Delegating network requests
|Top Previous Next|
You can optionally delegate network requests from MFT Gateway Server to one or more registered instances of MFT Gateway Agent. This option is used primarily in environments where inbound network connections from the DMZ to the internal network are prohibited due to network security or regulatory compliance requirements. A visual and description of the network communication flows between client, MFT Gateway Server, MFT Gateway Agent and target server are provided in Figure 51 below.
Here is an overview of what needs to be done in order to delegate network requests.
1. Reverse proxy service is created in MFT Gateway Server with Delegate connections to available agents option enabled.
2. Agent login username is added in the Agents module of MFT Gateway Server. See Adding agents for details.
3. Control channel is enabled in MFT Gateway Server. See Control channel settings for details.
4. MFT Gateway Agent software is installed one one or more machines in private network.
5. Client establishes connection to service port in MFT Gateway Server e.g. for FTP this may be port 21.
6. MFT Gateway Server recognizes that this reverse proxy service has Delegate connections to available agents option enabled and assigns request to an available agent (using round-robin algorithm if more than one agent is available).
7. MFT Gateway Server then instructs agent to establish connection to target server and creates a tunnel between client, MFT Gateway Server, MFT Gateway Agent and target server/port.