabs (Linux, Windows-CMD, Windows-PowerShell).
The Linux tab should work on most Linux or FreeBSD-derived hosts, including pfSense, OpenWRT, Ubuntu, Debian, Synology, etc.
On a Windows host it does not matter which of the two instruction you follow, they will lead to the same result. Typically you will use the ‘cmd‘ instructions.
In all 3 cases, copy the text box (using the blue-button at the bottom right) and paste it into an administrative shell.
Uninstall / Delete
When you no longer need an Agilicus Connector, you should first uninstall it from the host it is on. Then you may delete it from the Admin portal.
Typically on Linux you will run:
sudo /usr/bin/agilicus-agent client --uninstall
Typically on Windows you will run:
%ProgramFiles%\Agilicus\agent\agilicus-agent client --uninstall
Manual Download
Typically the installation is done from the Agilicus Admin portal. This will give you a link per platform. In rare cases you may wish to manually download, the linux are below for convenience.
- Linux X86_64 (e.g. Ubuntu, Debian server)
- Linux ARM (e.g. Synology NAS, OpenWRT)
- FreeBSD ARM (e.g. pfSense SG-1100)
- Linux MIPS Big Endian (e.g. OpenWRT etc. router)
- Linux MIPS Little Endian (e.g. OpenWRT, Ubiquiti etc router)
- Linux PPC Big Endian (e.g. OpenWRT etc. router)
- Linux PPC Little Endian (e.g. OpenWRT, Ubiquiti etc router)
- Microsoft Windows
- MacOS Darwin (X86-64)
More Information
Below you will see cards for specific aspects of the connector (theory of operation, installation onto various platforms such as pfSense, Mikrotik, OpenWRT, Windows, etc.)