There’s nothing better than the blissful, optimistic lyrics of Willie Nelson pulling a bunch of IT pros together on a Tuesday for a good ol’ fashion webinar! Thank you so much to all those who tuned in and joined us for, “On the Road Again: How to Secure Your Network for Remote User Access.”
Once again we have compiled all the questions that were asked during this webinar and their corresponding answers. Check out the write-up below:
How lightweight is the actual DxOdyssey install?
The overall size of the installer is about 6.25 megabytes, and the DH2i services being used don’t require many resources at all either.
Do we have to purchase separate licenses for both DxConnect and DxOdyssey?
We have essentially two different models for licensing. One is you just license your gateways and then have unlimited users—so unlimited DxConnect users. The other method is you license the gateways at a lower cost and then each of the different users would also pose an additional licensing expense. So, it really depends on how many users you have. If you have a lot, it makes sense to license the gateways for unlimited users, but if you have fewer you can go the per-user licensing route.
You keep talking about “more granular security,” what exactly do you mean by this?
When I say “granular,” I’m talking about the fact that we do things at the application level. So, I’m just granting the user in this demo access to an application—just a specific port on a specific machine. I’m not granting them access to the entire network and then reducing down what they actually have access to using different rules and policies. Each user has access to a particular application or applications, and that’s far more granular than something like a VPN pipe.
How many different gateways can you create—infrastructure likeness requirements, restrictions, etc.?
You can create as many gateways as you want. There really is no logical limit as far as how many gateways you can have. They just need to meet those minimum requirements that we have for the gateways themselves. That includes running Windows or Linux OS. On Linux, we support Red Hat, Red Hat derivatives, as well as Ubuntu. We also need .NET installed for either. As long as those prerequisites are met, you can spin up whatever you want for a gateway. This gives you a lot of flexibility, because instead of using a VPN piece of hardware that you have to buy from one of those Cisco, Juniper, Palo Alto-type vendors, you can use any commodity server. It doesn’t matter if it’s a VM, physical machine, or whatever, as long as you meet those minimum requirements we can install our software on top of it.
The main reason we are evaluating other perimeter security solutions is budget restrictions. Can DxOdyssey help us?
Yes, absolutely. Because we are not selling particular hardware and you are not locked into a particular vendor’s appliance, this is often—I can say pretty much always—a less expensive option than going with a VPN tool. This is because it is software defined. You are buying the software and loading it up wherever you want. The cost of the users is pretty insignificant as well, so this is going to be not only more secure and easier to manage, but less expensive than any of those alternatives.
We are spinning up most of our new applications in containers. Is DxOdyssey still an option?
Absolutely, this is a great way to connect your different containers together, or connect other users and applications to containers.
How many clients can go through a DxOdyssey tunnel?
We don’t have a restriction on number of clients. It is just going to depend on the resources on that box.
Does it still work if my gateways have no access to the Internet?
No, your gateways as well as your remote users need to have access to the public Internet in order to work with the software. That’s because they need to be able to go out and talk to the matchmaking service briefly to find their peers and connect to them. Without Internet access, your gateways won’t be able to connect to one another.
Does the trial software have full functionality, and how long is the trial license valid for?
The trial software is fully-featured. How these trials work is we can grant you access to our client portal to find download links, license key, and other documentation like the admin guide. The trial period is 30 days, which is typically plenty of time for people to run the tests they want to run.
Do the clients need to install something on their machine to access the tunnels?
It depends. The reason it depends is because you can have an architecture in which on-premises users do not need to install DxConnect. (See diagram below) In this example, I have two different sets of users. One is a local user who is on the same network as one of my gateways. In that case, the user does not need to install anything additional to access that tunnel. They can just connect locally to the origin gateway and that will be tunneled to the destination wherever it happens to be. If I have a remote user who is not local to any of the gateways, they do have to install DxConnect.
What is the gateway capacity?
Again, we don’t add any sort of restriction to what a gateway can do. It is really just dependent on the hardware of the gateway itself.
Does DxOdyssey support IPv6?
We have a direct link between sites and to our public cloud deployment today, so would we still need something like this?
If you have a direct link you can absolutely layer this on top of the link to provide a higher level of granularity and greater security for that particular link.
How are you administering the gateways/routers?
As far as an admin of the gateways, you can use the UI like I did in the demo, but we also have the means to control them via the command line or via PowerShell. We also have some deployment script templates available that you can use to spin up gateways, add users, add groups, add tunnels, and all that sort of stuff just by scripting it out. So, if you have a lot of gateways you need to spin up, rather than clicking through like you saw me do in the demo, you can just script it all out and it just pops out all the settings that you put into the configuration file.
How would you generally size the gateways? I know you can scale up or out, but I’m not sure where to start.
We generally say to start with a server machine that has about 3.5 gigs of RAM. That will be a good starting point for you, and you can see how it performs. If you think about the performance and typical sizing of a VPN router, 3.5 gigs of RAM is already going to be more than most of those provide out of the box anyway.
Hopefully this content has given you some additional insight into how DH2i’s DxConnect technology really allows organizations to embrace the open road. Ensuring the highest level of security for remote connections is imperative for ongoing business success.
Please let us know if you have any questions about DH2i or the content of this webinar at firstname.lastname@example.org. You can watch the full webinar on-demand here or, you can also sign up for a free trial of DxOdyssey and DxConnect at https://dh2i.com/trial/.