Skip to content

Deployment

Gateway

InstaSafe Gateway Pre-requisites

InstaSafe Secure Access (ISA) Gateway is a software that acts as the entry and exit point for the user access. It is responsible for encrypting and decrypting data sent over the secure connection, as well as routing data between the Client and the Private Network. Gateways use DTLS protocol to establish and secure the connection. Gateways are deployed on the edge of a private network, and are used to connect remote clients or networks to the private network. It can also be used to connect two separate private networks together, such as in a site-to-site configuration.

Hardware Prerequisites

An ISA Gateway must be provisioned on a physical server or VM at each of the data centres where applications are hosted. To ensure redundancy, it is recommended to provision a backup Gateway as well. This ensures that unforeseen issues (like hardware failure or OS corruption) do not lead to downtime.
OS Ubuntu 20.04 LTS - Ubuntu 22.04 LTS (https://ubuntu.com/download/server)
OS Type 64-bit
RAM Minimum 2GB
Hard Disk Minimum 10GB of free space
CPU 1 x Dual Core processor (x64 based AMD)

Network Prerequisites

The ISA Gateway in each data centre must have network access to the internal applications you wish to provide secure remote access to. Here are the Firewall Rules that might need to be created:

Source Destination Port Direction
ISA Gateway 13.234.13.233, 3.6.62.25, 13.234.125.194, 3.6.127.45 UDP Port* Outbound
ISA Gateway 35.154.170.140 TCP 443 Outbound

*IP Addresses are Ports are unique to every deployment and shall be provided by the InstaSafe Tech Team

Full internet access must be provided at the time of installation so that relevant packages and repositories could be downloaded. It is recommended to provide direct internet access instead of via proxy.

Agent

InstaSafe Secure Access (ISA) Agent refers to a software that is installed on a user's device, such as a laptop or smartphone. The agent establishes and provides data confidentiality over the secure connection. The Agent runs as a service in the user computer. The agent can be configured to auto-connect whenever the computer is turned on.

The agent facilitates the following operations:

  • User Authentication
  • Device Authentication
  • Device Compliance
  • Dynamic Routing and Addressing
  • Secure Channel Establishment for Data traffic.

ISA Agent is installed on the host (Windows, Linux, Mac, Android or IOS). The end user logs in to Instasafe web portal and downloads and executes the setup program. The Configuration file contains the following information:

  • Cloud controller(s) IP address and ports to which ISA will connect.
  • ISA client certificate & private key.
  • CA Certificate for validating server cert during the connection establishment phase.
  • Tls Authentication Shared Key.
  • User-specific configurations.

The installer installs the Tunnel adapter interface in the windows client machine which ISA uses as the Tunnel Interface.

The ISA Agent supported OS are:

Windows: 32/64 Bit

  • Windows 7/8/10/11

Mac

  • Ventura 13.2.1/13.3
  • Monterey
  • Mountain Lion and Above

Linux : 64 Bit

  • Ubuntu 18/20/22
  • Peppermint
  • Debian
  • redhat
  • Amazon Linux
  • Suse
  • CentOS

Mint

  • Mint 19.1/19.2/19.3/20/20.1/20.2/20.3

Mobile : Android / iOS

  • Android 5 and Above
  • iOS 13 and Above

Comments