On-prem Support - Dropzone Connector
On-prem support - Dropzone Connector
Dropzone AI connects to APIs via its Data Source and Alert integrations. Many of these are reachable across the internet, such as third-party Threat Intelligence sources, corporate SaaS tools, and public cloud APIs. However many corporate systems may be behind firewalls and VPNs for security reasons.
Customers are able to enable Dropzone to reach restricted systems by running a lightweight Dropzone Connector Client docker container within their secure environment. This process connects out to the Dropzone tenant network and establishes a reverse tunnel.
Connector Security
The Dropzone Connector Client establishes an outbound HTTP session, inside which websockets re used to establish a two-way TCP session. On this TCP session a secure SSH session is established. This SSH session is authenticated by both the client and the server, and fully end-to-end encrypted.
The Dropzone integrations that require access to the protected resources tunnel their connections through this Connector Client container, so their source IP is from within your datacenter.
The Connector Client can be run on any host capable of running Docker containers, such as a physical server, VM, or inside your public/private cloud environment.
For additional security you may restrict what outbound connections can be made from the connector machine to your internal resources. Examples include
Putting the connector machine on a firewall DMZ
Running local firewall rules on the connector machine (e.g.
iptables
, shorewall)
Just make sure that the connector machine can reach the machines you want integrated, on the ports/protocols needed, DNS, and your tenant machine on port 8080.
Enabling the Connector Client
Running the Connector Client requires a machine that meets the following requirements:
System
has Docker Engine (Docker CE) installed
capable of running x86_64 Linux docker containers
has at least 1 GB of available memory
has at least 1 GB of available disk space
Network
can reach the resources (e.g. splunk) you want available for Dropzone integrations
can connect to your tenant (e.g. https://mycompany.dropzone.ai ) on port 8080 via TCP
has access to DNS that can look up your tenant DNS name and internal resources
Availability
is up 24x7
This may be a machine dedicated to this container, or a multi-use resource that meets your security policy.
Henceforth we will call this machine the connector-client-host
.
To install the Connector Client, do the following:
Navigate to your Dropzone AI tenant home page e.g. https://mycompany.dropzone.ai
Click System > Connectors
On the "Main" connector tile, click "Configure"
The configuration drawer will slide out from the right hand side
Download the Connector Client docker image by clicking on the link
Upload the connector Docker image to the connector-client-host, e.g. via
scp
Load the docker image on the connector-client-host
Copy the command in the Dropzone UI and run it on the connector-client-host:
Verify the connector is running by using
docker ps
Click Close
Refresh the page and you should see that
Main
is now in "Connected" state:
When enabling Data and Alert sources that need on-prem access, be sure to specify this Connector Client.
Troubleshooting
The following troubleshooting steps may be useful in conjunction with your Dropzone support team.
Restarting the Connector Container
It is always safe to delete and relaunch the connector, for example if it does not come back properly after a reboot or system failure
Testing Network Path
If the connector fails to connect there could be a network issue or an IPS device that is preventing it from establishing the websocket connection. Running the following from the host where the connector runs can help identify this situation:
When successful, you should see an HTTP handshake and websocket upgrade like this:
Any device along the path that is interfering will likely provide feedback when this command is run.
If you have any errors engage your Dropzone AI support representative.
Last updated