To allow Lucidum connectors running on your SaaS account to fetch data securely from your on-premises assets, you can create a proxy server.

Server Requirements

  • Choose an internal Linux server to use as a proxy.

  • You can choose any Linux distribution that supports Docker.

  • Server must use Intel x86 based architecture processor.

  • Server must have at least 1 GB of free disk space.

  • Server must have at least 1 GB of RAM dedicated to the tunnel container.

  • On this internal Linux server, install docker. For step-by-step details, see the section “Install using the repository” at this link: https://docs.docker.com/engine/install/ubuntu/

Network Requirements

The proxy server:

  • must have network connectivity to the endpoints that the Lucidum Appliance will monitor.

  • must be configured in DNS and be able to resolve domain names.

  • must be configured to use a time server.

  • must have network connectivity to the Lucidum appliance via outbound port 1194. To test this connectivity, execute the following command at the shell prompt on the proxy server:

    nmap -Pn -p 1194 [fully qualified domain name]

    where:

    fully qualified domain name is the fully qualified domain name of the Lucidum SaaS instance.

To view the fully qualified domain name of the Lucidum SaaS instance, you can view the contents of the client.conf file that Lucidum sends you. To do so:

cat client.conf

You will see something like this:

client

nobind

dev tun

remote-cert-tls server

remote tunnel.test.lucidum.cloud 1194 tcp

<key>

-----BEGIN PRIVATE KEY-----

MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDW6wKKUNmQ3DAL

Configuration Requirements

Contact Lucidum Customer Success and request a configuration file.

Customer Success will generate a file called client.conf and send you that file.

Configuring the Proxy Server

To create a proxy for Lucidum connectors:

  1. Login to the proxy server.

  2. Copy client.conf to the proxy server. On the proxy server, open a shell session.

  3. Navigate to the directory where you stored client.conf

  4. Execute the following:

    mv ./config.conf /usr/lucidum/tunnel/client.conf.

  5. Make the directory that contains client.conf read-only:

    chmod a=r /usr/lucidum/tunnel

  6. On the proxy server, open a shell session and run the following commands to start docker:

    sudo systemctl start docker

  7. On the proxy server, open a shell session and run the following commands to start the new container:
    docker run -d --cap-add=NET_ADMIN \

    --device=/dev/net/tun \

    --restart=unless-stopped \

    --network=bridge \

    -v /usr/lucidum/tunnel:/data \

    --name=lucidum-tunnel \

    public.ecr.aws/lucidum/tunnel-client:v1.1.0

  8. When you have completed configuration on your proxy server and on your Lucidum system, contact Lucidum Customer Success to test your connection and help you troubleshoot if necessary.

Configuring Connectors to Use the Proxy Server

  1. Log on to your Lucidum system.

  2. In the left pane, click Connector.

    • If this is a new connector, in the Connector page, click Add Connector.

    • If this is an existing connector, scroll until you find the Connector you want to edit. Click Connect. The Settings page appears.

  3. If the connector supports a proxy, it will include the Proxy field.

  4. Enter the following in the Proxy field:

    • 192.168.255.6:3128

    This is the IP address and port number of the proxy service inside the docker container on the proxy server.