The SSL cert should be securely sent to the satellite and the satellite’s proxy should be updated to use the new cert. When an satellite registers with the cloud, it should be assigned an unused SSL cert and associated subdomain.You should make sure to generate more SSL certs than the number of expected satellites. This step is easy to do with any free Certificate Authority and can be safely done if the subdomain has a well-known DNS address. Pre-generate SSL certs under a subdomain that you control, for instance.To solve this problem, we used the following solution: If your UI is running on a browser and your satellite is responding over HTTPS (likely with self-signed certs), you are not done yet.ĭiagram of SSL certification flow for Non-Passthrough Mode. In many cases, many cloud/distributed satellite architectures already communicate via heartbeats to track satellite state, so sending an additional address is no problem. Now, when the UI wants to make a request to a satellite, it first queries the cloud for the address, then directly makes the request to that address. The cloud records the satellite’s status and address so that it can be queried by the UI. Alternatively, the IP address could have been sent during registration, if it is not subject to change. In our case, we also attach the satellite’s IP address. Additional information can be sent in these heartbeats. During registration, the satellite either provides an identifier or is assigned an identifier via the cloud, which is used to identify the satellite in subsequent heartbeat messages.įollowing registration, the satellite begins sending periodic heartbeats to the cloud to indicate it is alive and healthy. This is typically done by having the satellite first send a registration message to the cloud.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |